[projectvrm] Data Ownership, VRM & Standards - Suggesting a Directory

[Mark Lizar < >]

Hi Eve, Elias, Doc et al.

That was great stuff from Gnomdex, for VRM ,  I have been working on  
the Identity Ownership and Identity Mapping issues for a long time and  
am completely inspired by Eve.  Thank You,  I completely agree with  
you about access and being able to see your own information use, this  
I believe to be a foundational building block.

Responding to the whole thread I had some thoughts particularly  
contrasting the business facing activities and legal rights based  
activities being discussed in the  same space under VRM.

I completely agree with Iain when he says
>  fundamentally i'll know that I own it when I can/ could sell it and  
> underpin that sale with a legal contract.



VRM aptly separates the contentious legal, rights based issues and  
focus on the activity of power in the supplier and customer  
relationship.

But, the issues surrounding the use of personal information involve  
transactions which stretch between VRM and Legal Use of information  
based on rights.  Both contexts together are used to create policy  
(like privacy policies).

VRM is a way in which the VENDOR is addressed in supplier relations   
and is an extremely good approach benefiting the whole spectrum  
involved in personal information power and providing infrastructure  
for benefits in a digital economy.

As an idea for Standards and  achieving compliance to those  
standards,  I would like to suggest a group effort to separate the  
standards effort into VRM  (technology/process for business) and a  
legal rights based approach (for compliance and reporting business  
performance) which motivates business. Creating a directory of rights  
based access measurements as a foundation for a reputation and a  
method of developing standards.

A carrot and stick approach to compliance.

In the past projects I have worked on developed into an access  
framework called the Master Controller Data Access Framework (MCDAF).   
This legal to rights based theory approach as oppose to a Vender to  
Customer rights based approach was a way to evolved categories  
surrounding data ownership issue.

Measuring  Access, Control, Consent, and Choice from legal benchmarks   
to quantify the levels and dimensions of 'Ownership'  is a research  
project I am currently working to be involved in.  Researching   
ownership and with a directory, driving a campaign of access to  
personal information.

The benefit of VRM standards measured against performance and function  
of access seems like a solid place to start a Directory.  Measuring  
performance in similar categories to those mentioned above may provide  
a basis for a strong standard creating directory and provide a base  
for many revenue streams for VRM  research and service. (beyond  
auditing and advertising)

In this light I am up for working on the standards working group,  
measuring the standard of VRM.   The idea of a directory maybe  
providing food for thought.



Best Regards




On 27 Aug 2008, at 18:04, Eve Maler wrote:

> Data map: interesting!  Or what about "hub"?  I joked at the IIW in  
> May that it's sort of like a "virtual directory" (if you follow  
> Planet Identity, don't hit me :-).  You might use it to store:
>
> - Information you're authoritative for (like your home address)
>  . By value
>  . By reference to some service you keep in a different place  
> because it's more convenient
>
> - Information you're *not* authoritative for (like your credit score)
>  . By value (signed by them, provisioned to you by, say, a feed)
>  . By reference
>    . To a feed object
>    . To an endpoint reference to a service that will give an  
> authorized party the data (like the Liberty Personal Profile  
> Service, or a managed infocard provider, or whatever)
>    . To an endpoint reference to a discovery service (like the  
> Liberty Disco) that will give an authorized party an EPR to...
>    ...
>
> If information about you generally flows through this personal data  
> "hub", then you can indeed create a map, or analytics, or whatever  
> to figure out the proper (vs. illegal?) extent of your data in the  
> online world.
>
>         Eve
>
> On Aug 27, 2008, at 9:48 AM, Peter Davis wrote:
>
> > The one issue I have with the general notion of a 'Personal Data  
> > Store', is the implication that it is centralized.
> >
> > IMV, "my data" is, in fact, scattered all over the place.  Just for  
> > starters, most of my email addresses are controlled by third-party  
> > authorities (yahoo, gmail, aol, apple, etc...).  I would think this  
> > more of a 'Personal Data Map'... reminding me where the data  
> > authorities are, and how to go about performing operations on it  
> > (say, for example, make release policies for an attribute).
> >
> > In other cases, as Eve points out, I may want to recall where  
> > sharing has occurred (either explicitly via an HTML form control,  
> > or via other protocols to my personal data agent), and revoke or  
> > update the policies around it's treatment.
> >
> > =peterd
> >
> >
> > On Aug 27, 2008, at 12:36 PM, Iain Henderson wrote:
> >
> > > Yes, to be honest I think we'd benefit from sorting out the naming  
> > > and defining side of things, including deployment options. In fact  
> > > i'd probably go beyond that and suggest we'd all benefit from  
> > > describing what is/ could be in it, and what it would enable for  
> > > both individual and organisation. I also think the Dataportability  
> > > project would benefit from such a dialogue in that when data is  
> > > freed up through portability standards/ approaches, one of the  
> > > places it could go to would be to a personal data store.
> > >
> > > Does anyone on the list have the time/ energy to get involved in a  
> > > VRM standards working group with the going in title of 'Personal  
> > > Data Store Working Group' to tackle all of the above? If so, i'm  
> > > happy to take the lead on that to get it up and running and throw  
> > > in a stack of existing material to get us started.
> > >
> > > (Trent, could you check this out with the DP group to see if there  
> > > is interest in getting into this?).
> > >
> > > Cheers
> > >
> > > Iain
> > >
> > > On 27 Aug 2008, at 17:13, Eve Maler wrote:
> > >
> > > > What I've understood from the VRM usage of "personal datastore"  
> > > > is that it's metaphorical, and not necessarily static at all.  In  
> > > > fact, I don't think it will always literally store the data it  
> > > > manages.  As I discussed in my talk on Saturday (thanks to Sean  
> > > > for the kind words on that -- more info is at http://www.xmlgrrl.com/blog/publications/#gnomedex08) 
> > > > , oftentimes you want to get a view onto the sharing patterns of  
> > > > information that you don't have "write access" to, so what you're  
> > > > looking at is some sort of virtual instance of it (a pointer to  
> > > > it, or a pointer to a service that will hand it to you, or  
> > > > whatever -- there are several architectural options).  Keeping an  
> > > > eye on the flow of *all* info about you is a "personal data  
> > > > analytics" function, and I'd expect a PD to offer that.
> > > >
> > > > That said, if we're all agreed on what the "thing" generally is,  
> > > > but want to find a more evocative name, I'm game. :-)
> > > >
> > > >         Eve
> > > >
> > > > On Aug 27, 2008, at 5:24 AM, Iain Henderson wrote:
> > > >
> > > > > Hi Adriana, it may well be that 'personal data store' is  
> > > > > becoming a term that needs further definition (or ditched),  
> > > > > because I certainly don't regard them as passive or static. When  
> > > > > I use the term, I am referring to a capability that supports  
> > > > > sourcing, managing and using personal data (i.e. very broad in  
> > > > > scope with 'using' itself being a huge, multi-faceted set of  
> > > > > functions).
> > > > >
> > > > > Another term used by some historically was 'personal knowledge  
> > > > > bank', which I think implies more value/ more analysis and  
> > > > > interpretation - but again each reader will have their own  
> > > > > assumptions.
> > > > >
> > > > > Let's discuss at the VRM hub tomorrow?
> > > > >
> > > > > Cheers
> > > > >
> > > > > Iain
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On 27 Aug 2008, at 10:39, Adriana Lukas wrote:
> > > > >
> > > > > > The 'ownership' of data, whatever that means, is merely a  
> > > > > > starting
> > > > > > point. I might 'volunteer' information - to me that just means  
> > > > > > share
> > > > > > it on my own terms - but the point is the ability to establish  
> > > > > > and
> > > > > > maintain relationships. For that _I_ (others may not) need and  
> > > > > > want
> > > > > > the following 'functionality':
> > > > > >
> > > > > > 1. take charge of my data (content, relationships,  
> > > > > > transactions, knowledge),
> > > > > > 2. arrange (analyse, manipulate, combine, mash-up) it according  
> > > > > > to my
> > > > > > needs and preferences and
> > > > > > 3. share it on my own terms
> > > > > > 4. whilst connected and networked on the web.
> > > > > >
> > > > > > That's what I meant about turning the individual into a  
> > > > > > platform, etc etc.
> > > > > >
> > > > > > This does not happen by creating a database or a data store,  
> > > > > > however
> > > > > > personal. Store implies passive and static, even with some sort  
> > > > > > of
> > > > > > distribution. The objective is equipping individuals with  
> > > > > > analytical
> > > > > > and other tools to help them understand themselves better and  
> > > > > > give
> > > > > > them an online spring board to relationships with others (in VRM
> > > > > > context this includes vendors).
> > > > > >
> > > > > > Adriana
> > > > > >
> > > > > > 2008/8/27  
> > > > > > <
> > > > > >  >:
> > > > > > > I think there is a terminological / semantic issue here,  
> > > > > > > Frank. Not a
> > > > > > > substantive one.
> > > > > > >
> > > > > > > In the 'volunteered' information initiatives we are working  
> > > > > > > on, the assumed
> > > > > > > starting point - the sine qua non - is 'value participation'  
> > > > > > > for the
> > > > > > > individual.
> > > > > > >
> > > > > > > We chose the word 'volunteered' to underline this point: it's  
> > > > > > > entirely up to
> > > > > > > the individual whether or not they provide this information:  
> > > > > > > it is
> > > > > > > entirely voluntary. If organisations want to access this data  
> > > > > > > they will have
> > > > > > > to accept the individual's terms and conditions, including a  
> > > > > > > clear benefit
> > > > > > > to the individual.
> > > > > > >
> > > > > > > We've struggled long and hard to find a better word than  
> > > > > > > 'volunteered' but
> > > > > > > so far, every other word seems to create worse problems.
> > > > > > >
> > > > > > > Any ideas?
> > > > > > >
> > > > > > > Alan M
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > The network is always stronger than the node...
> > > > > > but a network starts with a node.
> > > > > >
> > > > > > http://www.mediainfluencer.net
> > > > > > http://www.bigblogcompany.net
> > > > > > http://www.samizdata.net/blog
> > > > > >
> > > > > > Background:
> > > > > > http://www.mediainfluencer.net/about/
> > > > > >
> > > > > > Skype: adriana872
> > > > > > UK mobile: +44 787 6757129
> > > > > > US mobile: +1 732 447 5115
> > > > >
> > > > > Iain Henderson
> > > > >
> > > > >  
> > > > >
> > > > > This email and any attachment contains information which is  
> > > > > private and confidential and is intended for the addressee only.  
> > > > > If you are not an addressee, you are not authorised to read,  
> > > > > copy or use the e-mail or any attachment. If you have received  
> > > > > this e-mail in error, please notify the sender by return e-mail  
> > > > > and then destroy it.
> > > >
> > > > Eve Maler                                         +1 425 947 4522
> > > > Principal Engineer                            eve.maler @ sun.com
> > > > Business Alliances group                    Sun Microsystems, Inc.
> > >
> > > Iain Henderson
> > >
> > >  
> > >
> > > This email and any attachment contains information which is  
> > > private and confidential and is intended for the addressee only.  
> > > If you are not an addressee, you are not authorised to read, copy  
> > > or use the e-mail or any attachment. If you have received this e- 
> > > mail in error, please notify the sender by return e-mail and then  
> > > destroy it.
>
> Eve Maler                                         +1 425 947 4522
> Principal Engineer                            eve.maler @ sun.com
> Business Alliances group                    Sun Microsystems, Inc.