Standards Committee Face to Face 2008 October: Difference between revisions
Joe.andrieu (talk | contribs) (→Notes) |
|||
(12 intermediate revisions by 2 users not shown) | |||
Line 35: | Line 35: | ||
# location | # location | ||
# permissions | # permissions | ||
====One Night Stand==== | |||
A one-stop shopping experience with a VRM compliant online vendor. | |||
#Setup Personal Datastore with appropriate information | |||
#Shopping (window shopping, online or offline) | |||
#Selection (product(s) chosen, put in a shopping cart, minimal exposure: IP) | |||
#Checkout (Start to Purchase) | |||
##Specify One Night Stand Terms | |||
###Data Usage Policy | |||
###Data Retention/Destruction Policy | |||
###Data Security | |||
### (see Liberty Privacy Constraints draft spec) | |||
### (see XDI Global Services requirements for iBrokers http://gss.xdi.org) | |||
##Shipping Data | |||
##Billing Data | |||
##Negotiate/Accept Terms of Sale | |||
##[Sale is consummated] | |||
#Post-Sale Auditing/Compliance Messaging | |||
=====post-sale audit message===== | |||
Audit message affirmatively states compliance with terms of contract, with a link or affirmative statement of those statements | |||
includes all retention, propagation status, e.g., we kept your IP address, logged the transaction, and deleted data from all active customer databases. We gave your name and address to FedEx for delivery. | |||
Audit message need not be an interruptive/interactive user experience. Such audit messages are logged by the user's system, but need not generate emails, pop-ups or other UI. | |||
====Alternatively, four phases==== | |||
=====Negotiate Terms of Engagement===== | |||
Prior to the exchange of any personal data, the user and vendor negotiate a set of terms for doing business, including the use, retention, and deletion of data. This step may or may not replace the merchant's generic published privacy policy. [TBD] | |||
=====Negotiate Terms of Sale===== | |||
The parties agree to the specific terms for the transaction in process: pricing, product, credit, delivery, etc. This is the phase where actual private information is exchanged. The information is subject to standardized tags, standardized formats and protocols and may be accessed by copy or reference. | |||
=====Consummate Sale===== | |||
Given agreeable terms, the sale is formally consummated. This has little to do with privacy / VRM, even if the sale is canceled the vendor still has to adhere to the policies agreed to in the phase 1 negotiation. | |||
=====Post-transaction Audit Artifacts===== | |||
Upon deletion of any personal data--and as may be specified in the terms of engagement--appropriate, auditable artifacts are generated and logged to track compliance with the terms. This may include a digital receipt, confirmation of deletion, delivery receipt, etc. As part of the transaction, the consumer receives a private and anonymous access token to a site where they can view the audit trail. | |||
==r-button conversation== | |||
Rather than focus on something to go with on Friday, let's focus on the stuff here to make the most of our time together. |
Latest revision as of 16:08, 15 October 2008
Notes by Joe Andrieu October 15, 2008
Face to Face Meeting
October 15 Berkman Center
Attendees
- Doc Searls
- Joe Andrieu
- Adrian Gropper
- Keith Hopper
- Dean Landsman
- Eve Maler (via teleconference)
- Asa Hardcastle (initially via teleconference)
- Charles Andres
- Tom Caroll
Notes
Introduction of PAM, Personal Address Manager
Principles:
- Independence: Must be able to be served on the individuals own machine, as well as by a service.
Scope:
A service for automatically updating an individual's postal "address of record" with authorized address users.
Addresses are used for applications from personal, private transactions, e.g., pornography, to official business, such as your official address for voting.
The "address of record" is taken to be a self-asserted address, under the authority of the individual. It is not presumed to be authenticated or validated in any other way. Third party validation of claims is out of scope for now.
Relationship Service is comprised of
- data
- location
- permissions
One Night Stand
A one-stop shopping experience with a VRM compliant online vendor.
- Setup Personal Datastore with appropriate information
- Shopping (window shopping, online or offline)
- Selection (product(s) chosen, put in a shopping cart, minimal exposure: IP)
- Checkout (Start to Purchase)
- Specify One Night Stand Terms
- Data Usage Policy
- Data Retention/Destruction Policy
- Data Security
- (see Liberty Privacy Constraints draft spec)
- (see XDI Global Services requirements for iBrokers http://gss.xdi.org)
- Shipping Data
- Billing Data
- Negotiate/Accept Terms of Sale
- [Sale is consummated]
- Specify One Night Stand Terms
- Post-Sale Auditing/Compliance Messaging
post-sale audit message
Audit message affirmatively states compliance with terms of contract, with a link or affirmative statement of those statements includes all retention, propagation status, e.g., we kept your IP address, logged the transaction, and deleted data from all active customer databases. We gave your name and address to FedEx for delivery.
Audit message need not be an interruptive/interactive user experience. Such audit messages are logged by the user's system, but need not generate emails, pop-ups or other UI.
Alternatively, four phases
Negotiate Terms of Engagement
Prior to the exchange of any personal data, the user and vendor negotiate a set of terms for doing business, including the use, retention, and deletion of data. This step may or may not replace the merchant's generic published privacy policy. [TBD]
Negotiate Terms of Sale
The parties agree to the specific terms for the transaction in process: pricing, product, credit, delivery, etc. This is the phase where actual private information is exchanged. The information is subject to standardized tags, standardized formats and protocols and may be accessed by copy or reference.
Consummate Sale
Given agreeable terms, the sale is formally consummated. This has little to do with privacy / VRM, even if the sale is canceled the vendor still has to adhere to the policies agreed to in the phase 1 negotiation.
Post-transaction Audit Artifacts
Upon deletion of any personal data--and as may be specified in the terms of engagement--appropriate, auditable artifacts are generated and logged to track compliance with the terms. This may include a digital receipt, confirmation of deletion, delivery receipt, etc. As part of the transaction, the consumer receives a private and anonymous access token to a site where they can view the audit trail.
r-button conversation
Rather than focus on something to go with on Friday, let's focus on the stuff here to make the most of our time together.