W3C Social Business Jam - Flurry No. 2: Social Identities
cmw.osdude 120000QT77 Visits (1024)
[Remember that even though I work for IBM I am an individual with my own thoughts and ideas. Anything I write here may not necessarily represent the views of the IBM Corporation or its partners... though I'm hoping that's only a matter of time before they catch up.]
As I participate in the
There has been a lot of discussion about the ways that we manage our identity in the social space. Do we have a single identity that we use for both business and personal? If so, how do we draw lines between our social and business interactions, or do those lines fade away.
Personally, I'm a huge fan of the owner of the information having control of who sees what, when and why. It may be because I'm a child of the 70s. I grew up with CB Handles and later BBS aliases. I like the idea of creating a view of myself for specific purposes and mixing and matching what fits that view. Frankly, some of my friends and fellow hobbyists of various kinds couldn't care less about what I do in my day-job. Likewise, my business colleagues don't want to be distracted by my spiritual pursuits. Yet, the social business world sees me as an information commodity to be mined. They want all of my information in one convenient place to be mined and sold to.
Personally, I would like a business to earn my information. Ideally they should pay me for it, either with cash or in trade for things that I want, including information. Unfortunately, the way the systems are designed, it can be difficult for me to silo my information. It's all in their system and they are at complete liberty to browse it and connect the dots.
I have long had a vision of using technologies such as public key encryption to help with this problem. There are a number of public servers for x.509 certificates. Attaching such a certificate to an account would let me exert strong controls over who could access my information. My key becomes my identity and I control the key. If I have a biometric that works as the password then I have a lovely system for authenticating myself, but compartmentalizing my information.
Of course, a drawback to this approach is if I foul up my key then I basically toast my account an all information associated with it. I suppose that a solution to that would be to include a key for the service provider so that they could help reset information if I had to redo my account.
It amazes me that this open and freely-available technology is not used more by the general community. If we could start taking some control over our own information protection we would be less beholden to the social tool providers and start making demands of them.