The Internet of Subjects Manifesto
The place digital technologies have now dwelled in our lives is leading to an ever-increasing flow of personal data circulating over the Internet. The current difficulties experienced in personal data management, like trust and privacy, are the revealing symptoms of a growing contradiction between an architecture that was primarily designed to manage documents, with the growing expectations of individuals of a more person-centric web. This contradiction will not be resolved by adding a simple patch to the current architecture; a second order change, similar to Copernican revolution, is required to move from a document-centric to a person-centric Internet, and create the conditions for a more balanced and mature relationship between individuals and organisations.
The objective of the Manifesto is to explore why and how we can move from an Internet of Things to an Internet of Subjects tailored to the needs of emancipated, self-conscious individuals.
Why today’s fragmented digital identity is an obstacle to unleash the full potential of individuals, communities, organisations and businesses?
Current Internet architecture leads to a fragmented identity
The current architecture of the Internet is the result of a design at a time where bandwidth, storage and computing power were scarce and expensive. At such a time, it was believed that it was more efficient and reliable to have one’s personal data stored on the server of the service provider rather on one’s own personal space. The rapid growth in the number of services people interact with has led to an ever-increasing fragmentation of the information constituting one’s digital identity/persona.
A number of solutions have been designed and implemented to federate (fragmented) identities and services. This was a first order change, and it is currently implemented only by a limited number of actors. We have now reached the tipping point where the network becomes a platform and a second order change is now made possible.
A person centric architecture is possible
To imagine a new architecture for the Internet, we need to take into account the fact that, today, bandwidth, storage and computing power are abundant and cheap. At such a time, storing personal data on the server of a service provider is not necessarily cheaper and safer as recent stories of identity theft have amply demonstrated. Having a large number of job-seekers / learners / patients / clients on the same server is prone to massive hacking and negligence, something more difficult when personal data is being distributed over a multitude of personal space (themselves being distributed ovr a number of servers).
Starting with a vision that every information produced by, or related to, an individual is published / stored in his/her own personal space, it is possible to envision organisational information systems built dynamically from the aggregation of a number of pieces of information stored in personal spaces. For example, the threads of a forum, do not have to be stored in the forum’s server but can be built dynamically using the track-back technology used in today’s blogs —I write in my personal space, and it is displayed somewhere else. A directory, like the yellow pages, could be built by aggregating dynamically the information from personal spaces. If social network were managed through the aggregation of selected elements from personal spaces, then we would not be dependent from service providers to create (and destroy) our own social networks, on the fly; creating and deleting a social network would be made as simple as creating and deleting a mailing list, without losing any of the information produced in the course of its existence.
A person-centric architecture is better
A person-centric architecture is better for the individual as well as businesses.
It is better for individuals as they have one space (multiple identities, virtual, distributed, encrypted) from which they can update and manage their personal data. For example, the data contained in one’s personal space can be used in the yellow pages of his/her company, the white pages of the municipality, the Who’s Who, a professional directory, etc. each directory being granted certain access rights. Any update in the personal space can be immediately propagated to all directories. Based on rights management, a friend who reads an entry in the white pages might see that the owner is away, a complete stranger might only see the phone number, while a colleague might not see the personal phone number but his/her professional number, calendar and professional blog. One address (URL or URI) would support many different behaviours based on the profile of the reader.
A person centric is better for business in general, as it is a powerful opportunity equaliser, as VRM systems (Vendor Relationship Management) have already demonstrated —e.g. a group of people join together for the best possible deal for domestic fuel can get up to 30% discount, thanks to increased competition! A person-centric architecture will help us move from a world where personal data are fragmented over a number of CRM systems (Customer Relationship Management) to a world where, to be efficient, CRM will be created through the aggregation of personal data, blurring the frontier between CRM and VRM —CRM will be just another type of directory.
A person-centric architecture will naturally expand into a generalised entity-centric architecture, i.e. where networks, organisations, businesses will be able to exploit the full benefits of their own digital identities. If we take the competencies of an individual as being a component of his/her identity, then the aggregation of all the competencies of an organisation is an element of its own identity and be exploited to respond to bids, find partners, explore new markets, recruit new staff.
Our vision is of a network made up of single personal data spaces, each of which interact in hub and spoke fashion. Of a network where identity data and personal information systems representing individuals are at the very centre of the architecture. Of an ‘internet of subjects’ that provides loosely coupled but meaningful connections to subjects, persons or identities, just as it provides meaningful connections to location-independent content (documents and files).
Our vision is one where connections to people, services, and to documents is seamless, not fragmented over a number of services.
Our vision is one where personal identities are held in one space and shared across a number of communities:
Identities — a person can have multiple identities, and this can be reflected through different identifiers, like URLs, URIs or others
Communities — a person can share a number of attributes within a number of circles of trust, where intimacy is protected. This can be an organisation, a social network or an ad-hoc group, or the general public.
This is achieved by defining how attributes are segmented or layered to reflect individual preferences, i.e. which parts are:
Private — what is concealed from all communities
Restricted — defines which attributes are shared with identified communities and people
Public — defines the attributes that are publicly accessible
The mechanisms for managing the different levels/circles of intimacy should make it possible for individuals to tailor with extreme accuracy the visibility of their personal data, from single individuals, to individuals sharing the same interests (I want to share my passion for train spotting with other train spotters, while not making it visible to the casual visitor) to clearly identified and closed community (my company, my professional body, etc.).
We have now reached the tipping point where technologies are ready to reunite our digital identities, to create a Subject-Centric Internet
We’ve got OpenID, Liberty Alliance, market requirements documents for IGF and even the CARML API...why do we need yet another ID initiative? Oasis Group, Liberty Alliance, Open ID and Oauth have variously produced digital identity management specifications and standards, making it possible for a person to federate his/her accounts distributed in multiple and heterogeneous services. The field is still fragmented. Our vision of a Subject-Centric Framework (SCF) is intended to codify a set of fundamental principles to which any identity architecture should conform to be universal and sustainable.
Principles of the Internet of Subjects
A Subject Centric Framework (SCF) is intended to codify a set of fundamental principles to which any identity architecture should conform to be universal and sustainable. The principles can be summarised by the acronym “ID TOUCH.”
A universal Subject centric system should be:
Independent: it should be sovereign and independent from commercial or partisan interests; it should be based on the existence of multiple, competitive, operators and technologies and cuts through all existing ID schemes.
Dependable: it should have a provision to guarantee that personal data are free from potential loss or theft as well as identity attacks.
Trustworthy: Mechanisms such as reputation and trust should be native features of identity systems. Personal data must be treated accordingly to the policies defined by its owner, including the right to rectify information. One should have access to reports and statistics on how one’s personal data is being accessed and exploited.
Opaque: it should provide mechanisms to fine-tune external visibility of personal data, up to the point of total opacity and anonymity —except for legal or regulatory requirements. It should include encryption and other techniques to limit the risks of undesired disclosure.
Unifying: it should provide a seamless experience across identities and contexts (e.g. healthcare, education, employment, leisure, mobility) while keeping a clear separation between independent contexts and multiple identities.
Community Aware: Identity systems must recognise and exploit the social nature of identity. They should provide mechanisms negotiation and discovery mechanisms for social interaction and data exchange.
Humanist: the underpinning values of an identity centric system is a humanist vision of technology refusing the reification of human beings and promoting an open and free society.
How can we make the Internet of Subjects a sustainable reality?
Although future innovation will bring new solutions, we already have the technical means to create the Internet of Subjects today. The main obstacles are not technical, but human, i.e. the capacity to change our representations of the Internet and act accordingly.
Make no mistake: the Internet of Subjects equally is aimed at people and business. Being a people enabler, it creates the conditions for developing one’s social and professional identity and contribute to the growth of social capital. As a business enabler, it creates the conditions for for-profit as well as not-for-profit organisations, public and private agencies, to provide a personalised services market, using personal information ethically, as defined by the individuals policies.
The main drivers for the Internet of Subjects (IoS) currently identified are:
Education: IoS solves the issue of interoperability and transition across institutions. Sponsors can be regional and local governments, education institutions, professional bodies, individuals
Employment: IoS provides the means to manage a portfolio career. Sponsors can be public employment agencies, regional and local governments, job boards, professional bodies, individuals
Healthcare: IoS provides a solution for the generalisation of Personal Health Records, worldwide. Sponsors can be public health services, laboratories, individuals
Business: IoS provides a general mechanism for the development of VRM approaches to business. Sponsors can be telecom and network operators, innovative businesses, individuals
Overall, the main drivers for making the IoS a reality is the increased need for TRUST. To increase the trustworthiness of services, there is a strong requirement to establish a clear separation between the services hosting personal data and those exploiting them. Establishing the foundations of an architecture where personal data records are kept under the control of individuals rather than fragmented over a number of service provides is a powerful means to create a trustworthy Internet.
Investing in trust will not be an option in the close future and the IoS provides a simple and efficient model to provide better, cheaper, safer and more trustworthy services.