The Web of Identities: Making Machine-Accessible People Data
In a previous article, we discussed the Web of data, which is about inter-linking open data sets and, thus, turning them into machine-accessible structured data. In this post, we'll draw a picture of how the emerging social Web could serve as a Web of identities, which is essentially a people-data version of the Web of data.
W3C's
The LOD approach is very good for static and encyclopedic knowledge, but what about accessing our personal data? Technically, modeling our identity, profile data, social graph, groups, activity stream, assets, and other kinds of personal data is straightforward. But empowering machines to access this data could present challenges to the LOD approach, because it comes with all sorts of constraints and peculiarities, such as privacy and data volatility. People want control over who has access to their data or parts of their data and want to be able to block access for any reason. And issues such as rapidly changing and outdated data remain unaddressed.
This is where the social Web can help.
The Emerging Social Web
There was a time when we had to create a new digital identity for each social application we wanted to use. A social application provides features based on social attributes. Every application provider implemented its own proprietary ID management to authorize users to log on and implemented its own proprietary user profile system to manage information about its users. Application providers were judged by the size of their user and content base and so erected endless walled gardens to protect their properties.
The most significant issues people had were:
- Low conversion rate for user registration,
- Users had to register for many accounts,
- Users had to re-enter and synchronize profile data,
- Privacy, data ownership, and inability to export.
Not much has changed, unfortunately. Most remarkable, perhaps, is the growing number of single sign-on (SSO) solutions that address the first issue for application providers and the second issue for users. New application providers can now outsource this functionality to a third-party SSO provider. Some of the biggest application providers became ID providers themselves to allow their users to log on to third-party applications with the same ID, and this has gained traction beyond these few providers. This has led us to an era of identity wars between the big providers.
Many ID providers, such as Google, Yahoo!, MySpace, and Facebook, have added the OpenID SSO to their own proprietary mechanisms over time. Because of the open nature of OpenID, many third-party providers have found it easy to integrate with the bigger providers, giving them more traction because users are able to access their services so easily using their OpenID credentials. Now, these ID providers can offer read-only access to fragments of profile data that users can look up or copy to third-party applications. Like SSO and OpenID, this began with proprietary solutions, but now exchange formats and protocols are emerging whose open language allows applications to easily exchange and synchronize data. These include:
- API access authorization protocol OAuth,
- Social graph exchange format FOAF ("friend of a friend"),
- Updates exchange format activity streams,
- Address book exchange format Portable Contacts.
In the future, ID providers will loosen their connection to social applications and start taking over management of users' social attributes. Users will be able to log in to applications using credentials hosted by their ID providers of choice and grant permissions to these applications to read or even sync selected fragments of their profile data. The borders of these walled gardens will thus blur, and the social Web will become more of a weave than a patchwork quilt.
The Web of Identities
The Web of data is a distributed web of interconnected sets of semantically annotated data. A connection is achieved as a result of data pointing to data contained in another set through a URI, just as websites point to each other with URIs. This way, machines can crawl the sets to read the data. ID providers will most likely refer to their users via URIs in the future as well. A social connection will consist of one user's URI pointing to another user's URI or ID provider. If permitted by users, a machine may very well accomplish its tasks by jumping through the Web of identities from user to user, the way it does through the Web of data.
Why is this needed? The Web of identities is actually a super-social graph that spans multiple ID providers. If we come across walled gardens, this infrastructure would be needed for all of the social-related search functions we perform. The following examples are thus far provided only (if at all) within individual applications:
- "What is the best book read by friends in my circle?"
This query might retrieve book purchases and book-related status updates that your friends have made accessible through their privacy settings and then rank the books in a set. - "Notify me if a close friend visits Berlin."
This permanent task repeatedly looks up your friends' geo-locations. You may also have granted your close friends access to this data, too. This task could even be combined with the Web of data to look up the meaning and location of Berlin. - "Sync my address book."
This permanent task continually synchronizes my friends' addresses and numbers with my personal address book.
Now it's your turn. In what ways do you think the social Web and Web of identities are evolving?
(Diagrams by alexkorth)
Share
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
I just had a few thoughts about how accessible identities will support finding and developing networks for collaborative learning. Here is what I posted in blog
Social Web of identities and collaborative networked learning
As we move more and more into the world of emerging and rapidly changing information availability and knowledge creation we turn more and more to collaborative networked learning and networking. When we engaging in the creation of networks for learning we want to make sure that we network with others who can help us learn or who might be a vessel for knowledge to facilitate our particular learning.
As social networking in its many forms becomes more accessible and transparent so do the identities and social graphs of the participants. With interchangeable, open social web identity data to accompany the more static stored knowledge data available today we have the identify data necessary to form networks for learning which include the right mix of persons contributing dynamic knowledge along with supporting repositories of more static, stored knowledge.
With any new emerging visions of the future web, we seem to forget that most users have yet to understand the issues and trust the proposed solutions of openess vs privacy in the social web.
I see the need for a trusted and open standard for dealing with portable privacy across multiple services and web identities. An example:
I take a photo of myself and a friend, I then restrict access to that photo to only allow us both to view it, in let's say Expono or Facebook. With portable privacy, I could ensure that those restrictions applies on every service I may share/export/view this photo with.
This issue applies not only to static content as a photo, but also to dynamic data as an activity stream (and single activities in it) or my current gps location.
True data portability depends on it. We are getting there, but the issue with how users will adopt it and understand the meaning of social web and the vast amount of data and identities interconnecting with eachother, is still an uncracked nut :)
all these semantic stuff is the future of web :-)
Wow thats cool.. it's not impossible..
There is in fact a very simple technical solution that ties all the above together. By using foaf and the SSL stack available in all browsers, one can easily create global identities that are URLs, by embedding them in self signed client certificates. This is called foaf+ssl and implementations for servers are available in php, python, perl, java and even c.
See the large number of articles available on the wiki:
http://esw.w3.org/topic/foaf+ssl
I think that Daniel makes a good point. In my opinion, achieving portable trust is the hardest part. Consider his example, sharing a photo, where restrictions on who can view it propagate with the photo.
1. The photo should not flow to sites (or recipients) who cannot enforce the restrictions.
2. Even if a site can enforce the restrictions, suppose that some sites are known to be a bit sloppy -- maybe I don't trust them to do so.
3. The restrictions to be enforced are, reasonably, some sort of combination of the restrictions desired by each stakeholder.
4. Exactly what is to be kept hidden about this photo? Would it be OK to reveal the existence of the photo (e.g. via the caption or its tags) but not show the pixels? Would it be OK to show the photo, but strip away the tags and caption? Suppose the faces are obscured?
The second point is the hard one, because trust is distinct per-stakeholder.
Great article. There is a critical standard that you forgot that is essential for tying this all together. XRD (eXtensible Resource Discovery) this is part of XRI TC at OASIS - a simple XML format and HTTP(S) protocol for uniform metadata discovery for all URIs.
The other issue that you don't cover in the post is that people don't want their whole social graph crawlable on the public web. Social relationships happen in context and not all contexts overlap or should be public. People do need tools that help them see their own social "graph" in an integrated way. This is not an easy to address - XDI may have some of the answers - having privacy permissions (access controls) actually baked into the links.
We cover the whole range of standards for peoples identities, and the social web at the Internet Identity Workshop - the next one is November 3-5 in Mountain View. Join us!
Secure Socket Layer is something that I'm sure that many social sites have completely overlooked. And as for keeping a photo from being seen by others, well there is always old-school email. It falls under the common sense category of don't put anything on the web that you don't want made public.
Thanks to all, you are very right. Privacy and reach-control of content from the user-side are major issues. In this post, I wanted to focus on the people-data analogy to the Web of Data and thus, kept things short and mentioned the need for control only very briefly. This is worth a dedicated treatment.
Of course, there are many more relevant than the few protocols and standards than the examples I named. A more complete overview over these is given my Marc Canter's great Open Mesh [1].
@Kaliya: sorry I missed your talk at W3C's SWXG.
Cheers,
Alex
@alexkorth
[1] http://blog.broadbandmechanics.com/2008/05/02/how-to-build-the-open-mesh/
I love this article.
I think one of the main issues of this are in the head of the participants. Whenever an owner of a social service hear the word OPEN he tread you like a thief.
We try to do our best with our project http://www.yiID.com to bring a new point of view to this guys.
The web is open, and my data is mine :-)
Marco
Great article. This is definitely the direction that things are going.
Thanks for the insightful article, Alexander. You lay out emerging trends in the social web quite well. We at JanRain have been active participants in the OpenID space since its inception, and our RPX solution (http://rpxnow.com) allows websites to accept logins from all the major providers -- Facebook, Google, Yahoo, Twitter, AOL, Windows Live ID and MySpace, all in one aggregated API. RPX also allows those sites to extend their reach and interact with the social networks through Activity Streams functionality.
User-centric identity is a key tenet of OpenID, which is why a user who authenticates through RPX can choose whether or not to pass profile data through to a relying party website. And because RPX offers an API to sync data with a social network, a user is freed from the burden of updating her data at every site in which she signs up with a third party account.
RPX is seeing strong adoption and is a great way for websites to enjoy the benefits of the web of identities. Sears, for example, recently deployed RPX on the mysears.com and mykmart.com communities.
We're excited to be a part of this emerging paradigm and look forward to seeing continued interoperability across the social web.
Posted by: molson1.myopenid.com
|
July 13, 2009 1:35 PM
Current trends for using your email address or web page (OpenID) make it easy for to track you across multiple sites. I therefore expect to see an evolution to a delegation model, where you instead disclose the URI for your privacy provider, which provides the requesting website with the appropriate credentials, and tracks what personal data has been disclosed. Some more details are given in my talk at PrivacyOS earlier this year, see http://bit.ly/11KE4b
This can be implemented using HTTP redirection and web page security domains to offer the same single sign-on convenience as with OpenID.
In the future we are likely to see an increasing popularity of personal apps that you run 24x7 on your server and which act as agents on your behalf. These web agents are identified by URIs and connect to other agents via HTTP. Agents would use the same mechanisms as above
to provide credentials to other agents. Access would also be subject to constraints on handling of personal data, e.g. how long it is retained for and what purposes it can be used for. This is something I am look at as part of my work for the EU PrimeLife project.
I work for repressive governments, among these also the ones that call themselves "democratic" - and big companies. We are fighting whistleblowers, environmentalists, protesters and any kind of people, that might have a non-opportunistic mindset. But before we can arrest them, beat them up or do anything cool that frightens them to death, we need to WATCH them. I really like to watch. I believe that all these social web stuff will be a HUGE boost for our work - I especially like that ALL the propagandists of these technologies have absolutely no problem working together with he agencies - and on a technical level it is a great advantage for us, that once more we get a new technology evolved WITHOUT builtin privacy and anonymization. Now, after we addicted you to the net giving you mp3s and your TV shows for free, finally we will have total access to everything and everybody you love. These technologies are the key to total world domination and we will use them extensively. Thank you very much, all you useful idiots!