What a head-filling event! If you’re interested, you can see notes from many of the sessions on the IIW wiki. Some of the sessions are rather technical, which is consistent with the roots of this unconference.
A few of the things I learned: people continue to amaze me by these projects: personal data projects (check out Personal–no notes from their demo; and soon The Locker Project), reputation sites (I was busy vouching for people whose work I know with Connect.me), the many stories of evented APIs (think actions: when something happens, it can trigger something else to happen, as in the “Internet of Things”), and of course the evolution of the Personal Data Ecosystem and PDEC.
Coaching moment: There are two major forces pushing forward. One is represented by Facebook: collect and manipulate, sell and distribute all of the personal data that can be found. This is a pulling, pillaging process with the “users” as the product being sold. The other force is not yet represented, but you might think of it as an opposite: individual people have access to their own data when they need it, using starter organizing, permissioning, sharing and distribution tools. What if you could say “No Facebook, you can’t plunder my own and my friends’ data–and mean it? What if advertisers came to you when you wanted? The idea is to say “yes” and “no” to data sharing when it’s appropriate for you. It’s you who is important, not a product.
Information Sharing Work Group, a group of Kantara Initiative, is working to develop a standard information sharing agreement. Slides are in progress, will be linked to when available.
Joe offered a quick intro to Information Sharing Agreements. The point of Information Sharing Agreements is to improve services for both individuals and organizations through the right data and the right time. Services need data to operate. Personal data is the most relevant, timely and quality data. This is what individuals bring to the table.
Criteria. Preferences. Requirements. Queries and Intention
Relationships and memberships
Age, Address and billing information
History: transactions and interactions.
Together, all of this comprises the digital context that people bring to their online experience.
If organizations can access this context, they can provide a bunch of interesting services and improve existing services. Read more…
Brief introductions. Yubico offers Yubikeys that help with authentication: low cost and simple! Acts as a keyboard, enters user password and 32 character passcode. Easier than smart cards (insert into USB port, push a button).
Lots of users: 1M users + 16k customers in 95 countries. Use cases: Google for internal staff, PayPal, Fedora, lastpass. Yubico is self-service: hardware sales on web store, free and open source server components and virtual appliance for remote access (enterprise-class VPN.
Versions of Yubikey: regular: one-time password, OATH (works with OTP – one-time passcode, not same as oAuth) standard, Static password, and Challenge response key. Secure life cycle: “trust no one.” Secure your servers.
Key is robust: sealed, simple. Accidentally went through a washing machine for several weeks and worked fine.
Future vision: one key for all Internet: YubiCloud validation service, 3rd party single sign-on and SAML. High security, Easy to use, Low cost. Plans to work with mobile phones via nearfield communications (NFC).
Markus pointed out that the purpose of PDEC is to help coordinate and educate, facilitate dialog in the system. Most of our current work is on the legal and business level, and also needs to happen on technical level. PDEC is trying to catalyze the ecosystem. One of the important promises of the ecosystem is the interoperability; needs some technical work/agreement/understanding. We’re not about setting standards, we’re about discovery, conversation, documentation. Technical profiles of the different projects, what exposed schemas and APIs, how it’s exposed, what strategies are in use.
Proposal to collect a set of questions that will help inform the dialog:
Can your project work with someone else’s project?
Documentation steps:
Document technical profile — with temporal attribute (what tech now, what changes coming?)
Interoperability: do you have interoperability with another member of the ecosystem? or planning to do?
(TBD)
Proposal suggested that we put a set of questions up and propose member organizations post responses (RSS or other) to help “cat herding” of the information. Proposal suggested to organize info in three columns: name, tech keywords, brief description. Proposal to pre-define businesses (personal data store) then differentiate between those companies/projects. Some questions won’t apply equally to all companies in the startup circle.
Survey Examples (does this format work?):
Technology
Personal.com
Locker Project
Gluu/SAML
appliance
Data model/schema
own schema (gems)
x
x
Tech for sharing
RDF endpoints, oAuth?
x
XDI, LDAP, SAML for federation
Protecting privacy/controls
x
x
x
Client support
x
x
x
Need to do more thinking on how to collect/organize this information.
Good attendance, very diverse industry representation! Thanks Joseph from Broadridge for his chair in our crowded room, allowing me to take notes.
Kaliya showed a slide of PDEC landscape: Personal zone overlapping with Accountability “Trust” Frameworks which contained Personal Data Zone, also overlapping with the Market. At bottom of this landscape view: Governance through Legal, Code, Identifiers, and Peers–who act as framework creators.
Slide of PDEC Startup Circle. Joining is a peer-reviewed process, what open standards are they using, what’s their value space/where are they coming from. Leaders consider if group qualifies; trying to cultivate “an industry collaborative, engaging with technologists and business leaders from banking and finance, telecom, cable, web, advertising, media and other industries seeking to understand opportunities, launch pilot projects and ultimately offer service in the ecosystem.”
Discussion about who “manages” your data as your IDP, and what personal control individuals have over that data. Is this like a bank, where you go in to withdraw all your money and get the Bank’s response “that’s our money?” Or can you withdraw your funds and walk across the street to another institution and open a new account, because your money is portable? Why would a telco worry about risk? This is a most important concept for them. Similarly in banking: board-level view is that they’re not going to be the first ones to jump. Either all jump at once or they get killed. Risk in the US of having all your funds in one institution is higher than distributed accounts. Same thing with different kinds of data, e.g., health data vs spending.
Fair Information Practices (FTC standard used for enforcement): framework when they started back in the 1970s worked, but now systems are more complex, no notice and consent about which databases we’re now part of. About time for a FIPS refresh? Kaliya is working on a paper, what are core principles and guidelines that government could adopt? Where does the thinking need to be? We have more powerful devices in our pockets. Lots of privacy conversations are about do not track/store. OECD principles are not regulations, are technology neutral (data minimization, etc.) but they don’t make assumption about individual ownership & agency over own data.
Refreshing principles is a good exercise, but one thing missing from principles is concept of fairness. Control is about fairness, fair trade and equality. Striking assymetry today. Notice and consent is not working, people can’t do much about it.
Mary quickly reviewed Organizations stewarding user driven personal data and ID. Slide includes: ProjectVRM (an ethos and conversation), WEF, PDEC, Kantara Initiative, IDCommons, UMA, Information Sharing Working Group, Open Identity Exchange, The Data Portability Project, W3C, and microformats.
Shift in focus back to PDEC’s work: What’s personal data and what’s not? What’s self-asserted data?
Kaliya showed a map of personal data (link to come), then reviewed briefly what some of the companies do in the Startup Circle. Question about business models and how those companies plan to make money. (Some uncertainty here.) What are they hoping to do, how do they see working together? Respect, collaboratively working toward interoperability, for big players to adopt or use emerging standards. Faster adoption. Is this policy or protocol standards? PDEC is about conversation, discovery and education, document activities, and catalyzing an interactive collaborative market. Paint common pictures, evolve common language.
Note: If you’re interested in this space, check back for updated links to slides and graphics that were in progress during this session.
![[del.icio.us]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/delicious.png)
![[Facebook]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/facebook.png)
![[LinkedIn]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/linkedin.png)
![[Ma.gnolia]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/magnolia.png)
![[Technorati]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/technorati.png)
![[Twitter]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/twitter.png)
![[Email]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/email.png)