2. Identity – Instead of having a federated identity that is secure and interoperable across any website, I have an overwhelming (and growing) amount of usernames, passwords and accounts, making my online identity fractured and fragmented.
3. Linkability – People may be mentioning me or sharing photos of me on networks in which I am not a member, making that information invisible to me.
4. Privacy – Once I upload or add content to a site, I have no way of controlling the context of how it’s shared or creating permissions for what can be done with it.
In light of these concerns, I’ve been exploring the emerging tools and solutions for personal data ownership, unified online identity, and a federated social web that puts the user at the center of their online experience.
One of the recurring themes I’ve seen is the call for “personal data stores” or “personal data lockers.” This is the idea of a database that would store all of your personal information. The range of its functionality varies, but here is a comprehensive overview of what it could entail (from Mydex site):
- Data Storage – a single access point for my information that is currently scattered
- Data Management – a toolset for analyzing and understanding what my data means
- Data Sharing – the ability to choose how to share my information and with whom
- Data Collection – the ability to track my purchases, preferences, and activities
- Verifications – the ability to authenticate sensitive information generated by 3rd parties
- Identity Assurance – the ability to prove I am who I say I am
- Privacy Management – my info has a privacy setting determined by me, not organizations
- Manage Permissions – deciding the communication channels between me & my contacts
- Express Interests & Intentions – the ability to announce what I want to buy, do or access
- Plan & Implement Projects – a life management system for how I use my info over time
Below is a list I’ve been assembling of startups, open source projects, organizations, and standards that are defining what this next stage of the web will look like, where individuals are empowered by the ownership and understanding of their data and ability to verify identity. I’ve done my best to organize these, but am open for suggestions of how to arrange the list more usefully. And as always, if I’ve missed some vital information, please add to the comments section and I’ll keep the post updated.
Certification Services for Identity AssuranceHow do I know I can trust the identity, security, and privacy policies of the identity service provider?1. Open Identity Exchange – Open Identity Trust Framework provider
2. Kantura Initiaitive: Identity Assurance Certification
4. tru.ly – provides users with a single, verified identity on the internet
6. Global LockBox – stores your content and provides easy ways to use, share and exchange it with others
7. LifeCellar – allows you to store and protect important documents like insurance, taxes, travel, wills, trusts, real estate documents, and policies
8. Mydex – A Personal Data Store is a service for individuals that helps them collect, store, manage, use and share their own personal data for their own purposes.
9. MyPersonalVault – store vital documents like bank account info, health records, insurance policies, wills, digital media
10. PAOGA – range of products; A secure Personal Data Store that allows individuals to own and manage their digital identity and personal information; personal info and identity verification; and a secure Digital Document Exchange to create, manage and digitally sign electronic documents
11. wayID – give anyone your wayID, and they have instant access to the information you want to share with them on any web-enabled device
14. The Locker Project / Sing.ly – open source service for capturing one’s online ‘data exhaust,’ an individual’s online activity and behavior, currently collected by 3rd party advertisers
15. The Mine! Project – – open source project that enables people to own their data (content, relationships, transactions, knowledge) and arrange/analyze/share it according to their needs; also aims to be an infrastructure for solutions like self-defined identity, authentification, and data portability
16. Project Nori – interoperable personal data server (PDS) initiative to provide interoperable standards and reference documentation between multiple PDS implementations
Cloud-based17. eyeOS – open source cloud desktop with ability to develop web apps as if they were desktop apps, useable from a web browser18. Cloudo – access your personal data from any computer
19. Jolicloud – portable online desktop that provides a continous interface for managing your entire cloud across all your devices
20. Backupify – backup provider for cloud based data
24. Azigo Data Wallet – – give you back control of your advertising profile so you can exchange it later for rewards
25. Personal – protect your online data exhaust and sell it back to advertisers
26. Statz – secure marketplace for individuals to manage and profit from selling their anonymous behavior and usage data to buyers in aggregated reports
27. TrustFabric – provides a way to selectively share personal information with vendors and service providers you buy from, (a better way to fill in forms), and to keep track of the information you have shared with them
28. CLOUD(Consortium for Local Ownership and Use of Data) – developing contextual markup language (CTML), a new Internet architecture language that positions people at the center or the web experience instead of webpagesSemantic Web
29. SIOC (Semantically-Interlinked Online Communities) – aims to enable the integration of online community information by providing a Semantic Web ontology for representing rich data from the Social Web in RDF
Below is a list assembled by the W3C Incubator Group, providing an overview of the technologies and standards currently in existence for realizing the vision of the Social Web. The gist here is that there will never be one framework everyone will agree upon, and in fact, it would limit innovation and decrease resilience of the system if that type of monoculture were a goal. Diversity is key. But, instead of having a series of silos and walled gardens on the web where information is trapped (i.e. – the current state of affairs), a truly federated Social Web can only emerge when there are open standards, allowing information to be interoperable across the entire ecosystem of platforms and applications.
Users should be able to assign attributed to each of their online profiles and determine the way in which their identities are authenticated.
34. Mozilla Weave Project: Sync
41. Kantara Trust Framework
Users should be able to control multiple profiles, share and synchronize their updates, import their connections and applications across all accounts, and delete all profile information from an identity provider if/when they choose to leave the service.
Social Media Standards
Users should be able to link directly to people, locations, or items, to track social media back to its source, to vet and verify the accuracy or reputation of the information, to know how the content is licensed, and be aware if consuming it would lead to a monetary fine or if usage would violate its copyright.
47. Tagging – TagCommons, rel:tag, NiceTag, CommonTag
49. Open Graph Protocol
52. The Semantic Web
Users should be able to control their interactions with other entities – setting the permissions and access control of who gets to see what and how they are able to use that information.
58. Rule Interchange Format
59. Device APIs & Policy Working Group
60. Mozilla Privacy Icons
These architectures are for delivering content like status messages and updates in as near to real-time as possible.
63. Atom & Pubsubhubbub
65. Salmon Protocol
Decentralized Social Networking Projects
These are projects which allow users to run their own social web provider, keep their data where they want – even on their own server, and still interact with the rest of the Social Web.
68. GNU social
70. Higgins Project
74. OpenLink Data Spaces
75. Project Danube
And finally, here’s a roundup of the organizations and documentation worth bookmarking:
References, Resources and Organizations
76. Personal Data Ecosystem Consortium
77. Project VRM –
78. World Economic Forum Report: Rethinking Personal Data
79. Kantara Initiative
80. Identity Commons
81. OpenID Foundation
82. Information Card Foundation
83. W3C Federated Social Web Incubator Group
85. OW2 Open Source Cloudware Initiative
86. W3C Report: A Standards-based, Open and Privacy-aware Social Web
87. Projects interested in creating a federated social web
88. List of projects in development for a federated social web on GNU social
thanks to @PullNews, @dsearls and @identitywoman for reference lists
update: from the twittersphere:
– via @jeffsayre:
cloud storage: http://www.unhosted.org/
distributed microblogging: http://rstat.us/
distributed social networking: http://www.buddycloud.com/
– via @tek_fin:
digital identity certification platform: http://myid.is/
digital passport: http://www.miicard.com/
– via @tonyfish:
manage your online identity: http://claimid.com/
open source & open standard for identity/privacy/security: http://findmeon.org/
protect against identity theft & financial fraud: https://www.garlik.com/index.php
universal username/password for openID enabled websites: https://www.myopenid.com/
browser extension for login/forms: http://www.sxip.com/
OpenID providers: http://openid.net/get-an-openid/
manage online privacy and reputation: http://www.reputationdefender.com/
build and protect your personal brand: http://www.naymz.com/
build reputation so others can trust you: http://www.trustplus.com/
reputation/reliability/trust index: http://venyo.org/
show all your web profiles with a single url: http://www.socialurl.com/default.aspx
webpage that lists all your personal sites: http://www.zoolit.com/
Salvatore D'Agostino said:
There are a few significant ones missed here. In particular Personal Identity Verification (PIV) which is the standard for US government employees and contractors. http://csrc.nist.gov/groups/SNS/piv/index.html The related PIV Interoperability (PIV-I) which expands this to private industry. http://www.idmanagement.gov/documents/PIV_IO_NonFed_Issuers.pdf A number of the organizations you mention also fall under the wider rubric of the Trust Framework Provider Adoption Process (TFPAP) http://www.idmanagement.gov/documents/TrustFrameworkProviderAdoptionProcess.pdf Also related is the Federal Identity, Credential and Access Management (FICAM) initiative http://www.idmanagement.gov/documents/PIV_IO_NonFed_Issuers.pdf and its related effort in states under the auspices of the National Association of State CIOs http://www.nascio.org/committees/digitalID in fact the list goes on from what is taking place in the US to a wide range of efforts in the European Community, in Asia and other locations, I am sure when you add these others in the total goes well over 100. A starting point for the EU references can be found at http://www.enisa.europa.eu/act/it/eid
susan morrow said:
Don’t forget UMA – the User Managed Access project under Kantara:
This project offers a user centric approach to the sharing of content online and gives the individual the power to control who accesses their data
Salvatore D'Agostino said:
Sorry, wrong ICAM link, its actually here http://www.idmanagement.gov/drilldown.cfm?action=icam
Blaine Cook said:
You might also want to include webfinger, which is a critical part of making all of the federated social web tools (and I would argue any of the tools you list here) work for non-developers. It’s disappointing that so many of these tools completely ignore questions of usability and naming. If we can’t agree on naming, then we have no hope.
The fact that you used Twitter IDs at the end of the post is kind of telling.
Venessa Miemis said:
under which section should i put webfinger?
re: twitter IDs…. the fact that twitter IDs are used is kind of telling of what?
this blog runs for free on a wordpress.com theme. i guess they chose login options?
Blaine Cook said:
webfinger should probably go in identity standards. 🙂
Using Twitter IDs means that none of the solutions above provide usable identifiers. Ten years of research, and our best way of pointing to other people are Twitter-proprietary usernames. That’s problematic (and the problem that webfinger aims to solve).
Venessa Miemis said:
k, updated, thanks
http://friendika.com/ is a OStatus based social network software
Joe McCarthy said:
This is a fabulous collection of resources. I don’t know if this would meet your criteria, but I noticed that about.me (“a custom profile & personal analytics dashboard”) was omitted from your list.
I agree with Blaine’s points about the importance of usability – the predominant 1-click paradigm of the web promotes convenience over privacy and security – and the huge problem of naming and namespaces, which probably looms larger for someone with a name like mine; for example, who gets the [federated] name “Joe McCarthy”?
I am also in general agreement about the benefits of users having more control over our increasingly valuable data, especially with respect to better decision-making, and the personal costs of limited access to our data.
However, I also keep coming back to the pithy observation “If you are not paying for it, you’re not the customer, you’re the product being sold”.
I don’t know how many of these examples include viable economic models, but I do wonder how a large scale, federated identity system would be sustained … and if people are not willing to pay for the service, how such a system could generate sufficient revenue to cover its costs (if not produce profit) … without resorting to [something like] targeted advertising … potentially starting the cycle again.
Venessa Miemis said:
re: large scale, federated identity system
the thing that keeps coming up in my mind is the creation of some type of global commons-owned legal entity that is supported/sustained by each user.
Kurt Laitner said:
Perhaps we can accomplish a distributed identity system without a third party accreditation or trust certificate issuer? identity is also more complicated than ‘Joe Smith’ though the biological person is an interesting grouping of identity, there are others. Think of multiple identities within one person (joe@work, joe@play), or a sub identity may merge with sub identities of other biological persons to form an identity to some other third party (@symbionomics) (think corporation as ‘person’ but more fluid).
So I suppose I am making two main points. One is that identity is more than validating a token corresponds to a bio person and that bio person is only that token. The other point is that I am not convinced we need a centralized certification authority to say joe smith is jsmith and only jsmith (commons owned or not), or for that matter that ‘wildcat’ is a bio person and only one bioperson, part of that bio person or is a blend parts of several bio persons. All of that information is very interesting, but not necessary in order to interact with ‘wildcat’. In fact assertions about identities may need to be stronger for things like transactions and weaker for ‘drive by comments’ such as this, but still don’t need to correspond to bio persons.
Multiple identities become problematic when they interact with third parties in a given context where a third party is unaware they are in fact two facets of a single identity. Think of the gaming of crowd sourcing sites using multiple identities, or the recent rumors of DoD using talking heads to astroturf. This is a key problem worth solving.
I expect going forward we will need to know that a named entity is itself (is this the token you speak of?), and that this identity is stable over time in a context (is this the same token I spoke to last time) and unique within a context (is this token different from that token?). The contextual nature of identity precludes the need for the mother of all identity systems (in fact that MOAIS might be very much to be avoided). Federation of identities should be provided as a service by the owner of the identities. While the owner of multiple identities may wish to federate them, they may also wish that others cannot federate them, or they may wish to permit specific parties to federate portions of them. (Shades of privacy now).
Back to basics, the need for stable identities is that relationships are based on them, trust is dependent on them (even if some will argue that past behavior does not in any way guarantee future behavior), and transactions depend on them.
There are few contexts that require that we have a stable bio-person-linked identity.
Bio-person identity is important to governments and banks. Our legal frameworks are currently designed around bio persons and the permissible fake person, a corporation. Identity will need a new legal framework as it becomes fluid.
As mentioned elsewhere, commons law is also problematic due to the private property basis of current law.
Small constitutional and legal framework issues 🙂
Another interesting question, can identity be derived or inferred rather than asserted? If I changed my online name and continued interacting with Vanessa, would she become aware that Kurt Laitner and ignoble were the same person? If Vanessa can do this, can an algorithm do it? If a system were to do this, how many ‘personas’ would it find for each of us? Would our mood create different personas? Are these real? useful?
Venessa Miemis said:
i love that people don’t leave comments here… they leave blog posts. 😉
(you know i love it)
but yeah, i hear what you’re saying. i don’t believe there needs to be the One Identity to Rule Them All. but i would like to have a very simple and intuitive dashboard of a federation of my identities/personas, and a way to set permissions of who gets to see what.
in a sense, different identities are actually different contextual clues of the person, and are reinforcements that are useful to share with others in specific situations.
for instance, i can interact with ‘wildcat’ and be quite enlightened by his/her contribution to a discussion, which will make me curious to know more about who they are, but it’s not really necessary for me to know that in order for me to reap the continual benefit of the interactions.
now, if i want to collaborate with wildcat, i may want to know what they’ve done in the past. and i’m not talking about seeing their resume, which is easily falsified/spun to one’s favor, since we get to create it. i want to see metrics of past performance and level of cohesion within group dynamics and so forth. this doesn’t really exist yet. those metrics would be a combination of quantitative results that were established as a result of their contribution to the project, as well as the softer qualitative metrics of rank by peers, testimonial of their work ethic and personality and ability to mesh with others, and some kind of a vouching system.
that of course leads to me needing further context of ‘who are these people who are vouching for wildcat?’ so now i need identity information about them as well so i can use that to judge the quality of the evaluation of wildcat’s performance/behavior/personality.
now, if i want to exchange monetary value with wildcat, or simply transfer funds, that really just requires a secure channel for the transaction to occur. i don’t really need to know who wildcat is, i just need to know how to send them money.
if we’re talking about exchanging non-monetary value, or other types of currencies, it becomes more complex again because we need a way to make apparent/tangible some kind of information of how those things are weighted. i think this is the big challenge we’re facing now as value is being generated more in intangibles, knowledge capital, digital goods, skills/capabilities, expertise, etc. it’s easy to say ‘this physical shoe is worth $60, and you make the transaction. done.’ it’s harder to say, ‘instead of using the tool of Dollars in order to exchange value, let’s cut that part out of the equation and have direct peer to peer value exchange without 3rd party intermediation. so i’ll give you 2 hours of consulting time, and you introduce me to that person within your network that i really need to know so that i can accelerate the pursuit of my initiatives.’
how do we weigh that transaction?
so, that’s where i think identity gets a lot more complex.. it’s not simply about an issuing body to say ‘this is the biological person associated with the name wildcat’ or whatever, but ‘these are the range of identity components that are managed by the individual who refers to themself as wildcat, and includes a biological component, but also a reputation, a set of values, a skillset, motivational factors like goals, desires, and intentions, and personality traits that can be fully appreciated and optimized when put in certains contexts.’
that would be a very useful range of information when attempting to understand another human and how each of you could mutually benefit from interacting with one another.
anyway, if you want to continue this, please post a fresh comment as this thread is getting too skinny!
Pingback: Dan Griffin’s Blog » Great summary of security and privacy start-ups
Pingback: Transitional Internet | WEBLOGSKY: Jon Lebkowsky's Blog
Ricardo Teixeira said:
Hi there Venessa,
This is a great summary of the VRM activity on the go around the globe. Amazing to see such momentum on the principles of empowering individuals. Thanks for sharing it.
We’ve also created a beta site offering personal data storage for individuals and corporates – thisIsME. The platform is currently being used at a South African utility company to manage their supplier contact database.
Please can you add thisIsME to your personal data stores section? Do let me know if you need any further info on our PDS offering.
Leonard Kish said:
Great resource! Thanks! Working on various definitions of open in health care. As long as we’re commenting our blogs (reuse) on the subject, here’s one I did for HL7 Standards on data liquidity and the health information economy.: http://www.hl7standards.com/blog/2011/03/17/liquid-data-and-the-health-information-economy-is-2011-finally-the-year/?utm_source=&utm_medium=&utm_campaign=
luk vervenne said:
http://www.tas3.eu is missing!
One more thing could raise a concern is the Longevity (life-cycle) of any digital personal data. A robust system to archive the inactive personal file should also be considered, given that many people’s profiles will long live on the network even if they are gone. I think we are still at a very young digital life age, where this phenomenon has become such a significant issue. However, in 5-10 years time, this is could be an area of concern, and requires social adjustments.
Wow, such a loooong list. Who can pull it together in a format that allows us to compare them all, like <a href="http://www.wikimatrix.org/ WikiMatrix?
Venessa Miemis said:
yeah, or SocialCompare – http://socialcompare.com/en
Ah, there it is. 🙂 Thank you.
Now if we could enable DISQUS on this blog, I would go in and fix that dangling hyperlink of mine. Sorry, did not find a preview button here either.
Marshall Kirkpatrick (@marshallk)
What could a web free of centralized servers look like? The W3C has begun planning for creation of just that: http://rww.to/l4Gqq0
Ross Hughson said:
Hi, What a great site. Well done Vanessa! Good to see so many people working in this space. Exciting! I will take some time to connect with as many of you as I can to learn about what you are doing in this space. I would love to hear from you as well (email@example.com). I am located in New Zealand and I am traveling to the US in June, as we Kiwis often have to do. Would love to connect with people working in this space and see how we might collaborate.
Venessa Miemis said:
definitely check out @identitywoman if you are on twitter and follow the work she is doing to may this ecosystem here http://personaldataecosystem.org/ and on their wiki here http://hub.personaldataecosystem.org/wagn/
Ross Hughson said:
Hi Vanessa, thanks for that. I have made contact with @identitywoman and planning to meet up the people from Personal Data Ecosystem in the Bay area next week. Ross
Maarten Louman said:
In the category Personal Data Stores / Data Vaults you might add :
Qiy, your digital me
Qiy is an independent and secure utility, which enables an individual to create an intelligent personal domain online.
Statement about Project Danube joining the Personal Data Ecosystem Startup Circle.
by Markus Sabadello http://vimeo.com/24725658
Hat tip @dsearls.
Pingback: 2011 Year in Review & 2012 Intentions & Aspirations « emergent by design
outlet chanel Bag said:
China chanel Bags
Hello there! This post could not be written any better!
Going through this post reminds me of my previous roommate!
He continually kept preaching about this. I most certainly will send
this article to him. Fairly certain he’s going to have a very good read.
I appreciate you for sharing!
facial toner said:
How To Select The Most advantageous method for your problem.
The holidays are here, so now is the time to look and feel beautiful and merry.
• Because it is made from natural ingredients, no side effects.
sports betting books said:
Gleison Tibau walks around around 185 pounds whereas Caol Uno weighs right
at the 155 pound mark. However, the Gambling Commission states
that most problem gamblers tend to be males between the age of 18 to 44.
What is most important for the beginner user is that they find a reputabble online casino to gamble at, as
there are quite a few less then reputable outfits that are outt
there to cheat you.
Somebody necessarily help to make seriously articles I might state.
This is the very first time I frequented your web page and to this point?
I amazed with the research you made to create this
actual submit incredible. Magnificent task!
sac longchamp pliage soldes said:
I always used to read paragraph in news papers but now as I am
a user of net therefore from now I am using net for articles or reviews, thanks
Hi, i think that i saw you visited my blog so i came to
“return the favor”.I’m attempting to find things to improve my website!I suppose
its ok to use a few of your ideas!!
I’m impressed, I have to admit. Seldom do I encounter a blog that’s both educative and amusing, and let
me tell you, you have hit the nail on the head.
The issue is an issue that not enough folks are speaking intelligently about.
Now i’m very happy I came across this in my hunt for something relating to this.
Getting Over Heartbreak quotes said:
This site really has all the information and facts I wanted about
this subject and didn’t know who to ask.
cute valentines day quotes said:
Good blog you have here.. It’s hard to find excellent writing like yours these
days. I honestly appreciate people like you! Take care!!
Sex suceuse de bites said:
Vous nous concoctez sans cesse des postes