As we become more comfortable with sharing ourselves on the ‘social web,’ we’re revealing a lot of valuable information about our interests, preferences and social connections, and it’s strewn across the web in many different 3rd party silos. One slice of me may be at home on Facebook, another segment of relationships and topics I follow are on Twitter, my online buying habits are known by Amazon and eBay, and a range of companies unknown to me are tracking the ‘digital exhaust’ I leave as I visit websites and travel around the web. There is a growing recognition of the value of all this data to assist us in decision-making, and a concern about who owns it currrently and what’s being done with it. According to a recent W3C report, there are at least 4 main issues that arise when our data is trapped in 3rd party walled gardens:1. Portability – The option of taking my personal information and social connections with me across any platform or marketplace is unavailable to me, so I’m forced to reenter and duplicate my data over and over again on different websites.

2. Identity – Instead of having a federated identity that is secure and interoperable across any website, I have an overwhelming (and growing) amount of usernames, passwords and accounts, making my online identity fractured and fragmented.

3. Linkability – People may be mentioning me or sharing photos of me on networks in which I am not a member, making that information invisible to me.

4. Privacy – Once I upload or add content to a site, I have no way of controlling the context of how it’s shared or creating permissions for what can be done with it.

In light of these concerns, I’ve been exploring the emerging tools and solutions for personal data ownership, unified online identity, and a federated social web that puts the user at the center of their online experience.

One of the recurring themes I’ve seen is the call for “personal data stores” or “personal data lockers.” This is the idea of a database that would store all of your personal information. The range of its functionality varies, but here is a comprehensive overview of what it could entail (from Mydex site):

  • Data Storage – a single access point for my information that is currently scattered
  • Data Management – a toolset for analyzing and understanding what my data means
  • Data Sharing – the ability to choose how to share my information and with whom
  • Data Collection – the ability to track my purchases, preferences, and activities
  • Verifications – the ability to authenticate sensitive information generated by 3rd parties
  • Identity Assurance – the ability to prove I am who I say I am
  • Privacy Management – my info has a privacy setting determined by me, not organizations
  • Manage Permissions – deciding the communication channels between me & my contacts
  • Express Interests & Intentions – the ability to announce what I want to buy, do or access
  • Plan & Implement Projects – a life management system for how I use my info over time

Below is a list I’ve been assembling of startups, open source projects, organizations, and standards that are defining what this next stage of the web will look like, where individuals are empowered by the ownership and understanding of their data and ability to verify identity. I’ve done my best to organize these, but am open for suggestions of how to arrange the list more usefully. And as always, if I’ve missed some vital information, please add to the comments section and I’ll keep the post updated.

Certification Services for Identity AssuranceHow do I know I can trust the identity, security, and privacy policies of the identity service provider?1. Open Identity Exchange - Open Identity Trust Framework provider
2. Kantura Initiaitive: Identity Assurance Certification

Identity Verification & Management3. Ping Identity - provides identity management services for corporations
4. tru.ly – provides users with a single, verified identity on the internet
Personal Data Stores / Data Vaults5. Data Inherent – online safes from Switzerland offering individuals around the world highly secure online storage for passwords and all types of digital documents

6. Global LockBox - stores your content and provides easy ways to use, share and exchange it with others

7. LifeCellar – allows you to store and protect important documents like insurance, taxes, travel, wills, trusts, real estate documents, and policies

8. Mydex - A Personal Data Store is a service for individuals that helps them collect, store, manage, use and share their own personal data for their own purposes.

9. MyPersonalVault – store vital documents like bank account info, health records, insurance policies, wills, digital media

10. PAOGA – range of products; A secure Personal Data Store that allows individuals to own and manage their digital identity and personal information; personal info and identity verification; and a secure Digital Document Exchange to create, manage and digitally sign electronic documents

11. wayID – give anyone your wayID, and they have instant access to the information you want to share with them on any web-enabled device

Open Source Projects12. Project Higgins - – open source identity framework designed to integrate identity, profile and social relationship information across multiple sites, applications and devices using an extensible set of components.13. Project Danube - open source project to develop an XDI-based Personal Data Store – a semantic database for personal data which is controlled by the user. Applications on top of this database include the Federated Social Web and the selective sharing of personal data with organizations.

14. The Locker Project / Sing.ly – open source service for capturing one’s online ‘data exhaust,’ an individual’s online activity and behavior, currently collected by 3rd party advertisers

15. The Mine! Project - – open source project that enables people to own their data (content, relationships, transactions, knowledge) and arrange/analyze/share it according to their needs; also aims to be an infrastructure for solutions like self-defined identity, authentification, and data portability

16. Project Nori - interoperable personal data server (PDS) initiative to provide interoperable standards and reference documentation between multiple PDS implementations

Cloud-based17. eyeOS - open source cloud desktop with ability to develop web apps as if they were desktop apps, useable from a web browser18. Cloudo – access your personal data from any computer

19. Jolicloud – portable online desktop that provides a continous interface for managing your entire cloud across all your devices

20. Backupify – backup provider for cloud based data

Index & Search Your Data21. Greplin- personal search engine that indexes the info you create on different websites (Gmail, Twitter, Facebook) and allows you to search it.22. AOL Lifestream – track all your social network updates in one place

Sell Your DataCall it reverse marketing, these data stores specifically mention the benefits of controlling your personal data so that you can then sell your behaviors and purchasing intentions to companies.23. Allow - stop unwanted marketing, control which sectors or brands see your information, get rewarded for it

24. Azigo Data Wallet - – give you back control of your advertising profile so you can exchange it later for rewards

25. Personal - protect your online data exhaust and sell it back to advertisers

26. Statz – secure marketplace for individuals to manage and profit from selling their anonymous behavior and usage data to buyers in aggregated reports

Building Trust between Businesses and Individuals (VRM)Just as companies use Customer Relationship Management (CRM) tools for interacting with customers, Vendor Relationship Management (VRM) allows people to manage the relationships they have with companies.

27. TrustFabric – provides a way to selectively share personal information with vendors and service providers you buy from, (a better way to fill in forms), and to keep track of the information you have shared with them

Internet Infrastructure
28. CLOUD(Consortium for Local Ownership and Use of Data) – developing contextual markup language (CTML), a new Internet architecture language that positions people at the center or the web experience instead of webpagesSemantic Web

29. SIOC (Semantically-Interlinked Online Communities) – aims to enable the integration of online community information by providing a Semantic Web ontology for representing rich data from the Social Web in RDF

Contextual Networking30. connect.me safe personal networking, providing better context for social connections while putting users in control of their data, identity, and privacy
Interoperability Protocol for Applications31. Telehash – a new wire protocol for exchanging JSON in a real-time and fully decentralized manner, enabling applications to connect directly and participate as servers on the edge of the network

Projects in Concept Phase32. DiSo Project - an initiative to facilitate the creation of open, non-proprietary and interoperable building blocks for the decentralized social web; first target is WordPress33. EmanciPay – concept for a microaccounting system to track the digital content you consume and enjoy, combined with a mechanism to appreciate that content via micropayment

Below is a list assembled by the W3C Incubator Group, providing an overview of the technologies and standards currently in existence for realizing the vision of the Social Web. The gist here is that there will never be one framework everyone will agree upon, and in fact, it would limit innovation and decrease resilience of the system if that type of monoculture were a goal. Diversity is key. But, instead of having a series of silos and walled gardens on the web where information is trapped (i.e. – the current state of affairs), a truly federated Social Web can only emerge when there are open standards, allowing information to be interoperable across the entire ecosystem of platforms and applications.

Identity Standards

Users should be able to assign attributed to each of their online profiles and determine the way in which their identities are authenticated.

34. Mozilla Weave Project: Sync
35. OAuth
36. OpenID
37. WebID
38. Infocard
39. XAuth
40. SAML
41. Kantara Trust Framework

update: webfinger

Profile Standards

Users should be able to control multiple profiles, share and synchronize their updates, import their connections and applications across all accounts, and delete all profile information from an identity provider if/when they choose to leave the service.

42. XRD
43. VCard
44. FOAF
45. PortableContacts
46. OpenSocial

Social Media Standards

Users should be able to link directly to people, locations, or items, to track social media back to its source, to vet and verify the accuracy or reputation of the information, to know how the content is licensed, and be aware if consuming it would lead to a monetary fine or if usage would violate its copyright.

47. Tagging – TagCommons, rel:tag, NiceTag, CommonTag
48. Microformats
49. Open Graph Protocol
50. Payswarm
51. OExchange
52. The Semantic Web
53. SIOC

Privacy Standards

Users should be able to control their interactions with other entities – setting the permissions and access control of who gets to see what and how they are able to use that information.

54. P3P
56. AIR
58. Rule Interchange Format
59. Device APIs & Policy Working Group
60. Mozilla Privacy Icons
61. ODRL

Activity Standards

These architectures are for delivering content like status messages and updates in as near to real-time as possible.

62. XMPP
63. Atom & Pubsubhubbub
64. ActivityStreams
65. Salmon Protocol
66. OStatus

Decentralized Social Networking Projects

These are projects which allow users to run their own social web provider, keep their data where they want – even on their own server, and still interact with the rest of the Social Web.

67. StatusNet
68. GNU social
69. OneSocialWeb
70. Higgins Project
71. Diaspora
72. SMOB
73. Appleseed
74. OpenLink Data Spaces
75. Project Danube

And finally, here’s a roundup of the organizations and documentation worth bookmarking:

References, Resources and Organizations

76. Personal Data Ecosystem Consortium
77. Project VRM -
78. World Economic Forum Report: Rethinking Personal Data
79. Kantara Initiative
80. Identity Commons
81. OpenID Foundation
82. Information Card Foundation
83. W3C Federated Social Web Incubator Group
85. OW2 Open Source Cloudware Initiative
86. W3C Report: A Standards-based, Open and Privacy-aware Social Web
87. Projects interested in creating a federated social web
88. List of projects in development for a federated social web on GNU social

thanks to @PullNews, @dsearls and @identitywoman for reference lists

update: from the twittersphere:

- via @jeffsayre:

cloud storage: http://www.unhosted.org/

distributed microblogging: http://rstat.us/

distributed social networking: http://www.buddycloud.com/

- via @tek_fin:

digital identity certification platform: http://myid.is/

digital passport: http://www.miicard.com/

- via @tonyfish:

manage your online identity: http://claimid.com/

open source & open standard for identity/privacy/security: http://findmeon.org/

protect against identity theft & financial fraud: https://www.garlik.com/index.php

universal username/password for openID enabled websites: https://www.myopenid.com/

browser extension for login/forms: http://www.sxip.com/

OpenID providers: http://openid.net/get-an-openid/

manage online privacy and reputation: http://www.reputationdefender.com/

build and protect your personal brand: http://www.naymz.com/

build reputation so others can trust you: http://www.trustplus.com/

reputation/reliability/trust index: http://venyo.org/

show all your web profiles with a single url: http://www.socialurl.com/default.aspx

webpage that lists all your personal sites: http://www.zoolit.com/