Terrell Russell (ClaimID)
- Joe Steele - Adobe Systems
- John Panzer - Google
- John Bradley - Wingaa
- David Kearns - Virtual Quill
- Casper Biering - Netamia
- Iain Henderson - TCUUK
- Daniel Burkes - Infoteria
- Patrick Alff - BT
- Madhukar Thakur - Google
- Jim Pravety - Adobe
- Dean Landsman - LCF
- Ashish Jain - Ping Identity
- Bob Snodgrass - net2community
- Trey Tomeny - Self
- Alec Muffall
Action items/next steps:
We didn't identify specific action items, but there was a general agreement that the major blocking issues revolve around permission management, verification of data, and authorization.
Raw notes for this session:
Want a place under your control that tracks all of your bits - not under the control of third parties. Requires storage, protocols, and authorization/permission policies. Classic example is medical records, currently under control of hospitals/doctors.
Discussion about Facebook PR problems.
Paul A: Allowing and managing two different contexts. Don't want to hammer user with repeated permission requests.
T. : Trust networks and relationships, and market, will solve problem.
Ex: If blue cross talks about moving documentation, there's coercion involved. What are we taking for granted in relationship? Going to work it out with trusted health care provider. If there's a central system that managed medical records there
In any organization you put trust in to protect your bits, there has to be trust established.
3 different levels: Technical issues which are profound. Concerns with putting technology into practice, unintended results. Marketing/massaging of experience. A lot of searching going on from technical into practical.
Practical: Different tools to help end user make policy decisions. Medical information more secure than friend list on Facebook; market helping sort the trust/security decisions out.
Note: Swift handing over records.
Credit meltdown -- not knowing what was in assets.
Identity enterprise -- provisions your data, you really trust with your data, therefore only need to make a few decisions regarding your identity/data. Provides info for hospital. A party that stands between you and rest of the world; need to find that one party, can develop trusted institutions and a network of institutions that are competing with each other and they're only in identity business. - Trey
(Depends on data portability.)
Data about me vs. my data: I am the authoritative source of my data.
Phil: Asymmetric expectation about jointly generated data (albertson's purchases, FB Beacon example). We expect to be able to expose our own purchases unilaterally, but we don't want stores doing the same thing on their side.
You don't own your reputation. 'Reputation is a result, not an action. " Paul: My reputation is posted on EBay; I take it and put it on my page. Dave: I want to see reputations about you; want something to establish trust relationship.
Drifting somewhat far afield...
EBay reputation: Power seller; can't pull reputation via API. Can post a link to public profile page, and no way to prove claim that you own the page. Also there's IP issues with what EBay claims as their data.
Repository that's a bunch of formats; need things to go in and out; then authorization/permissions in the future. If I'm the authoritative source of where I've been, what I've done, but then how trustable is it? If there's a verifiable assertion by a third party then can trust to a certain extent.
(Phil: Needs legal recourse to correct incorrect data.)
Commercial stuff -- if the data is more valuable than that maintained by third party, then companies will buy it from you.
Trey: Interaction receipts: Each party to a transaction gets a receipt, and can compare them in the future given appropriate permissions. Eventually all data in this form.
VRM: End user being able to exercise a degree of control over who gets what is in a bit of upheaval. Envisioned a 'service' that would give individuals vehicle to define what can be exposed. (Trusted third party.) Coming from consumer research, distrust and fear is on the rise, reading about 'tracking'.
"Stalkers were on MySpace, now Facebook _is_ the stalker."
Phil: Issue of transparency. Fact that it's visible made it so that we could complain; not what FB is doing that you need to worry about, it's the companies that aren't telling that are the problem.
- Want to find out what people are saying about me. Need a broker. Where does broker make money? Could be paid service -- find out what is being said about me. Like an expansion of credit report but more robust and more helpful -- interesting from marketing standpoint. If there were a company that could do this I'd pay $14.95. Matching as dispute resolution process.
If we have a mechanism for tracking what people are saying about you, and knowing when there are problems, then you can use matching and discrepancy analysis (automatic) to issue corrections -- you can issue your own claims to counter what's being said about you, it all goes into the mix, and eventually incorrect data can be corrected and updates/new information can be provided to everyone.
"It's a good thing that a bad thing became public" -- on FB Beacon.
"How do identity enterprises make money? By selling access to their users -- not data, but access."