There has been a lot of dicsussion in various forums I watch about how identity management should be performed in a digital environment. Most of the discussion is still centred in theory and debate. It’s quite common to find long threads debating the semantics of a particular piece of terminology. It seems to be moving forward, but it’s moving very slowly and still seems to be dominated by people working for companies intent on making their fortune by providing or controlling identity systems. This isn’t really what I want, nor what most of the people I know want. They want to control their own data and as they have the abilities they want to run it on their own hardware where it’s totally under their control.

Looking at FOAF I can’t help to think that I don’t really want to publish a FOAF file. It contains all sorts of information about me that I don’t want to be sitting in a machine readable file where anyone can access it. It won’t be long, and may already have happenned, but the spammers and scrapers will soon reliase just how useful a source of information these files are. not only do they outline who I am, where I can be contacted but without too much effort it’s possible to use the relationships I define to learn a lot about what might be of interest to me. Lets face it, a FOAF “web” is a marketters wet dream!

There is a need to be able to provide personal information online. Until it can be done in a secure manner it’s just not worth inviting the increase in spam and uninvited marketting that will result from publishing such information. When there is a way of allowing me to provide my information in a safe manner I’ll be more than happy to do it.

In my imagined system I have a central place that stores my information. I can define who I want to have access to it and what pieces of information they should be able to view. I’m imaginging it’ll be done using some form of key/token and certainly won’t ever involve usernames and passwords. I’ll be able to specify access for people who have a “relationship” to me so that I don’t need to add every person. I guess it’s a lot to ask, but surely the technology exists to allow this? The most worrying part is that to date I’ve seen very little evidence that the “semantic web” people have really stopped to consider these types of controls. Without a more realistic approach to these types of concerns the semantic web is headed to a place I have no intention of visiting.