Thursday, January 10, 2008

The Profile Problem

Ama-gi written in Sumerian cuneiformImage via WikipediaProfiles are used extensively on the web and in the enterprise. With the rise of 'the social web', the number of profiles you can use to describe (parts of) yourself is greatly increased.

On the web, each site or service needs to know something about you. This is your profile (for that site or service). In an enterprise setting, a company keeps a profile about all their employees or customers (i.e. you) in their identity management system.

When seen from a perspective of personal freedom, the current practices pose a few problems, which will be discussed next.

Problem 1: You don't have control over the data that describes you.

This is the most important problem. Apart from the specific elements you are allowed to store (see Problem 2), the data you entered is stored on a system beyond your control. It might be difficult to make changes, or to correct errors. You might be dependent on the service provider or others to have your data changed or deleted. You don't control the security that surrounds your data. You can't choose the systems on which your data is kept. You're not allowed to re-use your own self-representation.

Problem 2: Profiles dictate what you can and cannot tell about yourself.

Most online services and enterprise identity systems come with a prescribed set of properties (like your name, favorite music etc.) that you need to populate with values concerning yourself. The profile dictates what is required and what is optional. There is often no room for extra information.

Problem 3: Lack of sharing control.

You often don't control who sees the profile, and, in cases where sharing is relevant, you can't control the parts to disclose in enough detail.

On the web, you are stuck with the options the site or service offers you for sharing with other users (as is common in many online community services). Can you share all, nothing, or parts of your profile? Which parts?

Problem 4: Duplication of effort.

This is not really a problem related to individual freedom, but it is worth mentioning anyway.

Each service has its own profile page for you to fill out. This is a duplication of effort for you, since you have to maintain the same set of properties over and over again at each site. It also is a duplication of effort on the part of all the service providers, who build and maintain a profile infrastructure, user interfaces and the data it holds.

Admitted, the enterprise identity management system solves the duplication of effort problem by using an enterprise-wide profile management system, so the duplication of effort is mainly seen on the web, not inside the enterprise. However, the first two problems remain. Do you have any more influence over your profile (say, as a customer or employee), now that it rests in an enterprise identity system?

What needs to be done?

Nowadays, with the proliferation on-line services an social media, the need for a solution for these problems is needed more than ever. The challenge lies in identifying what an acceptable solution looks like.

We should take a step back from technical issues, and investigate the essence of self-representation, since a profile for an on-line service is just that. Taking the person being represented as the starting point, issues of personal freedom, privacy and control become relevant.

In any case, to prevent the problems identified above, the proposed solution should minimally have the following characteristics:

It should work with arbitrary attribute collections. It should allow for fine-grained disclosure (sharing) options under the users control. The data should be stored with a provider/technology of choice.

Starting from there, one can see the need for standards which allow an individual to manage the the definition, modification, querying, and disclosure of personal attributes.

No comments:

Post a Comment

Creative Commons LicenseExcept where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License