A while back I got a Linkedin invitation to link up with someone who I didn’t know who claimed to be from Google. At the same time the same person sent me inmail about opportunities in Google. Sure enough, the person’s (who shall remain nameless) Linkedin page showed that they did indeed claim that they currently work for Google. Smashing. Just one little niggle - they used a hotmail email address… Far be it from me to doubt the trustworthiness of this person, after all, I am sure they are quite honest and just slipped while choosing their email account provider for work related activities. Yes, that must be it.

I wonder how many people imbue some level of elevated trust in the self asserted claims of Linkedin pages? It would be cool to have a trust mechanism for the web, where claims on static pages can be verified in a decentralized, scalable manner. To be able to be assured of the accuracy of claims right on the web page that is making them without having to interact with some trusted third party. As far as I am aware, nothing currently in use achieves this.

In user-centric identity most of the thinking has been about user presentation of identity data in an interactive fashion, but this isn’t the whole story. Sometimes one would like to make a claim that is persistent and non-interactive that out lives our brief time on line. For example, our friend at Google could have their claim of employment by Google signed by Google, thereby validating the claim if you trust Google not to lie about who it employs. Perhaps that is sufficient for some applications.

It seems to me that this ought to be possible in an internet scale fashion using current technology. It is just a matter of everyone agreeing on which technology pieces are to be used and stitching them together. Given that services like Linkedin are becoming more important to how business is conducted, I expect to see something like this happen in the not too distant future. I bet it ends up being a SAML profile too.