Standards Committee Face to Face 2008 October

From Project VRM
Jump to navigation Jump to search

Notes by Joe Andrieu October 15, 2008

Face to Face Meeting

October 15 Berkman Center

Attendees

  • Doc Searls
  • Joe Andrieu
  • Adrian Gropper
  • Keith Hopper
  • Dean Landsman
  • Eve Maler (via teleconference)
  • Asa Hardcastle (initially via teleconference)
  • Charles Andres
  • Tom Caroll

Notes

Introduction of PAM, Personal Address Manager

Principles:

  1. Independence: Must be able to be served on the individuals own machine, as well as by a service.

Scope:

A service for automatically updating an individual's postal "address of record" with authorized address users.

Addresses are used for applications from personal, private transactions, e.g., pornography, to official business, such as your official address for voting.

The "address of record" is taken to be a self-asserted address, under the authority of the individual. It is not presumed to be authenticated or validated in any other way. Third party validation of claims is out of scope for now.


Relationship Service is comprised of

  1. data
  2. location
  3. permissions

One Night Stand

A one-stop shopping experience with a VRM compliant online vendor.

  1. Setup Personal Datastore with appropriate information
  2. Shopping (window shopping, online or offline)
  3. Selection (product(s) chosen, put in a shopping cart, minimal exposure: IP)
  4. Checkout (Start to Purchase)
    1. Specify One Night Stand Terms
      1. Data Usage Policy
      2. Data Retention/Destruction Policy
      3. Data Security
      4. (see Liberty Privacy Constraints draft spec)
      5. (see XDI Global Services requirements for iBrokers http://gss.xdi.org)
    2. Shipping Data
    3. Billing Data
    4. Negotiate/Accept Terms of Sale
    5. [Sale is consummated]
  5. Post-Sale Auditing/Compliance Messaging
post-sale audit message

Audit message affirmatively states compliance with terms of contract, with a link or affirmative statement of those statements includes all retention, propagation status, e.g., we kept your IP address, logged the transaction, and deleted data from all active customer databases. We gave your name and address to FedEx for delivery.

Audit message need not be an interruptive/interactive user experience. Such audit messages are logged by the user's system, but need not generate emails, pop-ups or other UI.


Alternatively, four phases:

  1. Negotiate Terms of Engagement
  2. Negotiate Terms of Sale
  3. Consummate Sale
  4. Post-transaction Audit Artifacts