+1 for UMA/VRM mappings and +10 for IIW connectionsOn Feb 1, 2015, at 1:41 PM, Doc Searls < " target="_blank"> > wrote:Good points, as always.I would like to see more cross-fertilization between UMA and other VRooMy work that’s going on. There was a lot of collaboration when Eve launched UMA a few years back, but it’s been a pretty separate undertaking since then, except for those, such as you bridging both conversations. :-)In any case, let’s make the connections at IIW.DocOn Feb 1, 2015, at 2:53 PM, Adrian Gropper < " target="_blank"> > wrote:AdrianStrictly speaking, VRM maps much better into UMA https://kantarainitiative.org/confluence/display/uma/Home than into Freedom Box or Databox. UMA presumes that vendor data will stay in-place and not be aggregated. UMA, like OAuth that it's based on, is fully compatible with anonymous or pseudonymous access to the vendor's interface. A person's UMA Authorization Server can be "built, run, or outsourced". and people can have multiple Authorization Servers if they feel the need for additional control.The trick to VRM is to get vendors to adopt a standardized and privacy-preserving interface. OAuth2 seems to be a good step in that direction. Once a standard interface is available, identity management and secure authentication issues have to be resolved. Once that layer is in place, it seems that an Authorization Server (AS) would be the next layer. Finally, some people will use their AS to manage one or more personal data stores.On Sun, Feb 1, 2015 at 2:17 PM, Doc Searls < " target="_blank"> > wrote:I don’t think it is.
The Freedom Box proceeds from the assumption that the individual should have full control over a box in their possession, and what happens to the data on it. It’s context is not the marketplace but the original peer-to-peer end-to-end Internet. So, while it can be used in the marketplace, it doesn’t start there.
The original links for Freedom Box are pretty stale (from 2011): http://freedomboxfoundation.org/ http://www.nytimes.com/2011/02/16/nyregion/16about.html?_r=0
But Markus has been active in a variety of ways:
<http://iiw.idcommons.net/ID_Things_You_Can_Do_With_A_%E2%80%9CFREEDOM_BOX%E2%80%9D><http://blog.gmane.org/gmane.linux.debian.freedombox.user/day=20141228>
One of those is from IIW. We should talk about it some more there.
As for Databox, this, from http://arxiv.org/abs/1501.04737 sounds similar...
> We propose there is a need for a technical platform enabling people to engage with the collection, management and consumption of personal data; and that this platform should itself be personal, under the direct control of the individual whose data it holds. In what follows, we refer to this platform as the Databox, a personal, networked service that collates personal data and can be used to make those data available. While your Databox is likely to be a virtual platform, in that it will involve multiple devices and services, at least one instance of it will exist in physical form such as on a physical form-factor computing device with associated storage and networking, such as a home hub.
But this from <http://www.technologyreview.com/view/534526/how-a-box-could-solve-the-personal-data-conundrum/> lays it in a commercial context:
> The basic idea behind the Databox is that it is a networked service that collates personal information from all of your devices and can also make that data available to organizations that the owner allows. This piece of software must have a number of important attributes.
>
> First, it must be trusted by the individual who uses it. That’s a big ask. The Databox will gather information about browsing habits, buying behavior, financial details such as bank statements, e-mail and social media contacts as well as calendar entries and so on. To allow all this all to be stored in a single online repository will require remarkable act of faith for most people. Ensuring the security of a Databox is therefore a crucial requirement.
>
> But the owner of the data is not the only one who needs to share this trust. Any company or organization that accesses the data must also have faith that it is reliable, something that will require third-party auditors who can verify that the system is operating is expected.
>
> As well as gathering personal information, the Databox must allow controlled access to it. So third parties must be able to selectively query any information that the user allows them access to. At the same time, the user must be able to control how this data is accessed and be able to change the settings when necessary.
>
> Finally, there must be incentives for all those involved to use the Databox. For example, ordinary people may be more likely to use the service if it contains a mechanism that allows third parties to pay for using the data.
>
> It may also provide an incentive for third parties by reducing their exposure to sensitive data, such as health records. For example, an organization may need access to health data but not want the cost and responsibility of storing it securely. “An analogy might be the way online stores use third-party payment services such as PayPal or Google Wallet to avoid the overhead of Payment Card Infrastructure compliance for processing credit card fees,” say Haddadi and co.
This is also consistent with the full .pdf of the Databox report: <http://arxiv.org/pdf/1501.04737v1.pdf>. The authors have also not designed the platform. They have just outlined the need for one and how it might work.
Like John Naughton's Guardian piece, the Databox writeup ignores work already happening in the world, including the Freedom Box, abundant work going on in the U.K., notably all the PIMS followed by Ctrl-Shift, plus other efforts such as Aral Balkan's <http://ind.ie> — and work happening around the world and listed (incompletely) here at ProjectVRM: <http://cyber.law.harvard.edu/projectvrm/VRM_Development_Work>. (Ind.ie and Databox are both there, among much else.)
Doc
> On Feb 1, 2015, at 10:52 AM, Chasen, Les < " target="_blank"> > wrote:
>
> Sounds like the freedom box that markus works on.
>
> From: StJ Deakins < " target="_blank"> >
> Date: Sunday, February 1, 2015 at 9:17 AM
> To: Reuben Binns < " target="_blank"> >, John Harrison < " target="_blank"> >
> Cc: " " target="_blank"> " < " target="_blank"> >
> Subject: Re: [projectvrm] John Naughton on VRM in The Guardian
>
>> Nice spot Reuben. Will go buy the paper :)
>>
>> John H, is DataBox linked to your initiative?
>> StJ
>>
>> On Sunday, February 1, 2015, Reuben Binns < " target="_blank"> > wrote:
>>> I was leafing through the Observer (the UK Guardian's sunday edition)
>>> and found this nice little piece from John Naughton which refers to Doc
>>> and VRM. It's on the front page of the paper's 'Discover' supplement on
>>> science and technology.
>>>
>>> http://www.theguardian.com/technology/2015/feb/01/control-personal-data-databox-end-user-agreement
>>>
>>>
>>>
--Adrian Gropper MD
Ensure Health Information Privacy. Support Patient Privacy Rights.
http://patientprivacyrights.org/donate-2/
Archive powered by MHonArc 2.6.19.