Towards an Open Profile Standard

This is a thing I'd really like to use, and I can't see how it's anything other than a good idea. But, as far as I can tell, it doesn't exist yet. I wrote the below as a post on Medium, but I'd really like to see what others think of the idea, and whether anyone has any idea of who we could bug to make it happen.


We need a simple, secure Open Profile Standard so we can get on with stuff that’s more fun than updating our account details again and again and again and…

Imagination time:

You’ve just moved house.

Now you have to tell your new address to your bank, and your other bank. And your credit card company. Then you buy something on eBay and remember you need to update your address on PayPal.

And you told your friends, but of course, they lost the email. So you spend the next year reminding them of the address.

Or: You change your email address.

Slowly, you need to go through every site on which you have an account, and let them know what your new address is, then click in the confirmation email they send.

And there’s always that one site - the shop you have an online account with, but only use every year or so. And you can’t remember what email address you signed up with, or whether they have the current address. And you’ve got a new phone number since then…

Or: You apply for a credit card.

You know you should have a good credit rating. But you get declined, because the ratings agency doesn’t have you listed at your current address.

Profiles are a mess.

I don’t mean logins. Many places are moving to unified logins, with Facebook, Google+, Twitter, OpenID, and so on. That’s starting to work out for us.

But profiles suck. Why should I have to tell everyone, separately, whenever a small personal detail changes?

We need a single resource we can turn to when we want to update our ‘living profile’.

All I want is a place where I can fill in my details - Name, D.O.B, address, email, banking details, telephone number, maybe a nice profile photo - all the relevant stuff.

When any of those details change, I just go to my Open Profile and update it, and whoever needs access to that data gets it pushed to their database.



^ Like this, but neater and more digital.

That’s all, that’s it: A simple, secure, open protocol for the storing and distribution of relevant, up-to-date personal information between various sources.

I want it to be secure, of course. Check in with me on my old address if I change to a new one. Require two-factor goodness. Make it solid.

And, whenever I create a new account at a site, I want to be shown what information they’re requesting, and to give permissions for that - like when installing an app on Android. When I agree to that info request, I agree that they’ll be kept up-to-date on the details I change.

And if I change my details on a connected site, I get the option to propagate those details through the rest of my Open Profile.

It could work nicely for everyone. What if my contacts were synced with peoples’ Open Profiles? I’d never have to chase them for a current address or phone number again.

You could have a link to your Open Profile data on your website, with permissions set how you want them. Or, like a contact info file you send to someone’s phone, you can share your data with their OP service.

But it needs to be open.

If it’s just done by Google, then Facebook and Apple won’t agree to use it, and so on. This is something that needs to transcend the partisanship of inter-corporation bickering.

Given the childish approach taken by many of the giants against interoperability, it could be dangerous for the protocol to even be spearheaded by one of them. Look at what happened with Google’s attempts to promote a standardised IM protocol.

It seems that, like email, a decentralised, open federated approach would work.

The standard could be created, agreed on, and formed, and then you can choose your own provider - Google fanboy? Use Google’s Open Profile service. iPhone? Use Contacts’ inbuilt application of the protocol. Or create your own Open Profile server, whatever.

It would be a win-win for everybody.

I’m sure businesses, banks and other organisations are constantly having to deal with problems caused by out-of-date information. Who wouldn’t want to ensure they have current information for their client base?

And I know individuals are sick of having to play clean-up when updating those details.

As far as I can tell, unlike, say IM, there’s no reason for any involved party not to want to use the protocol. There’s incentive towards broad uptake, and open interoperability. If X has your user’s current details, you want to make sure your own match them.

I don’t see any reason for this not to work, and I’m rather surprised it’s not been made already. Perhaps it has, in which case I’d like to know why it’s not taken off. OpenID Attribute Extensions may allow for this, but don’t seem to have been used this way.

It just seems like one of those simple, obvious things we should be able to do, but can’t.