Standards Committee Face to Face 2008 October

From Project VRM
Jump to navigation Jump to search

Notes by Joe Andrieu October 15, 2008

Face to Face Meeting

October 15 Berkman Center


  • Doc Searls
  • Joe Andrieu
  • Adrian Gropper
  • Keith Hopper
  • Dean Landsman
  • Eve Maler (via teleconference)
  • Asa Hardcastle (initially via teleconference)
  • Charles Andres
  • Tom Caroll


Introduction of PAM, Personal Address Manager


  1. Independence: Must be able to be served on the individuals own machine, as well as by a service.


A service for automatically updating an individual's postal "address of record" with authorized address users.

Addresses are used for applications from personal, private transactions, e.g., pornography, to official business, such as your official address for voting.

The "address of record" is taken to be a self-asserted address, under the authority of the individual. It is not presumed to be authenticated or validated in any other way. Third party validation of claims is out of scope for now.

Relationship Service is comprised of

  1. data
  2. location
  3. permissions

One Night Stand

A one-stop shopping experience with a VRM compliant online vendor.

  1. Setup Personal Datastore with appropriate information
  2. Shopping (window shopping, online or offline)
  3. Selection (product(s) chosen, put in a shopping cart, minimal exposure: IP)
  4. Checkout (Start to Purchase)
    1. Specify One Night Stand Terms
      1. Data Usage Policy
      2. Data Retention/Destruction Policy
      3. Data Security
      4. (see Liberty Privacy Constraints draft spec)
      5. (see XDI Global Services requirements for iBrokers
    2. Shipping Data
    3. Billing Data
    4. Negotiate/Accept Terms of Sale
    5. [Sale is consummated]
  5. Post-Sale Auditing/Compliance Messaging
post-sale audit message

Audit message affirmatively states compliance with terms of contract, with a link or affirmative statement of those statements includes all retention, propagation status, e.g., we kept your IP address, logged the transaction, and deleted data from all active customer databases. We gave your name and address to FedEx for delivery.

Audit message need not be an interruptive/interactive user experience. Such audit messages are logged by the user's system, but need not generate emails, pop-ups or other UI.

Alternatively, four phases

Negotiate Terms of Engagement

Prior to the exchange of any personal data, the user and vendor negotiate a set of terms for doing business, including the use, retention, and deletion of data. This step may or may not replace the merchant's generic published privacy policy. [TBD]

Negotiate Terms of Sale

The parties agree to the specific terms for the transaction in process: pricing, product, credit, delivery, etc. This is the phase where actual private information is exchanged. The information is subject to standardized tags, standardized formats and protocols and may be accessed by copy or reference.

Consummate Sale

Given agreeable terms, the sale is formally consummated. This has little to do with privacy / VRM, even if the sale is canceled the vendor still has to adhere to the policies agreed to in the phase 1 negotiation.

Post-transaction Audit Artifacts

Upon deletion of any personal data--and as may be specified in the terms of engagement--appropriate, auditable artifacts are generated and logged to track compliance with the terms. This may include a digital receipt, confirmation of deletion, delivery receipt, etc. As part of the transaction, the consumer receives a private and anonymous access token to a site where they can view the audit trail.

r-button conversation

Rather than focus on something to go with on Friday, let's focus on the stuff here to make the most of our time together.