June 20 2007 Meeting notes

From Project VRM
Jump to navigation Jump to search

Conference Call Notes

Drafted by Joe Andrieu, June 20, 2007

IRC

  1. vrm at chat.freenode.net

Prior Calls

conference call archive

Attendees

  • Joe Andrieu
  • Dean Landsman
  • Mark Lazar
  • Brett McDowall
  • Drummond Reed
  • Keith Hopper

Notes

Standards & Practices

What is VRM? It is VRM if...

The issues that have been hot on the mailing list are the privacy dashboard and users as the point of integration. Standards and Practices combines these two.

One of the technical groups at Liberty came out of a workshop in April for user consent in e-government applications and they are working on a dashboard for e-gov applications.

Three dimensions:

  1. Technical normative standards which any implementor can implement.
  2. Interoperability standards so that you have some assurance
  3. Best practices: getting people together to learn together how to solve real world problems and drive market adoption further and faster.

The dashboard is a meme whose time has come. There was a privacy dashboard post. There was another one that was more general. This should become a standard feature; it would be consistent with models like Higgens. SUch that a personal Higgens service would be exposed via a dashboard. There are some technical details... how do the pieces talk to each other. Then there is a need for a standard interoperable implementation, much like apache helps drive/stabilize web standards. Finally, there still needs to be policy layer interoperability. That is, the controls on the dashboard need to map to the controls offered by the different vendors. If there isn't a match it doesn't work.

So, what we actually need is to standardize and get interoperability at the policy layer as well.

Higgens and Sxipper. Higgens is open source. Sxipper is a proprietary application. They both use the identity meta-system, but one is an open, multi-vendor solution the other is a product. Both are solutions for personal data services. Higgins is middle-ware that will accommodate different protocols. Sxipper may not have that same design goal.

Sxipper has great ease of use with great details about what one chooses to share. Four different identity types ready to share. OnePassword, which is locally-based single-sign on of sorts. It's an elegant password-centric tool.

Avant browser also offered this sort of thing. Firefox also.

Password management is the very tip of the iceberg for automating the user interaction.

If we look at form-fillers, etc. OnePassword is pretty good. It encrypts it, works across browsers. But with VRM, we have protocols that are identity-aware. So the problem with Sxipper is that is perpetuates the transfer of identity for transactions. Such that vendors track you as your attributes. But we don't really need to send those attributes--we need the resulting trust that they create.

I don't want to have to re-enter my information all the time. But that is feeding a lot of information and trust, and responsibility on that tool. Having interactions on the web should not require the user to reveal all this data.

Does the party need to collect the data about me?

What about deliver via a clearinghouse so that the vendor doesn't need to know the address.

The vendor doesn't actually care about password management. So we can release that. The same thing can be true of the attributes, such as shipping address. If they could hand-off that information management task to a third party, then the vendor is minimizing costs.

One challenge is this data is that this data is used for multiple purposes. It isn't just a matter of shipping. Companies often use the data for marketing analysis. So, the question is how can we allow these more abstract post-sale functionalities without busting the privacy bubble.

In a web services scenario where all of these pieces are being done on behalf of the user, you can have the releases automated at the point of service.

Someone mentioned a Vodafone demo that implemented an address functionality through UPS that allowed delivery without the initial vendor knowing the address.

In some ways, this sounds a lot like Google checkout. This does perform this intermediary service, where it shares only a limited set of information with the vendor.

Status

what who when status
---------- ---------- ---------- ----------
open id on wiki david no date
static website development doc, dean, joe, chris no date
group blog/RSS to wiki (venus) doc no date up, talk to doc if you want to author
project VRM definition doc 1 week still working on it
brainstorm Initiatives all ongoing

Action Items

what who when status

Next Meeting

Retrieved from "http://cyber.harvard.edu/projectvrm/?title=June_20_2007_Meeting_notes&oldid=2025"