Federation 2.0: In Search of a Switzerland for Identity Portability
The controversy around personal and social data portability is growing. For consumers, it is an important issue because it will determine how much ownership they will be able to enforce upon their "digital identity" that lives today across competing Internet silos. For the silos, the Google, FaceBook, Yahoo! and Microsoft of the world, a lot is at stakes since, ultimately, it is about whom consumers will entrust with their digital self.
Undoubtedly, data portability is the natural child of federated identity (more on that in a future post). Personal and social data are an important part of any consumer identity'. Like identifiers, credentials and profile attributes, social graphs, activity streams belong to the end user who created them in the first place. In the long run, consumers will require full control, privacy, security and portability over such personal information. Therefore, the identity technical community must engineer a new and comprehensive identity portability layer. The new layer needs to broaden the tradition notion of identity federation beyond names, passwords and profile to encompass the full gamet of personal and social data. Furthermore, this new layer must support a plurality of identity service providers who can compete and distinguish themselves by the quality of their service and the user experience that they provide. Freeing our data off Web portals and social networks by creating a new service layer dominated by one single service provider is hardly trading one master for another.
Incidentally, putting the user first and ensuring plurality of competing identity service providers strikes as the fundamental principle that OpenID places on identity providers. The OpenID foundation has always be the strong proponent of a user-centric approach to Internet identity. Unlike many organizations, it appears to have achieved a balanced representation across the grass-root technical community and large big Internet corporations. Moreover, because of the strategic stakes it represents, the quest for personal data portability is likely to become the main driving force behind OpenID deployment and maybe, even the necessary solution to the so-called "relying party problem".
As a neutral ground, I hope the foundation will quickly realize that it has the opportunity and responsibility to provide the necessary leadership that helps clearing the technical issues around personal information and data portability. Yes, more than large Internet companies proclaiming their own APIs as open standards, it seems to me that OpenID can be the right foundation (pun intended) to lead towards a true interoperable solution for Internet data portability.