Standards Committee Face to Face 2008 October
Notes by Joe Andrieu October 15, 2008
Face to Face Meeting
October 15 Berkman Center
Attendees
- Doc Searls
- Joe Andrieu
- Adrian Gropper
- Keith Hopper
- Dean Landsman
- Eve Maler (via teleconference)
- Asa Hardcastle (initially via teleconference)
- Charles Andres
- Tom Caroll
Notes
Introduction of PAM, Personal Address Manager
Principles:
- Independence: Must be able to be served on the individuals own machine, as well as by a service.
Scope:
A service for automatically updating an individual's postal "address of record" with authorized address users.
Addresses are used for applications from personal, private transactions, e.g., pornography, to official business, such as your official address for voting.
The "address of record" is taken to be a self-asserted address, under the authority of the individual. It is not presumed to be authenticated or validated in any other way. Third party validation of claims is out of scope for now.
Relationship Service is comprised of
- data
- location
- permissions
One Night Stand
A one-stop shopping experience with a VRM compliant online vendor.
- Setup Personal Datastore with appropriate information
- Shopping (window shopping, online or offline)
- Selection (product(s) chosen, put in a shopping cart, minimal exposure: IP)
- Checkout (Start to Purchase)
- Specify One Night Stand Terms
- Data Usage Policy
- Data Retention/Destruction Policy
- Data Security
- (see Liberty Privacy Constraints draft spec)
- (see XDI Global Services requirements for iBrokers http://gss.xdi.org)
- Shipping Data
- Billing Data
- Negotiate/Accept Terms of Sale
- [Sale is consummated]
- Specify One Night Stand Terms
- Post-Sale Auditing/Compliance Messaging
post-sale audit message
Audit message affirmatively states compliance with terms of contract, with a link or affirmative statement of those statements includes all retention, propagation status, e.g., we kept your IP address, logged the transaction, and deleted data from all active customer databases. We gave your name and address to FedEx for delivery.
Audit message need not be an interruptive/interactive user experience. Such audit messages are logged by the user's system, but need not generate emails, pop-ups or other UI.
Alternatively, four phases
Negotiate Terms of Engagement
Prior to the exchange of any personal data, the user and vendor negotiate a set of terms for doing business, including the use, retention, and deletion of data. This step may or may not replace the merchant's generic published privacy policy. [TBD]
Negotiate Terms of Sale
The parties agree to the specific terms for the transaction in process: pricing, product, credit, delivery, etc. This is the phase where actual private information is exchanged. The information is subject to standardized tags, standardized formats and protocols and may be accessed by copy or reference.
Consummate Sale
Given agreeable terms, the sale is formally consummated. This has little to do with privacy / VRM, even if the sale is canceled the vendor still has to adhere to the policies agreed to in the initial negotiation.
Post-transaction Audit Artifacts
Upon deletion of any personal data--and as may be specified in the terms of engagement--appropriate, auditable artifacts are generated and logged to track compliance with the terms. This may include a digital receipt, confirmation of deletion, delivery receipt, etc. As part of the transaction, the consumer receives a private and anonymous access token to a site where they can view the audit trail.
r-button conversation
Rather than focus on something to go with on Friday, let's focus on the stuff here to make the most of our time together.