Personal Data Stores: Difference between revisions
Hiphopalemi (talk | contribs) No edit summary |
m (Reverted edits by Hiphopalemi (Talk) to last version by Joe.andrieu) |
||
| Line 339: | Line 339: | ||
Data Breach and fear of data breach (Honey Pot) | Data Breach and fear of data breach (Honey Pot) | ||
Revision as of 12:20, 1 December 2009
Drummond Reedâs â Personal Data Store With Iain Henderson to address as well
On Board:
PDS:
What should be in it? (at a minimum) and (ideally) Whatâs it for?
What is its essential characteristics/components
Where does it reside?
Where does it fit in the overall OSI Model and the VRM architecture
Why is it important?
When is it deployed?
How is it managed â what policies apply?
Does it have to be standard? Cabn there be many types?
What are the points of failure?
Drummond â the concept of PDS has been central to VRM
This is to talk about why? And to look specifically at the PDS
One starting point is âWhy is it importantâ/
Another is âwhat is essential?â
When we wrap up, we ask â On what points are we not in agreement?
Iain describes myDex though Slide show
Observation â Enterprise CRM architecture have multiple attributes but only store data for a year. If well designed, âimportant dataâ will be stored in Analytical System and data warehouse. Which holds the atomic level of data and stores it for the duration of a decisionmaking cycle.
Analytical systems tracks who bought what, where and why?==> to anticipate what to do next
First order concern is quality â meaning completeness, accuracy and several other attributesâ¦
Evidence is that âCRM Needs to be fixedâ â spending 200 bps is not enough to fulfill requirements. Okay at collecting info on customer. Not so good on tracking customer/product/outlet info in a usable fashion
Definition of âPersonal Data Store â (admittedly not a helpful term) A generic term to âsource, store, enhance and selectively disclose my personal informationâ
Needs to run on the same principles as the CRM⦠Systems will do the doingâ¦.
The personal data warehouse is the missing element.
In CRM the identity layer is at the top end PDS resides on top. With the sources
Sees 3,500 attributes over 70 years (is what each individual has)
(Thematic) Individuals have less tools, more attributes to control, fewer resources to monitor and track.
Craig Burton â it is important and extensible as well. A: So you need to identify the important attributes versos
To determine whatâs important, just identify what info you might need to get your life started again.
Next slide depicts Interactions and transactions with all sorts of businesses and govât entities. With the Identity Layer at the core.
- No CRM database can handle persona so you go about creating multiple ones to transact and interactx in the world.
Important â This is a logical design, not a physical designâ¦
It has been posited that Interactions are whatâs being monitored and that Transactions are a type of interaction.
Joe Andreiu â says we can get to the Model T version that does okay
Next slide â Current state of Who has what dataâ¦
Was My Data, Your data, Everybodyâs Data, âTheir Dataâ
Everybodyâs data = public domain â all sorts of data thatâs avaialbe. âTheir Data (or parasitic tailings) â what Experian, Acxiom etc, collect about you
Your dat â include a vendors products /services, policies, prices⦠And guesses regarding view of a customers preferences, requirementsâ¦
Our Data â identifiers, clams,/Assertions and transactionsâ¦
MY DATA â is stuff known only to me⦠Circumstances, Assets, Liabilities, preferencesâ¦
There are also back channels which are interactions between the parasites, vendors, and the publicly available stores.
At Liberty Alliance they have been discussing âVolunteered Informationâ
Finally, Thereâs the Target State
In 10 years time 80 percent of customer management prcesses will startywith âMYDATAâ (me)
So the customer will be in more control and overt interactions will be between the vendor
Toxic will be bad for both vendors and customers â they destroy trust.
Drummond â 3 times Iâve heard that âThe customer is the point of integrationâ (which originated from Joe Andrieu)
âCustomer as Point of Integrationâ
Joe says âAnalysis and Insightâ revolved around the vendor data⦠It is the source of Googleâs competitive advantage â¦
Craig Burton â but Googleâs source of distrust was doing personal data storage for Google to tag and index
PDS has âroots in two placesâ
1) Doc Searls â personal experience with the medical treatment across several care givers and each introduced errors in their systems so that they could not reconcile or synchronize⦠The conclusion is that it would have been more efficient and less dangerous if Doc had been the single repository providing to access to the data on an as needed basis.
2) The other side is âStymergyâ which is the general term for how ants find the shortest path to food. It is also the answer to a distribution problem for multiple trucks between warehouses. They send out ants randomly, the one that comes back first, his trail is doubled.
Balance between exploration and exploitation. They mark their environment. Joe articulates that the data should be stored centrally and when multiple companies or individuals want access, they should not seek out things from one another. They should get it from the individualâs data store
Stuart- Why wouldnât you just ask Amazon.com or Google to do a better job of making your information accessible to other apps. So I can assemble it at my command from the multiple sources.
Joeâs answer â youâre asking about data portability. Iain says (itâs because youâd be operating under their terms and conditions)
Joe says it is because personal data store is not just âthe dataâ it is about setting up mechanisms for permissioning information in, out based behind your own front end (called identity)
And youâre going to have all sorts of front ends or âService Specificationsâ (Liberty calls them Service Interface Specification)
Status updates Addresses Music ratings Search Activities Personal RFPs Personal Healthcare records SMTP/POP
And itâs all under your control
Sop the question is whether the hub is about authentication (identity layer) And permissioning
- so there is a multi-billion battle raging over control of permissioning for status updates.
Iain â youâre still missing the link between doing data and planning data.
Doc sees the user as the point of integration and also origination.
Else â a problem solving thing which gets brought up.
That is the ossified way that existing systems work In medical system, fârinstance⦠there is a kiretsu of equipment providers, suppliers etc where it is hard to get data from individuals or companies. Incompatibility between media, age of PC, etc.
You are going to have this architecture work better in some cases rather than others.
Iain, where thereâs failure in ERP or CRM itâs because the system is trying to do too much and gets clogged up.
So you need to make the distinction between getting stuff done and when you have to do long-term planning.
Per Drummond â donât you end up answering the question by establishing the framework for these the service interfaces service provier (Facebook, Myspace, Plaxo)â¦. And those service providers would manage one or more of the service specification intervfaces.
Joe is saying that it is easier to solve and optimize the âshortest pathâ solution for specific tasks then to define the personal data store that does it all.
Iain is saying that it will have to do the analytics earlier and constantly.
Architecturally you sidestep it by providing a service thatâs operational and do it in a way that is consistent with doing the analytical and do it in a way thatâs consistent with identity based permissions.
So you donât have to do them all if you can solve one of them seamlessly.
Drummond will explain what XDI is all about as a protocol:
The idea of getting all sorts of schemas to talk to one another is a real probalem. HtML canât. XML cannot.
About trusted Data sharing. And itâs about permission
Craig says that XDI is not a protocol. It is a language structure
He wants to know âwhat does it resolve toâ if I write a command and it gets abstracted to something that then resolves to the data and its location. So if you want to share some of your data that resides elsewhere, like in multiple banksâ¦
The Data doesnât have to live at the hub⦠But control does
Craig â it resolves around a URL and then I can react to it based on a structured card
Card Rule Set Data set
Resolved to a URL and it gives permission to access to where that data can be found. And enable data set mashup.
E.g. iphone with a GPS Google Map moment. âTell me where the lone palms hotel is in relationship to meâ tell me where I am and where I go.
Itâs mashup that needs to include all that data.
CyberCrack!
Ad active rules to operate on your data store, and the mashup of all the services
I just want to get this group to define the architecture to put it into the hands of the developer community./
E.g. Amazon.comâs EC2 setting up all sort of things (like 30 years of census data)
Q: When you say ârule setsâ do you just mean permissions?
A: (using the MyDex example - ) as a proof of concept, no browser is required. Any program and any entity can subscribe to the other info an dlocation and all or part be âin the cloudâ
Switchbook has all the info distilled on the hard drive, there is a copy in the cloud for back up purposes. It doesnât have to be in the cloud. And thereâs code in the client to handle I/O
When you get to rules⦠You put functionality in the cloud that handles services and can find them in the cloud.
Customer write the rules.
Stuart⦠Example is embedding a twitpics or a URL in a twit⦠Iâm publishing something that can then be seen by anyone or everyone. Or how do I add a âsmart URLâ to a tweet so that I can publish to everyone, but the URL has a set of criteria behind it or around it that is controlled by the higher order infrastructure.
Can use a medium like Twitter to infect the world with XDI and XRI
If all or portions of your data are addressable, it can be made accessible to the rest of the world. If you make it abstract. If itâs inside the âIdentity Layerâ it can be under the control of the user. One of the key purposes of the next step, which is XDI⦠The same format says that I can store the âpermissionsâ (sometimes called ârulesâ) so that I can access the Link contract. So that the read/write instructions can attached to another set of rules to do something like letting the gas company
Go To Wiki.kynetics.com (it explains the rules that Phil Wendly has developed)
Joe says that Grease Monkey does it as well. But Craig Burton says that kinetics⦠is what we should be interested in.
Joe says HTML 5 is being deployed now in browsers.
Craig: I would strongly recommend that we do this in a way that is somewhere between Wiki-based and Selecter-based that is Strong foundation for VRM.
Joe, part of this is about deployment⦠âI hate JaSon because it is inherently insecureâ but they have ways to do secure parsing of Jason⦠But it was adopted because it provided trivially easy way to do it insecurely and native to JAVAscript.
We want to play friendly with them.
Question, gas company needs employment data about me. 1 to 1 federation on their own terms. VRM way. Passport agency acts as a node and permissions allows Gas company to get info from passport agency.
Data liquidity is what itâs all about.
Read it as âpermissionedâ or âunpermissionedâ and the reason that there is so much unpermissioned is because âthereâs no technology in useâ to support permissioned. Which is an argument for Portable Permissioning.
Joe-looking at Switchbook in this context is that your identity is stringly around what you give permission for.
Switchbook defines you by your âsearch mapâ itâs a file that is orthogonal to all your other identifiers. Itâs Switchbox has a âSearchMapâ document at its core. It is the context where your current browsing shows where youâve been and what youâve done and all that.
Idea is that we shouldnât get hung up on the protocol right now. Just define how entities interact and figure out the mesh points.
In the IDWSF model, how you talk to the gas company is permissions based. They may send you an email or something and you set it up with your IDWSF model.
Drummond: Now we talk about our questions.
1) Why is it important?
Initial â The thing that will put the individual back in control of personal information. Meaning the information that is important to the person.
Itâs the store that you personally have control of, it could be anything.
Will allow us to be more promiscuous with our data because we know it will be stored in a trusted way.
It is a context for control.
Because if you abuse it, I know your pheromone trail?
Benefit is that it will improve my quality life, based on my decisions.
Itâs important because it is valuable? It can be bartered>
It is economically transformational>
Jim â Like credit cards, this lowered the friction and reduces guesswork and waste from the vendor side. Which increases value.
Best case you provide the best possible outcome for both parties.
It is more efficiently economically. (the economy will operate more efficiently)
It enables what weâre calling the fourth party services (what VRM is promising).
Markâs point â Itâs a way to organize VRM.
What weâre talking about as the personal data store is to create a better marketplace by providing the way the individuals are regarded by buyers/sellers/governments.
It helps people organize their lives. It enhances efficiency and productivity.
Framework for new use conventions that we donât foresee right now (think of browsing⦠or logging onto the bank)
Itâs implementable
Now letâs look to points of failure:
Adriana would say that there are point-to-point identity free interactions that donât require this.
Aside â Kim Cameron says that âIdentityâ is not an identifier. It is just a set of claims that require context. You can have a claimless set of claims in a container.
It is about 4 different identifiers:
Authentication Presentation Reference ID (how to be reached email address) Internal ID
This is your identity online
Are there VRM-y things that donât have a personal data store as part of it⦠The answer is noâ¦
You need a place for your stuffâ¦
Q: Where does it have to reside⦠It could be anywhere as long as itâs accessible by the applications
Q: Isnât really a permission and control hub? Answer is ânoâ it is still about the data with rules established as to the permission and conditions under which
Weâve gone in circles around what is a relationship manager as opposed to a relation service.
Iain says, itâs all about how you operate around the data⦠Need to clarify how to source, store, enhance and selectively disclose data.
Drummond â the other place the Identity comes in is that the idea of the role of the user in terms of control is akin to the control they have over their bank account. But the bank has authority.
The relationship someone has with Equifax, for instance, is Massively Passively
Another parallel is like the spam filter, where we have passive benefit but virtually no control.
Jim Morris asked what this would be like if it were Communist China and there was an argument for centralized ⦠Drummond, from the point of view of market (as opposed to moral), this is the mechanism for giving user control.
This is about distributed planning.
Has anyone looked at giving control of the personal ID store to a centralized trusted entityâ¦
Bullets for tomorrow:
Privacy:
- IP addresses are they trackedâ¦
- Iâm worried about Google tracking activity
User Experience
- complex
- could create opportunity for errors
- Mashing on toes
Conformance and compliance (if I share data, how will I know if people abide) a Reputational authority (how do I know you are who you say you are)
Service dependability Business dependability
Portability? Inadequate choice of SPs
Data Breach and fear of data breach (Honey Pot)