The first generation social networks need to open up to sharing or they

deserve to die. When you create your social network, you are making

a major move both in terms of effort invested as well as exposing

your privacy sensitive data. It is preposterous that anyone else

than you would "own" this. Yet the current operators seem to be

assuming they can get away with that.

Luckily some identity architects around the world have been creating a

better world: start from multipolar and user centric assumptions.

First, structurally separate social network from the

services that leverage the network. Then empower the users to choose who

holds their network - and different users will choose different

operators. Finally, oblige the social network providers to share the

netwrork with all the other social services that the user wants to

use. End of data hostage problem. End of confusing parallel structures

and synchronizing them.

Most important of all, shared social network opens the field for

innovative social service providers: new service can immediately

leverage the social networks that the users have already built.

This vision has culminated in the Liberty Alliance People Service

(final as of 2006) and has been endorced by several alliance members.

Best of all, the People Service social network storage manages

to pull it off with full privacy protection.

It is clear that there needs to be conveyance of identity from where

it can be checked - the front-end, usually Single Sign-On - to

back-end, be it web services or legacy database access. For auditability,

the only acceptable standard is that the user who requested or authorized

the operation is held responsible for it. No longer is it sufficient

to open database connections as trusted system entity - you need to

authenticate on behalf of the actual user.

Fortunately frameworks for such conveyance of identity already

exist. Liberty ID Web Services Framework (ID-WSF) combined with SAML

SSO and bootstrap offers a full solution. It is possible to engineer a

SOA today, buying standards based certified COTS software that

implements this functionality.

While some IdM vendors are from US, there are plenty of us innivative

companies here in Europe and many EU states are more advanced than US

in setting policy on IdM. As an enterpreneur, I am very willing to

listen to Gematik and ensure the use cases and requirements they care

to share are addressed in the emergent standards. I believe the

technical solutions to address the health care market already exist -

it is merely a question on agreeing which solution to use.

Much of what Apertio does can be done with a virtual directory that supports multiple protocols. The HSS or GUP side requires Diameter, which is available on market place. The future of supporting end user applications will require a web service interface - potentially with identity management such as SAML or Liberty. This is also available today. I guess the next contender for telco directory solution just has to do a convincing integration. From what I've learned from telco projects is that "you do not touch HLR!" Apertio's main contribution was to convince telcos that this area can indeed be touched. Whoever is equally convincing, will rule the roost.