The Identity Centric Framework

The tremendous work done by organisations such as the Oasis Group, Liberty Alliance and Open ID on specifications and standards for digital identity call for a profound transformation of the Internet, moving from the “Internet of documents” to the “Internet of Subjects.” In an Internet of Subjects, we don’t want our actions to be limited by existing social network services provided by a third party, we want to be able to create social networks on the fly, just like in real life —and undo them without losing any data. We also want to be able to keep in one place (possibly distributed), a place we own, all the publications, contributions and various artefacts and tracks generated during our Internet activities.

Publication mechanisms like trackback demonstrate that it is possible to publish a blog entry or a comment in a personal space to make it visible in another one, so if a specific aggregation of blog entries/comments is not supported anymore (let’s say that this instance of Blogger disappears), then the entries and comments will still be available in my personal space (today I use a Word copy as save). Of course, the use of trackback has been impeded by pirates trying to circumvent anti-spam software, but this general mechanism (or equivalent) could be revived and systematised in a trustworthy environment, using social computing to support reputation mechanism.

In order to give a genral framework for these reflections, I’ve come up with something named the “Identity Centric Framework” (ICF) with the intention to to codify a set of fundamental principles to which any identity architecture should conform to be universal and sustainable. This framework can be seen as a derivation of the Microsoft’s identity metasystemand laws of identity. The principles can be summarised by the acronym “ID TOUCH.”

A universal identity centric system should be:

  • Independent: it should be sovereign and independent from commercial or partisan interests; it should be based on the existence of multiple, competitive, operators and technologies.
  • Dependable: it should have a provision to guarantee that personal data are free from potential loss or theft as well as identity attacks.
  • Transparent: it should provide accurate reports and statistics on how one’s personal data is being used by third parties. It should also provide negotiation and discovery mechanisms for social interaction and data exchange.
  • Opaque: it should provide mechanisms to fine-tune external visibility of personal data, up to the point of total opacity and anonymity —except for legal or regulatory requirements. It should include encryption and other techniques to limit the risks of undesired disclosure.
  • Unifying: it should provide a seamless experience across contexts (e.g. healthcare, education, employment, leisure, mobility) and identities while keeping a clear separation between independent contexts and multiple identities.
  • Communal: Identity systems must recognise and exploit the social nature of identity. Mechanisms such as reputation and trust should be native features of identity systems.
  • Humanist: the underpinning values of an identity centric system is a humanist vision of technology refusing the reification of human beings and promoting an open and free society.

What have we learned from ePortfolio and Personal Health Records?

We have learned from ePortfolios and personal health records that:

  1. Being digital transforms the nature of documents and associated practices.
  2. By making people the managers of their personal data, the fragmentation of personal information is dramatically reduced, leading to an improved quality of communication across people, departments and institutions, as well as a better performance of the system as a whole.
  3. Giving people a sense of ownership of their personal data improves their understanding, self-esteem and ability to achieve their goals, as learner or patient.
  4. The separation of personal data records based on institutional boundaries (e.g. learning records and health records) are not relevant to the individual and is eventually counter-productive for the institutions.
  5. The nature of learners and patients is social, so is the contents of their personal records: patients records are evidence of performance of medical staff as individual ePortfolios evidence of performance of education staff, e.g. for quality assurance purpose. And profile data can be used to create communities of interests, lobbies and communities of practice.
  6. Experience shows that we cannot trust private or public organisations to host securely personal data. Despite all security measures, if one organisation is allowed to have massive amount of personal data, there always the risk that someone will loose a DVD in a train or sell the data on eBay.

The use digital technologies with portfolios or health records, has lead to a much greater transformation than the mere dematerialisation of documents. ePortfolios are not just paperless portfolios, nor are digital personal health records, paperless health records. Both are transforming the practice of their owners as well as that of the professionals working with them. When empowered with the management of their personal data, learners like patients tend to take more responsibility with their own learning or healing. Relationships with and among teachers / doctors are also transformed, as well as that with fellow learners / patients.

Moreover, personal health records can be viewed as some kind of learning records as patients need to learn new facts, procedures and reflect on their behaviour —and before being a patient, proactively maintain one’s own health and contribute to that of others. And for athletes, healthcare data are also evidence of their learning and material for reflecting.

From the point of view of the individual, there is no clear separation between a learning record and a healthcare record. They both are an aggregation of attributes, some of the attributes are common to both aggregations: for example, work patterns are of interest to doctors and dietary requirements useful to other than doctors —e.g. conference organisers…

In terms of privacy, publicity and security, both share the same constraints. There is a need to manage the level of privacy from totally private data, to data restricted to certain groups of people and professionals, up to publicly available records —e.g. qualifications / blood type. But we cannot allow that organisations, private or public, host massive amount of personal data on a server without being under a strict control of individuals and making the massive export of data impossible to achieve or exploit —e.g. by making each individual record jammed with individual real-time encryption keys provided with the informed consent of individuals (with a ‘break the glass’ policy, if the principal is unconscious, something addressed by TAS3).

Just like patients have to deal with different professionals at different points in time, learners and workers have to deal with a number of different institutions. One can be working as an IT professional in a company, be a member of an IT professional body like the British Computer Society, teach at a university and provide support to local businesses, all this contributing to his/her identity as ‘IT professional’. The way systems are set today, this IT professional will have a number of accounts, at best federated, dealing with the idiosyncrasies of various information systems to keep-up with his/her personal data. His/her identity will be fragmented.

While current implementations of federation of identities and services allow one person to unify a number of fragmented accounts, an Internet architecture “subject centred” should allow one person to have a unified account (a kind of ‘digital safe’) that would be used in a number of different transactions. For example, I would have one ePortfolio repository and each of the different institutions I am interacting with would pull/push data from/to this repository (probably distributed, for security reason) encrypted by one or more public key.

A subject centred Internet should allow us to regain control on how our personal data are being stored, accessed and managed.

From digital identity to socially connected free subjects

While the tools and architectures developed to support digital identity as a means of managing access to data (authorisation, authentication) and ensure that the policies attached to those data are being enforced (privacy, preventing identity theft), the general architecture of the Internet has not fundamentally changed. Federated identities (single sign on) and federated services (sharing identity attributes across domains) mark undoubtedly a progress for end-users as well as service providers. On the Internet, a space where there is no real face to face, it is now possible to establish a level of trust similar to that of the real world —including the possibility of being deceived or stolen… The translation in the cyberspace of real-life documents (identity cards) and practices (authorisation and authentication) could be described as the result of an assimilation process, a first order change.

Although, to a certain extent, we have been able to replicate in the cyberspace the documents and behaviours required for managing access to personal data —and a number of initiatives, like TAS3, are working on technologies that will increase the level of trust in transactions involving personal data— we are still far away from an Internet that could be qualified as Internet of subjects. Digital identity technology is only part of the solution that will fully empower individuals as active subjects of the Internet.

If we want to fully exploit the benefits of an ‘Internet of subjects’ based on the free association of self-conscious and self-controlled connected identities, a second order change is required. While this second order change will most likely build on the technical foundations led by consortia such as the Oasis Group, Liberty Alliance, OpenID and Open Social, the full power of these foundations need to be expressed within a new conceptual framework, a conceptual framework for digital subjects.

The emergence of socially connected digital identities

While we might be decades away from the ‘Internet of objects’ promised by IPV6, the ‘Internet of People’ is already there and strong, demonstrating the power of technology to transform the way we think, learn, work, collaborate, do business, entertain and plan our future. People are now acting subjects of the Internet, transforming the Internet for people and organisations to the Internet of people. We are moving away from an Internet where individuals were treated as mere objects to an Internet where they are acting social subjects. The reification process of the human being by technology was not our fate.

The central role individuals now play in the Internet, calls for a radical rethinking of its organisation, in particular, the way the ever-increasing flow of personal data is being created, stored, connected, accessed, protected, exploited and managed.

The growing use of the Internet leading to the accumulation of personal digital records, their sheer number, scope and diversity leads to the emergence of what is now commonly referred to as ‘digital identity’ or ‘eSelf.’ Generated as the result of individual’s behaviour, the digital identity is becoming a key component for self-awareness and social interaction for the reflective learner, professional and citizen who are contributing to inventing the 21st century civilisation.

The socially connected digital identity will be the pivot of tomorrows Internet architecture. The Internet of free subjects, where we are in full control or our identity, is the promise of a technological revolution of great magnitude.

For a massive use of UID

Interoperability is a key issue for the future on the Internet, and there are many different approaches to it: metadata and data model standards, web services, semantic web. What EIfEL has decided through the creation of EventFolio is to explore is another approach, based on the following idea:

– a life is a succession of events, and these events are linked to people, documents and a number of contextual information, like the theme of the event, the subjects being addressed. Now imagine that each event is tagged with a unique identifier (UID) and that all the elements linked to this event are tagged with this UID. Let’s say that you attend a workshop on interoperability with 25 other people in Caen (France) and that you ‘tag’ the name of the people (or more precisely the profile pointed by a URI where (one of) their ID is being stored) as well as the metata ‘interoperability’ as well as the city of Caen and  the date in the calendar.
Then imagine that this is done systematically for every event we generate or contribute to. It would then be easy for me to retrieve the list of the people who attended this event (if they kept the UID in their profile and if they accepted me as a viewer of this information). And of course, if this technique is massively used, then it would be easy to find the people with specific interests, create life stories (eportfolios) automatically, etc.

In this model, we don’t simply use tags to enrich a document or a profile, but a UID that connects me to a subject and to other people.
Of course, as we are dealing with personal data. there is a need to enforce privacy. The way we want to address this is through the creation of a foundation.
If you are interested to know more, don’t hesitate to contact us.

ePortfolio and Digital Identity….and Google birthday… still a long road for digital identity…

For its tenth birthday, Google has put in place a tool to do research with results such as how they look like in 2001.

Take a look at results of a search on ePortfolio and learning or ePortfolio and resume or how EIfEL looks like in 2001.

More seriously we are seeing here the risk for user personal identity if organisation such as Google is able to conserve/backup indexes for further use (this one as up to 1,326,920,000 web pages indexed) !!! How could I really manage my own digital identity ??

For example you could do backward research on other digital identity, look at Serge Ravet, CEO of EIfEL , fortunately for us the first result link Serge with… NVQ ! 😉
(I’ve tried with my name but I’ve seen that I was not born digitaly in 2001, even in French :))

But others could have less chance if a recruiter or his manager use this…

In our concept of user centric ePortfolio managed by the ePortfolio owner himself we are seeing here the need of concept such as IDentity Governance. Liberty Alliance is digging on this as well as european project such as TAS3 but even if technically we could imagine to put in place in a short future concept such as “Identity Watchdog” as we need also to be present on the web (so be part of Google) we clearly have to help students and future generations to better understand this issue and take care of their own digital identity…

New Liberty Alliance Group Focuses on Identity Management in the Education and Human Resources Sectors chaired by EIfEL

EIfEL is please to announce its participation in this new Liberty special interest group that will help to foster adoption of Europass initiative with support of privacy and digital identity !
The launch meeting will take place in Maastricht on 22nd October afternoon.


PARIS, October 15 /PRNewswire/ —
– Public Group Targeting Interoperability Across Education and HumanResources Applications and Services

Liberty Alliance, the global identity community working to build a more trustworthy Internet for businesses, governments and people worldwide, today announced the launch of the public Liberty Alliance Human Resources and Education Special Interest Group (SIG). The goal of the group is to foster interoperability, security and user privacy across online identity-enabled solutions in the global education and human resources sectors. The HumanResources and Education (HR-EDU) SIG will hold its first public face-to-face meeting on October 22 at the ePortfolio & Digital Identity 2008 conference in Maastricht, the Netherlands.
Members of the SIG include representatives from EIfEL, Entr’ouvert, EuroCV, IMS Global, iProfile.org, the French Ethics & Recruiting Association, the French Recruiting Syntec Syndicate, the OpenID European Foundation, Stepstone, Symlabs, Synergetics, 3s Unternehmens-beratung GmbH and the University of Kent. The group is working to advance the adoption of proven interoperable, secure and privacy-respecting Liberty Alliance specifications in education and human resources, and collaborating with other communities and specifications bodies to promote open standards and best practices fordigital identity management in the education and human resources sectors.
According to Marc Van Coillie, CTO with EIfEL and chair of the new Liberty Alliance HR-EDU SIG, “The formation of the new Liberty Alliance group marks an important milestone in bringing the education and human resources industries together to foster interoperability across online applications and services.”

About the Liberty Alliance HR-EDU SIG
Liberty Alliance members form special interest groups to solve regional, national, international and vertical-specific identity management challenges. The Human Resources and Education SIG is Liberty Alliance’s ninth open-to-the-public special interest group. During the October 22 face-to-face meeting members of the HR-EDU SIG will establish priorities for advancing interoperability and data portability among education and human resources applications. All individuals and organizations in the data portability, identity management, education and human resources sectors are encouraged to attend this public event.

More information about the HR-EDU SIG, including how to join the group’s mail list and how to register for the October 22 meeting, is available by visiting the group’s wiki at:
http://wiki.projectliberty.org/index.php/HR-EDU_SIG

CONTACT:
English: Russell DeVeau russd@projectliberty.org
French: secretariat-hr-edu-sig@projectliberty.org
Liberty Alliance

The ePortfolio is dead? Long life to Digital Identity! (2)

In a previous post (The ePortfolio is dead? Long life to Digital Identity! (1)) I expressed the idea that a fully developed ePortfolio is in fact a digital identity and that most of the so called ePortfolios are little more than paperless portfolios. What I would like to do in this post is reflect on (some of) the consequences in terms of technologies and solutions and respond the the questions: do we still need ePortfolio Management Systems (ePMS)? Or, formulated differently, do we need to replace ePMS with DIMS (Digital Identity Management Systems)?

First, I would like to reassess something that I’ve been repeating for some time now and formulated in a position paper: there is a general misunderstanding on the difference between ePortfolios (which belong to individuals) and an ePortfolio management systems (which belong to organisations) — here I use ePortfolio in the restricted sense of the term, not as synonymous to digital identity. In order to create you own digital portfolio, you can do a simple bricolage using any kind of digital tool, from a simple blog to a sophisticated website publisher.

The limit of bricolage appears quickly when a certain level of management is required:

  • exchanging data with a potential employer or a job board (having a portfolio HR-XML compliant will be a necessity)
  • managing a large number of ePortfolios in an institution or in processes requiring quality control — think of the NVQs (National Vocational Qualifications in the UK) where nearly 500,000 qualifications are delivered each year on the basis of a portfolio — and a growing number of ePortfolios

If the level of management required is for a small group then a simple RSS aggregator (many tools provide RSS feeds) might be sufficient to monitor the changes in almost real time. If you need to manage multiple level of accesses (for parents, teachers and pupils in schools, for peers, colleagues and managers in a company) then a bricolage might not be effective. If you live in the UK and you have some responsibilities in the field of National Vocational Qualifications (NVQs), a bricolage is definitively not an option if you care for quality control and are costs conscious.

I see a bright future for ePortfolio platform providers. Organisations, regional authorities will need tools to facilitate the management of large cohorts of pupils, students or employees, they will require software solutions dedicated to the management of specific documents (portfolios) and processes.

I see an even brighter future for DIMS (Digital Identity Management Systems). Just have a look at current social software (Gaia online, FaceBook or Linkedin) and you might have a hint of what I mean…

About ePortfolio standards (2) – Reflexion

I indicated in a previous post that although a number of actors are involved in the design of open standards, the mere implementation of open standards is not enough to ensure interoperability. Two systems can be based on the same ‘base specification’, yet be unable to exchange information. In order to solve the issue of information portability across systems using different specifications we designed for our members the CVT, a Web-service which makes it possible to translate one CV format into another format. Of course, in the translation, part of the information might be lost or demoted, in particular if the target format is semantically poorer than the source. The ability to translate data from one format into another leaves a lot of space for innovation in future standards.

How will specification and standards evolve?

I do not know in details where IMS intends to go with its current review of IMS ePortfolio specifications, but at this stage I believe that, at least for an employability ePortfolio, HR-XML specifications seem more mature as they profit from a much larger number of real-life implementations and existing certified HR solutions. On the other hand, HR-XML standards are just one element of a global interoperability framework. And such framework should take into account other standards, beyond those used in the education and academic worlds.

With emerging specifications like OpenSocial or Atom, I believe that it should be possible to design relevant interactions across heterogeneous systems. For such a framework there is a number of specifications that should be to studied:

  • Social networks and social computing — FOAF (Friend Of A Friend, XFN (the micro-format version of FOAF), OpenSocial and Liberty Alliance People Service. ePortfolios are a the result of a social construction.

 

  • Data representation — such as social graphs, mindmapping, heuristic chart and concept mapping can be extremely useful to provide meaningful eportfolio user interfaces. We need to better exploit the potential of RDF, OWL, TopicMaps, DotML, etc. as well as meta-data ( DublinCore) data aggregation (RSS and Atom) and people representation (HR-XML, IMS and hResume).

 

We should also take into account the issue of trust and privacy, i.e. secured access to personal data. For example, while the IMS ePortfolio framework allows the exchange of zipped packages of personal data, mainly for backup and import of whole ePortfolios into ePortfolio Management Systems, there is no real provision for sharing dynamically ePortfolio parts nor for protecting data privacy. This should be changed if we want ePortfolio take-up.

This is precisely what we are trying to address with the CV Universel (Universal CV) where the framework to exchange of ePortfolio parts is based on a HR-XML description of personal data transported on a Liberty Alliance Layer. In a next future, should also explore the opportunity to use OpenID 2 specifications.

About ePortfolio standards (1) – a rapid state of art

I would like to take the opportunity of a colleague’s request about ePortfolio standards and interoperability, to present EIfEL views on this issue.

Today, even if few ePortfolio suppliers are engaged in the implementation of existing specifications, those doing it generally do so within the context of a specific community, using what is called application profiles, i.e. an adaptation of a base specification to the particular requirements of this community. This adaptation adds a level of complexity to the issue of interoperability, as different application profiles of the same base specification do not necessarily interoperate…

The following list presents a series of application profiles that have been tested during previous ePortfolio plugfests organised by EIfEL:

  1. Employability ePortfolio (NL) is based on IMS ePortfolio (which includes IMS Learner Information Profile — IMS LIP). There is a discussion whether in the future the profile should rather be based on the next HR-XML V3 specifications which should cover ePortfolios.
    Compliant Solutions: eXact Folio (Giunti), Winvision.
  • UK Leap (UK) is based on IMS LIP (which is more restrictive than IMS ePortfolio). Even if this profile has been formerly standardised by the British Standards Institute (BSI) it does not benefit, yet, from an extensive implementation. A reflexion is engaged for a UK Leap Version 2 but it is not clear whether it will still be based on IMS LIP.
    Compliant Solutions: PebblePad, ePet (University of Newcastle).
  • HR-XML application profiles — there are a number of HR-XML application profiles dedicated to specific communities:
    • iProfile (HR-XML CV profile), is implemented by SkillsMarket in UK, which hosts more than 2 millions CVs for recruiting agencies.
    • GermanCV (HR-XML CV profile) is used by job boards in Germany.

     

  • HR-XML Europass CV (EU) is a binding of Europass (a European CV format) using HR-XML specifications as well as external competencies definition based on IEEE RDC. Support of the European Language Portfolio is also under discussion. The work done by EIfEL in this area has contributed to address the needs specific to ePortfolio not yet covered by existing HR-XML specifications to elicit new requirements for the next HR-XML V3 specifications.
    Compliant Solutions : ePet (University of Newcastle), Eurocv.eu, Kite, CVUniversel / Universal CV (the implementation has just started, and a presentation will be made during the next ePortfolio & Digital Identity conference in Montréal)
  • hresume microformat — It is used for LinkedIn public profiles (several million users). Microformats are a bottom-up alternative to XML standards (microformats can be defined and implemented by end users without the burden of standardisation bodies.

So far, I’ve just described data formats, but if you believe, like EIfEL, that ePortfolios are more than data and that they contribute to one’s digital identity, then it should be necessary to take into account what is happening in the field of social networks and social computing, Web 2.0, the emergence of new types of job boards, etc. Moreover, if you take into account the difference between individual ePortfolios (that could be developed with any kind of tools) and ePortfolio Management Systems (ePMS) that institutions need to manage a number of ePortfolios for specific processes, then a number of additional emerging standards should be taken into account.

  1. Identity Management such as Liberty Alliance federation of identities and services, OpenID or CardSpace will play a central role in the seamless exchange of information across services used by ePortfolios.
  • Interoperability frameworks such OpenSocial (used by Google, Plaxo, etc.) and Dataportability.org are emerging and open a new kind of door to the exploitation and sharing of personal in a professional perspective.

This is just a rapid overview of ePortfolio-related standards. In the next posts, we will go into more details to open the discussion on the future requirements for ePortfolio standards and interoperability. The conversation will also take place during the next Montréal conference.

NB: for all those who would like to know more about the subject of interoperability while being refrained by its technical nature, I would like to encourage you to go beyond your inital reticence. The lack of interoperability is generally more the result of misunderstanding or lack of human will rather than the lack of understanding of technical details or technical issues. We need You!