There’s a characteristically thoughtful post from Jon Udell out there about our online identities and how we might manage them. Udell also points to a Doc Searls post on the same subject. Both talk about two “grassroots alternatives” to some of the proprietary identity standards that have emerged, principally Microsoft’s Passport and the Liberty Alliance (Udell also mentions Shibboleth and WS-Federation, about which I know very little).
Both, in different ways, aim to empower me to assert facts about myself and to control the syndication of that data. In the case of IdentityCommons, I buy this service directly, licensing a permanent i-name through which I co-ordinate the activities of identity providers and service providers. In the case of Sxip, the service is free to me as an individual — it’s the identity providers and service providers who pay a licensing fee.
Udell points out that both of these services make explictit mention of DNS as being analogous to their service – the idea being that there is some central repository of individual identity to which people register their identities for use by third parties. He also argues that, if this becomes the case, a far better system of governance than currently exists for domain names is going to be needed.
Personally, I can’t see how any third party could “govern” something as personal and controversial as individual data. I still kind of prefer a “standards” model which I remain in control of – so, if I want my data to be available to other parties, I make it available in an environment I control (say, my website or my blog) in a standard format which third parties can then use. If I don’t have that environment, I can purchase “identity hosting” with a third party, in the same way I purchase web space. But I don’t “register” this identity with anyone but the third party that wants to use it. Why the need for a middleman?
This only serves to prove how much less I know about this than Udell, I know. It is a fascinatingly complex problem.