The Internet of Subjects Manifesto
The influx of digital technologies in our lives is leading to an ever-increasing flow of personal data circulating over the Internet. The current difficulties experienced in personal data management, such as trust and privacy, are the revealing symptoms of a growing contradiction between an architecture that was primarily designed to manage documents and the growing expectation of individuals for a more person-centric web. This contradiction will not be resolved by adding a simple patch to the current architecture; but a second order of change similar to a Copernican revolution, is required to move from a document-centric to a person-centric Internet, to create the conditions for a more balanced and mature relationship between individuals and organisations.
The objective of the Manifesto is to explore why and how we can move from an Internet of Things to an Internet of Subjects tailored to the needs of emancipated, self-aware individuals.
Why today’s fragmented digital identity is an obstacle to the unleashing of the full potential of individuals, communities, organisations and businesses?
The current architecture of the Internet is the result of a design created at a time where bandwidth, storage and computing power were scarce and expensive. During that time, it was believed that it was more efficient and reliable to have one’s personal data stored on the server of the service provider rather on one’s own personal space. The rapid growth in the number of services people interact with, has led to an ever-increasing fragmentation of the information constituting one’s digital identity/persona.
Various solutions have been designed and implemented to federate fragmented identities and services. This was the first order of change, and it is currently implemented by only a limited number of actors. We have now reached the tipping point where the network becomes a platform and a second order of change is now made possible.
To imagine a new architecture for the Internet, we need to take into account that today, bandwidth, storage and computing power are abundant and cheap. At such a time, storing personal data on the server of a service provider is not necessarily cheaper and safer as recent stories of identity theft have amply demonstrated. Having a large number of job-seekers / learners / patients / clients on the same server is prone to massive hacking and negligence, something more difficult when personal data is being distributed over a multitude of personal space (themselves being distributed over a number of servers).
Starting with a vision that every information produced by, or related to, an individual is published / stored in his/her own personal space, it is possible to envision organisational information systems built dynamically from the aggregation of a number of pieces of information stored in personal spaces. For example, the threads of a forum, do not have to be stored in the forum’s server but can be built dynamically using the track-back technology used in today’s blogs —I write in my personal space, and it is displayed somewhere else. A directory such as the yellow pages, could be built by aggregating dynamically the information from personal spaces. If social networks were managed through the aggregation of selected elements from personal spaces, then we would not be dependent on service providers to create (and destroy) our own social networks, on the fly; creating and deleting a social network would be made as simple as creating and deleting a mailing list, without losing any of the information produced in the course of its existence.
A person-centric architecture is better
A person-centric architecture is better for individuals as they have one space (multiple identities, virtual, distributed, encrypted) from which they can update and manage their personal data. For example, the data contained in one’s personal space can be used in the yellow pages of his/her company, the white pages of the municipality, the Who’s Who, a professional directory, etc. each directory being granted certain access rights. Any update in the personal space can be immediately propagated to all directories. Based on rights management, a friend who reads an entry in the white pages might see that the owner is away, a complete stranger might only see the phone number, while a colleague might not see the personal phone number but his/her professional number, calendar and professional blog. One address (URL or URI) would support many different behaviours based on the profile of the reader.
A person-centric architecture is better for business in general, as it is a powerful opportunity equaliser, as VRM systems (Vendor Relationship Management) have already demonstrated —e.g. a group of people joining together for the best possible deal for domestic fuel can get up to 30% discount, thanks to increased competition! A person-centric architecture will help us move from a world where personal data is fragmented over a number of CRM systems (Customer Relationship Management) to a world where, to be efficient, CRM will be created through the aggregation of personal data, blurring the frontier between CRM and VRM —CRM will become mearly another type of directory.
A person-centric architecture will naturally expand into a generalised entity-centric architecture, i.e. where networks, organisations, businesses will be able to exploit the full benefits of their own digital identities. If we take the competencies of an individual as being a component of his/her identity, then the aggregation of all the competencies of an organisation is an element of its own identity and can be exploited to respond to bids, find partners, explore new markets, recruit new staff.
Beyond privacy: intimacy and trust
So far a number of technologies have been developed to enhance 'privacy': they are named Privacy Enhanced Technologies (PETs). While privacy is a perfectly legitimate demand, we believe that this concept is limited and tends to develop PETs as a means to create higher and thicker walls to protect an individual's privacy. We believe that a more interesting concept to use when addressing the issue of data protection is 'intimacy', i.e. the sharing of data across a 'private' community —a communal privacy—and that research should move from privacy enhanced technologies to intimacy enhanced technologies (IETs). Such technology should allow a seamless continuity between person-centric to community-centric architecture, in a way similar to fractal functions where large scale 'intimacy' (e.g. of a large business) would share some of the essential characteristics of a a small scale 'intimacy (individual privacy).
Our vision is to establish a network made up of single personal data spaces, where identity data and personal information systems representing individuals are at the very centre of the architecture. An ‘Internet of Subjects’ that provides loosely coupled but meaningful connections to subjects, persons or identities, just as it provides meaningful connections to location-independent content (idocuments and files).
Our vision is one where connections to people, services, and to documents is seamless, not fragmented over a number of services.
Our vision is one where personal identities are held in one space and shared across a number of communities:
This is achieved by defining how attributes are segmented or layered to reflect individual preferences, i.e. which parts are:
The mechanisms for managing the different levels/circles of intimacy should make it possible for individuals to tailor with extreme accuracy the visibility of their personal data, from single individuals, to individuals sharing the same interests (For example, I want to share my passion for train spotting with other train spotters, while not making it visible to the casual visitor) to a clearly identified and closed community (my company, my professional body, etc.).
We have now reached the tipping point where technologies are ready to reunite our digital identities, to create a Subject-Centric Internet
We have OpenID, Liberty Alliance, market requirements documents for IGF and even the CARML API...why do we need yet another ID initiative? Oasis Group, Liberty Alliance, Open ID and Oauth have variously produced digital identity management specifications and standards, making it possible for a person to federate his/her accounts distributed in multiple and heterogeneous services, but the field is still fragmented. Our vision of a Subject-Centric Framework (SCF) is intended to codify a set of fundamental principles to which any identity architecture should conform to be universal and sustainable.
A Subject Centric Framework (SCF) is intended to codify a set of fundamental principles to which any identity architecture should conform to be universal and sustainable. The principles can be summarised by the acronym “ID TOUCH.”
A universal Subject centric system should be:
Although future innovation will bring new solutions, we already have the technical means to create the Internet of Subjects today. The main obstacles are not technical, but human, i.e. the capacity to change our representations of the Internet and act accordingly.
Make no mistake: the Internet of Subjects is aimed equally at people and business. Being a people enabler, it creates the conditions for developing one’s social and professional identity and contributes to the growth of social capital. As a business enabler, it creates the conditions for for-profit as well as not-for-profit organisations, public and private agencies, to provide a personalised services market, using personal information ethically, as defined by the individuals policies.
The main drive for the Internet of Subjects (IoS) currently identified are:
Overall, the main drive for making the IoS a reality is the increased need for TRUST. To increase the trustworthiness of services, there is a strong requirement to establish a clear separation between the services hosting personal data and those exploiting them. Establishing the foundations of an architecture where personal data records are kept under the control of individuals rather than fragmented over a number of service provides is a powerful means to create a trustworthy Internet.
Investing in trust will not be an option in the close future and the IoS provides a simple and efficient model to provide better, cheaper, safer and more trustworthy services.