I have identities all over the Internet, and internally; blog, flickr, linkedin, facebook, etc. each one of them have some form of a personal profile where I get to talk about who I am and what I do.
There are lots of very clever people working on the problem of how I get to these things without having to authenticate everywhere. But I want more than that, I want to be able to have a single place where I have my profile information.
Why should I need to tell each of these systems the same information? If I change my job it should be updated within the relevant systems.
The emerging identity federation model probably has a lot to tell us in this area. People started from the premise that identities should be stored in one place and every other system should trust that one place. This didn’t work, because there wasn’t trust between all of the systems. The same will be true for profiles. I don’t want everyone to see all of the profile, I only want the people to see the parts of my profile that are relevant to the access that they have and the system that they are using.
Technologies like Facebook Connect go someway towards resolving this problem, but I’m not sure that they have really learnt the lessons from the identity people.
I want to be in control of what goes where, but I don’t want to have to maintain the same stuff everywhere.
I’m sure that I’m not alone in thinking that this is a problem, and as the famous quote goes: “"The future is already here – it’s just unevenly distributed." – William Gibson. So I’m also sure that I have missed some form of amazing development in this area that has the potential to make my winging sound like the ramblings of an idiot.
Anyone else think that this is a problem we need to get resolved?
Graham Chastney 
I was thinking along the same lines with respect to data privacy and the fear in some quarters about the arrival of “Big Brother” all knowing databases, aggregating all the information we have given to various organisations for different purposes and then sharing it between them, without our consent.
In the physical data world of identity documents, information forms populated with our written data and process flows, manipulating or using our data, there is an inherent assumption that the data is originated from us as individuals, as part of the transaction we are performing, and is then used only for the desired process. Subsequent to completion of the transaction it is discarded or rendered relatively inaccessible because of the inherent nature of the communications medium used. That is paper, voice and letter.
It’s a simple model really: The individual holds the information. The individual passes the minimum information required to perform a transaction to the organisation involved. The organisation uses it and discards all the information it has not agreed can be retained.
To gain cultural acceptance of IT solutions involving Identity Management and the use of personal data perhaps we should adapt the real world model. As an individual in the real world you sit at the top of a personal digital rights hierarchy granting access to and communicating data to other parties as desired. If this was applied to the electronic world, Facebook, Hotmail at al should be sending you a digital rights usage request every time they what to use previously supplied data for some alternative purpose. You could then agree or disagree to the usage as desired.
Expand this methodology to banks, government organisations and commercial companies and you remove the need for privately held silo’ed personal information databases and remove some of the drivers for aggregating them it to all knowing “Big Brother“ style databases.
I think this is nearly a sales pitch for deploying ID cards. The ID card could be used as your electronic digital rights management authority for your personal data.
LikeLike