RE: [projectvrm] Data Ownership, VRM & Standards - Suggesting a Directory

[Mike Kirkwood < >]

Mark,

Wanted to acknowledge the many good insights in your post, including the 
suggestion of Directory.   Was considering that a VRM enabled directory 
service may be a multi-faceted thing.  Depending on "who" asks a question, 
the answer may be different, or, there will likely be different views into 
the directory based on who is asking what about whom.  Perhaps a design 
feature.

To make it simple for all, in a best case scenario the directory services 
have a way to plug into existing systems, as appropriate.   For example, one 
output of a directory for a vendor maybe a dump of data into a local 
directory, or synchronizes with commercial directory services provided by 
OpenID, or other providers.    From your post, you hit on the issue of making 
it compelling for both parties, which seems critical in the design and 
selection of technology approach.

Came across this standard recently while re-acquainting with the broader 
standards bodies, and in particular, OASIS.
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ciq#overview

It's an attempt at creating a common mechanic for how people are represented 
in the organization (e.g. CRM systems), so that the base assertions (i'm a 
party to this company as a customer, with this address, and this name).

Was thinking that in the conversation around making it standard and easy for 
enterprises, this might be a good thing to consider, since already the 
"relationships" to me in the enterprise are distinct across organizations and 
regions, and perhaps (like we might strive in T&C), VRM might benefit from 
common language in how [the mine] is viewed and consumed inside the corporate 
wall, so we can retrieve it back and make sense of it.

--Mike
________________________________________
From: Mark Lizar 
[
 ]
Sent: Friday, August 29, 2008 4:13 AM
To: Eve Maler
Cc: ProjectVRM list
Subject: [projectvrm] Data Ownership, VRM & Standards - Suggesting a Directory

Hi Eve, Elias, Doc et al.

That was great stuff from Gnomdex, for VRM ,  I have been working on
the Identity Ownership and Identity Mapping issues for a long time and
am completely inspired by Eve.  Thank You,  I completely agree with
you about access and being able to see your own information use, this
I believe to be a foundational building block.

Responding to the whole thread I had some thoughts particularly
contrasting the business facing activities and legal rights based
activities being discussed in the  same space under VRM.

I completely agree with Iain when he says
>  fundamentally i'll know that I own it when I can/ could sell it and
> underpin that sale with a legal contract.



VRM aptly separates the contentious legal, rights based issues and
focus on the activity of power in the supplier and customer
relationship.

But, the issues surrounding the use of personal information involve
transactions which stretch between VRM and Legal Use of information
based on rights.  Both contexts together are used to create policy
(like privacy policies).

VRM is a way in which the VENDOR is addressed in supplier relations
and is an extremely good approach benefiting the whole spectrum
involved in personal information power and providing infrastructure
for benefits in a digital economy.

As an idea for Standards and  achieving compliance to those
standards,  I would like to suggest a group effort to separate the
standards effort into VRM  (technology/process for business) and a
legal rights based approach (for compliance and reporting business
performance) which motivates business. Creating a directory of rights
based access measurements as a foundation for a reputation and a
method of developing standards.

A carrot and stick approach to compliance.

In the past projects I have worked on developed into an access
framework called the Master Controller Data Access Framework (MCDAF).
This legal to rights based theory approach as oppose to a Vender to
Customer rights based approach was a way to evolved categories
surrounding data ownership issue.

Measuring  Access, Control, Consent, and Choice from legal benchmarks
to quantify the levels and dimensions of 'Ownership'  is a research
project I am currently working to be involved in.  Researching
ownership and with a directory, driving a campaign of access to
personal information.

The benefit of VRM standards measured against performance and function
of access seems like a solid place to start a Directory.  Measuring
performance in similar categories to those mentioned above may provide
a basis for a strong standard creating directory and provide a base
for many revenue streams for VRM  research and service. (beyond
auditing and advertising)

In this light I am up for working on the standards working group,
measuring the standard of VRM.   The idea of a directory maybe
providing food for thought.



Best Regards




On 27 Aug 2008, at 18:04, Eve Maler wrote:

> Data map: interesting!  Or what about "hub"?  I joked at the IIW in
> May that it's sort of like a "virtual directory" (if you follow
> Planet Identity, don't hit me :-).  You might use it to store:
>
> - Information you're authoritative for (like your home address)
>  . By value
>  . By reference to some service you keep in a different place
> because it's more convenient
>
> - Information you're *not* authoritative for (like your credit score)
>  . By value (signed by them, provisioned to you by, say, a feed)
>  . By reference
>    . To a feed object
>    . To an endpoint reference to a service that will give an
> authorized party the data (like the Liberty Personal Profile
> Service, or a managed infocard provider, or whatever)
>    . To an endpoint reference to a discovery service (like the
> Liberty Disco) that will give an authorized party an EPR to...
>    ...
>
> If information about you generally flows through this personal data
> "hub", then you can indeed create a map, or analytics, or whatever
> to figure out the proper (vs. illegal?) extent of your data in the
> online world.
>
>       Eve
>
> On Aug 27, 2008, at 9:48 AM, Peter Davis wrote:
>
>> The one issue I have with the general notion of a 'Personal Data
>> Store', is the implication that it is centralized.
>>
>> IMV, "my data" is, in fact, scattered all over the place.  Just for
>> starters, most of my email addresses are controlled by third-party
>> authorities (yahoo, gmail, aol, apple, etc...).  I would think this
>> more of a 'Personal Data Map'... reminding me where the data
>> authorities are, and how to go about performing operations on it
>> (say, for example, make release policies for an attribute).
>>
>> In other cases, as Eve points out, I may want to recall where
>> sharing has occurred (either explicitly via an HTML form control,
>> or via other protocols to my personal data agent), and revoke or
>> update the policies around it's treatment.
>>
>> =peterd
>>
>>
>> On Aug 27, 2008, at 12:36 PM, Iain Henderson wrote:
>>
>>> Yes, to be honest I think we'd benefit from sorting out the naming
>>> and defining side of things, including deployment options. In fact
>>> i'd probably go beyond that and suggest we'd all benefit from
>>> describing what is/ could be in it, and what it would enable for
>>> both individual and organisation. I also think the Dataportability
>>> project would benefit from such a dialogue in that when data is
>>> freed up through portability standards/ approaches, one of the
>>> places it could go to would be to a personal data store.
>>>
>>> Does anyone on the list have the time/ energy to get involved in a
>>> VRM standards working group with the going in title of 'Personal
>>> Data Store Working Group' to tackle all of the above? If so, i'm
>>> happy to take the lead on that to get it up and running and throw
>>> in a stack of existing material to get us started.
>>>
>>> (Trent, could you check this out with the DP group to see if there
>>> is interest in getting into this?).
>>>
>>> Cheers
>>>
>>> Iain
>>>
>>> On 27 Aug 2008, at 17:13, Eve Maler wrote:
>>>
>>>> What I've understood from the VRM usage of "personal datastore"
>>>> is that it's metaphorical, and not necessarily static at all.  In
>>>> fact, I don't think it will always literally store the data it
>>>> manages.  As I discussed in my talk on Saturday (thanks to Sean
>>>> for the kind words on that -- more info is at 
>>>> http://www.xmlgrrl.com/blog/publications/#gnomedex08)
>>>> , oftentimes you want to get a view onto the sharing patterns of
>>>> information that you don't have "write access" to, so what you're
>>>> looking at is some sort of virtual instance of it (a pointer to
>>>> it, or a pointer to a service that will hand it to you, or
>>>> whatever -- there are several architectural options).  Keeping an
>>>> eye on the flow of *all* info about you is a "personal data
>>>> analytics" function, and I'd expect a PD to offer that.
>>>>
>>>> That said, if we're all agreed on what the "thing" generally is,
>>>> but want to find a more evocative name, I'm game. :-)
>>>>
>>>>    Eve
>>>>
>>>> On Aug 27, 2008, at 5:24 AM, Iain Henderson wrote:
>>>>
>>>>> Hi Adriana, it may well be that 'personal data store' is
>>>>> becoming a term that needs further definition (or ditched),
>>>>> because I certainly don't regard them as passive or static. When
>>>>> I use the term, I am referring to a capability that supports
>>>>> sourcing, managing and using personal data (i.e. very broad in
>>>>> scope with 'using' itself being a huge, multi-faceted set of
>>>>> functions).
>>>>>
>>>>> Another term used by some historically was 'personal knowledge
>>>>> bank', which I think implies more value/ more analysis and
>>>>> interpretation - but again each reader will have their own
>>>>> assumptions.
>>>>>
>>>>> Let's discuss at the VRM hub tomorrow?
>>>>>
>>>>> Cheers
>>>>>
>>>>> Iain
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 27 Aug 2008, at 10:39, Adriana Lukas wrote:
>>>>>
>>>>>> The 'ownership' of data, whatever that means, is merely a
>>>>>> starting
>>>>>> point. I might 'volunteer' information - to me that just means
>>>>>> share
>>>>>> it on my own terms - but the point is the ability to establish
>>>>>> and
>>>>>> maintain relationships. For that _I_ (others may not) need and
>>>>>> want
>>>>>> the following 'functionality':
>>>>>>
>>>>>> 1. take charge of my data (content, relationships,
>>>>>> transactions, knowledge),
>>>>>> 2. arrange (analyse, manipulate, combine, mash-up) it according
>>>>>> to my
>>>>>> needs and preferences and
>>>>>> 3. share it on my own terms
>>>>>> 4. whilst connected and networked on the web.
>>>>>>
>>>>>> That's what I meant about turning the individual into a
>>>>>> platform, etc etc.
>>>>>>
>>>>>> This does not happen by creating a database or a data store,
>>>>>> however
>>>>>> personal. Store implies passive and static, even with some sort
>>>>>> of
>>>>>> distribution. The objective is equipping individuals with
>>>>>> analytical
>>>>>> and other tools to help them understand themselves better and
>>>>>> give
>>>>>> them an online spring board to relationships with others (in VRM
>>>>>> context this includes vendors).
>>>>>>
>>>>>> Adriana
>>>>>>
>>>>>> 2008/8/27  
>>>>>> <
 >:
>>>>>>> I think there is a terminological / semantic issue here,
>>>>>>> Frank. Not a
>>>>>>> substantive one.
>>>>>>>
>>>>>>> In the 'volunteered' information initiatives we are working
>>>>>>> on, the assumed
>>>>>>> starting point - the sine qua non - is 'value participation'
>>>>>>> for the
>>>>>>> individual.
>>>>>>>
>>>>>>> We chose the word 'volunteered' to underline this point: it's
>>>>>>> entirely up to
>>>>>>> the individual whether or not they provide this information:
>>>>>>> it is
>>>>>>> entirely voluntary. If organisations want to access this data
>>>>>>> they will have
>>>>>>> to accept the individual's terms and conditions, including a
>>>>>>> clear benefit
>>>>>>> to the individual.
>>>>>>>
>>>>>>> We've struggled long and hard to find a better word than
>>>>>>> 'volunteered' but
>>>>>>> so far, every other word seems to create worse problems.
>>>>>>>
>>>>>>> Any ideas?
>>>>>>>
>>>>>>> Alan M
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> The network is always stronger than the node...
>>>>>> but a network starts with a node.
>>>>>>
>>>>>> http://www.mediainfluencer.net
>>>>>> http://www.bigblogcompany.net
>>>>>> http://www.samizdata.net/blog
>>>>>>
>>>>>> Background:
>>>>>> http://www.mediainfluencer.net/about/
>>>>>>
>>>>>> Skype: adriana872
>>>>>> UK mobile: +44 787 6757129
>>>>>> US mobile: +1 732 447 5115
>>>>>
>>>>> Iain Henderson
>>>>> 
 
>>>>>
>>>>> This email and any attachment contains information which is
>>>>> private and confidential and is intended for the addressee only.
>>>>> If you are not an addressee, you are not authorised to read,
>>>>> copy or use the e-mail or any attachment. If you have received
>>>>> this e-mail in error, please notify the sender by return e-mail
>>>>> and then destroy it.
>>>>>
>>>>>
>>>>>
>>>>
>>>> Eve Maler                                         +1 425 947 4522
>>>> Principal Engineer                            eve.maler @ sun.com
>>>> Business Alliances group                    Sun Microsystems, Inc.
>>>>
>>>
>>> Iain Henderson
>>> 
 
>>>
>>> This email and any attachment contains information which is
>>> private and confidential and is intended for the addressee only.
>>> If you are not an addressee, you are not authorised to read, copy
>>> or use the e-mail or any attachment. If you have received this e-
>>> mail in error, please notify the sender by return e-mail and then
>>> destroy it.
>>>
>>>
>>>
>>
>
> Eve Maler                                         +1 425 947 4522
> Principal Engineer                            eve.maler @ sun.com
> Business Alliances group                    Sun Microsystems, Inc.
>