From iain.henderson at mydex.org Mon Nov 10 07:55:02 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Mon, 10 Nov 2008 15:55:02 +0000 Subject: [Sig-vpi] FW: [Framework] ISTPA: Project Presidio In-Reply-To: <06A7D9775CE449D2AA50CE9407A4FA87@CYVA03> References: <06A7D9775CE449D2AA50CE9407A4FA87@CYVA03> Message-ID: <8A7447AE-723F-4ADF-8712-740E53554F63@mydex.org> Thanks Kevin. You've been looking at this issue for a long time, and with ISTPA you covered a lot of ground; i'm interested in your view as to where best practice exists in explaining the complex issues around personal data sharing to the individual. Any thoughts? Perhaps we can discuss on the next call on Thursday? Iain On 30 Oct 2008, at 17:22, Kevin O'Neil wrote: > FYI > > http://www.projectpresidio.com/ > > Some heavyweights getting behind using trusted technologies > to aid in trusted information sharing. > > PI = John Mitchell at Stanford. > > > > Collaborative policies and assured information sharing > > Overview > Modern organizations have access to massive amounts of structured and > unstructured data from myriad sources, including information from > internal > activities, collected sensor data, data from active, potential, or > past > partners, and data from interacting with cooperative or unaffiliated > entities. The project aims to develop new methods for information > sharing > across and within security levels, with specific attention to > confidentiality, privacy, trust, data quality and provenance. One > focus is > on formal policy specification languages, rigorous semantics, and > supporting > tools that allow organizations to define and analyze their information > dissemination and release policies and priorities. The project aims to > develop theory and algorithms for the design of incentive-compatible > sharing > policies, including methods for value-maximizing policy design and > quantitative models for policy optimization and risk management. In > addition, the project will investigate policy enforcement using > cryptographic methods, trusted computing architectures, and related > approaches, including policy enforcement by encryption, policy- > enforcement > by cryptographic obfuscation, private information sharing using > Trusted > Computing (TCG), and sharing and data mining using efficient secure > multi-party computation. > > Team > Dan Boneh (Stanford University) > Anupam Datta (CMU) > Joe Hellerstein (UC Berkeley) > John C. Mitchell, PI (Stanford University) > Helen Nissenbaum (NYU) > Tim Roughgarden (Stanford University) > Andre Scedrov (University of Pennsylvania) > Hovav Shacham (UCSD) > Vitaly Shmatikov (UT Austin) > Dawn Song (Berkeley) > Brent Waters (SRI / UT Austin) > > Kevin O'Neil > > CYVA Research Corporation > > 3525 Del Mar Heights Rd., Ste. #327 > > San Diego, CA 92130 > > > > 858 793 8100 (direct) > > koneil at cyva.com > > www.cyva.com > > > > Confidentiality Notice > > The information contained in this communication is confidential and > may be > legally privileged. It is intended solely for the use of the > individual or > entity to whom it is addressed and others authorized to receive it. > If you > are not the intended recipient you are hereby notified that any > disclosure, > copying, distribution or taking any action in reliance of the > contents of > this information is strictly prohibited and may be unlawful. CYVA > Research > is neither liable for the proper and complete transmission of the > information contained in this communication nor for any delay in its > receipt. > > -----Original Message----- > From: Michael.Willett at seagate.com [mailto:Michael.Willett at seagate.com] > Sent: Monday, October 27, 2008 11:47 AM > To: framework at list.istpa.org > Subject: [Framework] ISTPA: Project Presidio > Importance: High > > > FYI: > > http://www.projectpresidio.com/ > > Some heavyweights getting behind using trusted technologies > to aid in trusted information sharing. > > PI = John Mitchell at Stanford. > > John Mitchell's kickoff presentation is a good read: > > http://www.projectpresidio.com/meetings/080912-umbc-kickoff > > Note the several charts on privacy. The presentation > and the focus of the group just BEGS for > a privacy management reference model, in support > of their secure distributed computing model for > information sharing. > > I will plan to contact Mitchell and introduce our work. > > Michael > > _______________________________________________ > Framework mailing list > Framework at list.istpa.org > http://list.istpa.org/mailman/listinfo/framework > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From iainhenderson at mac.com Mon Nov 10 07:53:36 2008 From: iainhenderson at mac.com (Iain Henderson) Date: Mon, 10 Nov 2008 15:53:36 +0000 Subject: [Sig-vpi] FW: [Framework] ISTPA: Project Presidio In-Reply-To: <06A7D9775CE449D2AA50CE9407A4FA87@CYVA03> References: <06A7D9775CE449D2AA50CE9407A4FA87@CYVA03> Message-ID: <008C4FAF-A059-4E76-8DB7-F577CB9B93E1@mac.com> Thanks Kevin. You've been looking at this issue for a long time, and with ISTPA you covered a lot of ground; i'm interested in your view as to where best practice exists in explaining the complex issues around personal data sharing to the individual. Any thoughts? Perhaps we can discuss on the next call on Thursday? Iain On 30 Oct 2008, at 17:22, Kevin O'Neil wrote: > FYI > > http://www.projectpresidio.com/ > > Some heavyweights getting behind using trusted technologies > to aid in trusted information sharing. > > PI = John Mitchell at Stanford. > > > > Collaborative policies and assured information sharing > > Overview > Modern organizations have access to massive amounts of structured and > unstructured data from myriad sources, including information from > internal > activities, collected sensor data, data from active, potential, or > past > partners, and data from interacting with cooperative or unaffiliated > entities. The project aims to develop new methods for information > sharing > across and within security levels, with specific attention to > confidentiality, privacy, trust, data quality and provenance. One > focus is > on formal policy specification languages, rigorous semantics, and > supporting > tools that allow organizations to define and analyze their information > dissemination and release policies and priorities. The project aims to > develop theory and algorithms for the design of incentive-compatible > sharing > policies, including methods for value-maximizing policy design and > quantitative models for policy optimization and risk management. In > addition, the project will investigate policy enforcement using > cryptographic methods, trusted computing architectures, and related > approaches, including policy enforcement by encryption, policy- > enforcement > by cryptographic obfuscation, private information sharing using > Trusted > Computing (TCG), and sharing and data mining using efficient secure > multi-party computation. > > Team > Dan Boneh (Stanford University) > Anupam Datta (CMU) > Joe Hellerstein (UC Berkeley) > John C. Mitchell, PI (Stanford University) > Helen Nissenbaum (NYU) > Tim Roughgarden (Stanford University) > Andre Scedrov (University of Pennsylvania) > Hovav Shacham (UCSD) > Vitaly Shmatikov (UT Austin) > Dawn Song (Berkeley) > Brent Waters (SRI / UT Austin) > > Kevin O'Neil > > CYVA Research Corporation > > 3525 Del Mar Heights Rd., Ste. #327 > > San Diego, CA 92130 > > > > 858 793 8100 (direct) > > koneil at cyva.com > > www.cyva.com > > > > Confidentiality Notice > > The information contained in this communication is confidential and > may be > legally privileged. It is intended solely for the use of the > individual or > entity to whom it is addressed and others authorized to receive it. > If you > are not the intended recipient you are hereby notified that any > disclosure, > copying, distribution or taking any action in reliance of the > contents of > this information is strictly prohibited and may be unlawful. CYVA > Research > is neither liable for the proper and complete transmission of the > information contained in this communication nor for any delay in its > receipt. > > -----Original Message----- > From: Michael.Willett at seagate.com [mailto:Michael.Willett at seagate.com] > Sent: Monday, October 27, 2008 11:47 AM > To: framework at list.istpa.org > Subject: [Framework] ISTPA: Project Presidio > Importance: High > > > FYI: > > http://www.projectpresidio.com/ > > Some heavyweights getting behind using trusted technologies > to aid in trusted information sharing. > > PI = John Mitchell at Stanford. > > John Mitchell's kickoff presentation is a good read: > > http://www.projectpresidio.com/meetings/080912-umbc-kickoff > > Note the several charts on privacy. The presentation > and the focus of the group just BEGS for > a privacy management reference model, in support > of their secure distributed computing model for > information sharing. > > I will plan to contact Mitchell and introduce our work. > > Michael > > _______________________________________________ > Framework mailing list > Framework at list.istpa.org > http://list.istpa.org/mailman/listinfo/framework > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iainhenderson at mac.com This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-vpi_lists.projectliberty.org/attachments/20081110/9395506b/attachment-0001.html From iainhenderson at mac.com Mon Nov 10 11:44:48 2008 From: iainhenderson at mac.com (Iain Henderson) Date: Mon, 10 Nov 2008 19:44:48 +0000 Subject: [Sig-vpi] Liberty IGF Privacy Constraints and CARML Profile of Privacy Constraints In-Reply-To: <947ea3330810301108h74c153b1o2481356638137267@mail.gmail.com> References: <947ea3330810301108h74c153b1o2481356638137267@mail.gmail.com> Message-ID: Thanks Joni. One thing i'm going to keep asking for in this group is whether we have more user-friendly descriptions of what these worthy specs mean for the individual. I suspect we don't have them as yet for these documents as they were written for a technical audience, i'm just flagging that we need such things for the VRM aspect of this work. Cheers Iain On 30 Oct 2008, at 18:08, Joni Brennan wrote: > Hi VPI SIG folks, > > As per our discussion on today's I am including links to 2 published > components of the Liberty IGF Framework. > > 1. Liberty IGF Privacy Constraints > http://www.projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf > > 2. CARML Profile of Liberty IGF Privacy Constraints > http://www.projectliberty.org/liberty/content/download/4327/28933/file/draft-liberty-igf-carml-profile-privcon-v1.0-02.pdf > > Please feel free to review these documents as supplemental to our > discussions. Also list members are encouraged to share these > references with friends, colleagues (etc) who may find them > interesting. > > Cheers, > > -- > Joni Brennan > IEEE-ISTO > Liberty Alliance Project > Operations Manager > voice:+1 732-226-4223 > email: joni @ projectliberty.org > email: joni @ ieee-isto.org > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iainhenderson at mac.com This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From Eve.Maler at Sun.COM Mon Nov 10 12:57:31 2008 From: Eve.Maler at Sun.COM (Eve Maler) Date: Mon, 10 Nov 2008 12:57:31 -0800 Subject: [Sig-vpi] Liberty IGF Privacy Constraints and CARML Profile of Privacy Constraints In-Reply-To: References: <947ea3330810301108h74c153b1o2481356638137267@mail.gmail.com> Message-ID: I still don't grok CARML itself very well, but these two documents are actually rather short and simple. Here's a summary of the Privacy Constraints spec, which folks here may find helpful enough to make them want to crack open the specs and take a quick look! A code example taken from the spec's intro, to give a feel for its specialty: 59 23 A summary of the privacy constraint "axes" you can set with this spec: - The issuer of the policy assertion - A "purpose" constraint: "the usage context in which data is sought or the context in which data is being provided" (default: purpose to be determined from context) - A "propagate" constraint: "constraints on the services or end-points to which the data may be propagated or forwarded" (default: may not be propagated) - A "retention" constraint: "whether the data value can be retained by the requestor, in memory or otherwise, and, optionally the time period for which it can be retained" (no default, but five options: no caching, cachable but not persisted, persistable, encrypted and persisted, non-loggable) - A "lifetime" constraint: "the time period for which data MAY be retained for active use by the requestor" (no default; they should probably add one) - A "data loss or breach" constraint: "the entities (e.g. business or government authority, the user, etc) to be informed if the data is lost or compromised" (no default, but two nonexclusive options: report to end-user, report to original source) - A "contract or legal" constraint: "contractual or legal context governing the sharing of identity attributes" (default: contract to be determined from context) - A "data mask" constraint: "components of string data which should be masked when data is displayed or logged" (no default) The CARML profile of Privacy Constraints adds a bit more container metadata to allow the constraints to be used somehow (??) in a CARML- enabled system. I'm quite interested in figuring out what the right handful of axes should be for an individual's expression of their privacy desires. I don't know if this spec is it, but it gives a useful starting point for argumentation. Eve On Nov 10, 2008, at 11:44 AM, Iain Henderson wrote: > Thanks Joni. > > One thing i'm going to keep asking for in this group is whether we > have more user-friendly descriptions of what these worthy specs mean > for the individual. I suspect we don't have them as yet for these > documents as they were written for a technical audience, i'm just > flagging that we need such things for the VRM aspect of this work. > > Cheers > > Iain > > On 30 Oct 2008, at 18:08, Joni Brennan wrote: > >> Hi VPI SIG folks, >> >> As per our discussion on today's I am including links to 2 published >> components of the Liberty IGF Framework. >> >> 1. Liberty IGF Privacy Constraints >> http://www.projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf >> >> 2. CARML Profile of Liberty IGF Privacy Constraints >> http://www.projectliberty.org/liberty/content/download/4327/28933/file/draft-liberty-igf-carml-profile-privcon-v1.0-02.pdf >> >> Please feel free to review these documents as supplemental to our >> discussions. Also list members are encouraged to share these >> references with friends, colleagues (etc) who may find them >> interesting. >> >> Cheers, >> >> -- >> Joni Brennan >> IEEE-ISTO >> Liberty Alliance Project >> Operations Manager >> voice:+1 732-226-4223 >> email: joni @ projectliberty.org >> email: joni @ ieee-isto.org >> >> > Iain Henderson > iainhenderson at mac.com > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > Eve Maler +1 425 947 4522 Principal Engineer eve.maler @ sun.com Business Alliances group Sun Microsystems, Inc. From iain.henderson at mydex.org Tue Nov 11 04:23:39 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Tue, 11 Nov 2008 12:23:39 +0000 Subject: [Sig-vpi] Agenda for the VPI SIG Call This Week (Thursday 9am West coast, mid-day East coast, 5pm London) Message-ID: <969611A0-A2FE-4C3B-9A35-20D0EEA74BDF@mydex.org> Hi Folks, we have our second VPI SIG call on Thursday; here's the dial in details and some thoughts on agenda. Teleconference: November 13, 2008 17.00-18.00 UK; 18.00-19.00 CET; Noon-1pm ET; 9:00am-10:00am PST Dial In: US toll-free number: 866-469-3239 US toll number: 650-429-3300 SIG Meeting Number or Access Code: 78701111# http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG AGENDA Looking ahead, there are a number of things that I think we'll need to work on/ crack for volunteered personal information to become a reality. Here are my thoughts on the components. I suggest we have a chat about each of these to test their validity, identify other work being done in each area that we might leverage, and determine if/ when we need to kick off some off-line work on the subject and who might lead on that. Topics: 1) What types of data we are talking about (e.g. search engine input, intentions to buy, complaints, attention), and building use cases that bring these to life. 2) The conditions under which VPI will be shared (e.g. the 12 data sharing dynamics I went through on the last call). 3) The data gathering, management and sharing mechanisms that comply to VPI standards (e.g Information Cards, Higgins), including how this information will be originated by the individual. 4) The individual terms and conditions that will emerge around different types of VPI, and how that terms and conditions mechanism will work (e.g. link contracts, machine readable privacy policies, icons based privacy policies). 5) The governance processes we will use to ensure compliance (e.g. Liberty IAF and IGF). 6) The business model/ business case for an individual sharing VPI and for an organisation agreeing to receive VPI. 7) Ways of understanding which organisations are able to engage on this basis. 8) Proofs of Concept/ Demonstrations of VPI capability (from both individual and organisational perspective). 9) What else have we missed that we'll need to cover/ do more research on. That should keep us busy/ we'll see how far we get through that list. Regards Iain Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-vpi_lists.projectliberty.org/attachments/20081111/41a9aab2/attachment.html From iain.henderson at mydex.org Tue Nov 11 14:35:09 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Tue, 11 Nov 2008 22:35:09 +0000 Subject: [Sig-vpi] Liberty IGF Privacy Constraints and CARML Profile of Privacy Constraints In-Reply-To: References: <947ea3330810301108h74c153b1o2481356638137267@mail.gmail.com> Message-ID: Thanks Eve, that interpretation is very useful. You'll see from the minutes of the first call that we already started to touch on the axes around an individual's privacy preferences from work i've done before. The variant we discussed was built with simple terminology in mind, but it looks like there are quite of few of the 12 areas that are touched on CARML/ Privacy constraints. We can discuss on the next meet, or when we next talk. Cheers Iain On 10 Nov 2008, at 20:57, Eve Maler wrote: > I still don't grok CARML itself very well, but these two documents are > actually rather short and simple. Here's a summary of the Privacy > Constraints spec, which folks here may find helpful enough to make > them want to crack open the specs and take a quick look! > > A code example taken from the spec's intro, to give a feel for its > specialty: > > > > Issuer="urn:liberty:names:1.0:igf:pri:entity:user" > ref="urn:mycorp:2007:marketing" /> > Issuer="urn:liberty:names:1.0:igf:pri:entity:user" > ref="urn:liberty:names:1.0:igf:pri:propagate:requestor" /> > Issuer="urn:liberty:names:1.0:igf:pri:entity:user" > ref="urn:liberty:names:1.0:igf:pri:retention:transient" > > 59 > 23 > > > > > > A summary of the privacy constraint "axes" you can set with this spec: > > - The issuer of the policy assertion > > - A "purpose" constraint: "the usage context in which data is sought > or the context in which data is being provided" > (default: purpose to be determined from context) > > - A "propagate" constraint: "constraints on the services or end-points > to which the data may be propagated or forwarded" > (default: may not be propagated) > > - A "retention" constraint: "whether the data value can be retained by > the requestor, in memory or otherwise, and, > optionally the time period for which it can be retained" > (no default, but five options: no caching, cachable but not > persisted, persistable, encrypted and persisted, non-loggable) > > - A "lifetime" constraint: "the time period for which data MAY be > retained for active use by the requestor" > (no default; they should probably add one) > > - A "data loss or breach" constraint: "the entities (e.g. business or > government authority, the user, etc) to be informed > if the data is lost or compromised" > (no default, but two nonexclusive options: report to end-user, > report to original source) > > - A "contract or legal" constraint: "contractual or legal context > governing the sharing of identity attributes" > (default: contract to be determined from context) > > - A "data mask" constraint: "components of string data which should be > masked when data is displayed or logged" > (no default) > > The CARML profile of Privacy Constraints adds a bit more container > metadata to allow the constraints to be used somehow (??) in a CARML- > enabled system. > > I'm quite interested in figuring out what the right handful of axes > should be for an individual's expression of their privacy desires. I > don't know if this spec is it, but it gives a useful starting point > for argumentation. > > Eve > > On Nov 10, 2008, at 11:44 AM, Iain Henderson wrote: > >> Thanks Joni. >> >> One thing i'm going to keep asking for in this group is whether we >> have more user-friendly descriptions of what these worthy specs mean >> for the individual. I suspect we don't have them as yet for these >> documents as they were written for a technical audience, i'm just >> flagging that we need such things for the VRM aspect of this work. >> >> Cheers >> >> Iain >> >> On 30 Oct 2008, at 18:08, Joni Brennan wrote: >> >>> Hi VPI SIG folks, >>> >>> As per our discussion on today's I am including links to 2 published >>> components of the Liberty IGF Framework. >>> >>> 1. Liberty IGF Privacy Constraints >>> http://www.projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf >>> >>> 2. CARML Profile of Liberty IGF Privacy Constraints >>> http://www.projectliberty.org/liberty/content/download/4327/28933/file/draft-liberty-igf-carml-profile-privcon-v1.0-02.pdf >>> >>> Please feel free to review these documents as supplemental to our >>> discussions. Also list members are encouraged to share these >>> references with friends, colleagues (etc) who may find them >>> interesting. >>> >>> Cheers, >>> >>> -- >>> Joni Brennan >>> IEEE-ISTO >>> Liberty Alliance Project >>> Operations Manager >>> voice:+1 732-226-4223 >>> email: joni @ projectliberty.org >>> email: joni @ ieee-isto.org >>> >>> >> Iain Henderson >> iainhenderson at mac.com >> >> This email and any attachment contains information which is private >> and confidential and is intended for the addressee only. If you are >> not an addressee, you are not authorised to read, copy or use the e- >> mail or any attachment. If you have received this e-mail in error, >> please notify the sender by return e-mail and then destroy it. >> > > Eve Maler +1 425 947 4522 > Principal Engineer eve.maler @ sun.com > Business Alliances group Sun Microsystems, Inc. > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From Eve.Maler at Sun.COM Wed Nov 12 10:48:37 2008 From: Eve.Maler at Sun.COM (Eve Maler) Date: Wed, 12 Nov 2008 10:48:37 -0800 Subject: [Sig-vpi] Liberty IGF Privacy Constraints and CARML Profile of Privacy Constraints In-Reply-To: References: <947ea3330810301108h74c153b1o2481356638137267@mail.gmail.com> Message-ID: Aha, somehow I was expecting to see minutes on email, but now I see they're on the wiki. Will review. Thanks! Eve On Nov 11, 2008, at 2:35 PM, Iain Henderson wrote: > Thanks Eve, that interpretation is very useful. > > You'll see from the minutes of the first call that we already > started to touch on the axes around an individual's privacy > preferences from work i've done before. The variant we discussed was > built with simple terminology in mind, but it looks like there are > quite of few of the 12 areas that are touched on CARML/ Privacy > constraints. > > We can discuss on the next meet, or when we next talk. > > Cheers > > Iain > > On 10 Nov 2008, at 20:57, Eve Maler wrote: > >> I still don't grok CARML itself very well, but these two documents >> are >> actually rather short and simple. Here's a summary of the Privacy >> Constraints spec, which folks here may find helpful enough to make >> them want to crack open the specs and take a quick look! >> >> A code example taken from the spec's intro, to give a feel for its >> specialty: >> >> >> >> > Issuer="urn:liberty:names:1.0:igf:pri:entity:user" >> ref="urn:mycorp:2007:marketing" /> >> > Issuer="urn:liberty:names:1.0:igf:pri:entity:user" >> ref="urn:liberty:names:1.0:igf:pri:propagate:requestor" /> >> > Issuer="urn:liberty:names:1.0:igf:pri:entity:user" >> ref="urn:liberty:names:1.0:igf:pri:retention:transient" >> >> 59 >> 23 >> >> >> >> >> >> A summary of the privacy constraint "axes" you can set with this >> spec: >> >> - The issuer of the policy assertion >> >> - A "purpose" constraint: "the usage context in which data is sought >> or the context in which data is being provided" >> (default: purpose to be determined from context) >> >> - A "propagate" constraint: "constraints on the services or end- >> points >> to which the data may be propagated or forwarded" >> (default: may not be propagated) >> >> - A "retention" constraint: "whether the data value can be retained >> by >> the requestor, in memory or otherwise, and, >> optionally the time period for which it can be retained" >> (no default, but five options: no caching, cachable but not >> persisted, persistable, encrypted and persisted, non-loggable) >> >> - A "lifetime" constraint: "the time period for which data MAY be >> retained for active use by the requestor" >> (no default; they should probably add one) >> >> - A "data loss or breach" constraint: "the entities (e.g. business or >> government authority, the user, etc) to be informed >> if the data is lost or compromised" >> (no default, but two nonexclusive options: report to end-user, >> report to original source) >> >> - A "contract or legal" constraint: "contractual or legal context >> governing the sharing of identity attributes" >> (default: contract to be determined from context) >> >> - A "data mask" constraint: "components of string data which should >> be >> masked when data is displayed or logged" >> (no default) >> >> The CARML profile of Privacy Constraints adds a bit more container >> metadata to allow the constraints to be used somehow (??) in a CARML- >> enabled system. >> >> I'm quite interested in figuring out what the right handful of axes >> should be for an individual's expression of their privacy desires. I >> don't know if this spec is it, but it gives a useful starting point >> for argumentation. >> >> Eve >> >> On Nov 10, 2008, at 11:44 AM, Iain Henderson wrote: >> >>> Thanks Joni. >>> >>> One thing i'm going to keep asking for in this group is whether we >>> have more user-friendly descriptions of what these worthy specs mean >>> for the individual. I suspect we don't have them as yet for these >>> documents as they were written for a technical audience, i'm just >>> flagging that we need such things for the VRM aspect of this work. >>> >>> Cheers >>> >>> Iain >>> >>> On 30 Oct 2008, at 18:08, Joni Brennan wrote: >>> >>>> Hi VPI SIG folks, >>>> >>>> As per our discussion on today's I am including links to 2 >>>> published >>>> components of the Liberty IGF Framework. >>>> >>>> 1. Liberty IGF Privacy Constraints >>>> http://www.projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf >>>> >>>> 2. CARML Profile of Liberty IGF Privacy Constraints >>>> http://www.projectliberty.org/liberty/content/download/4327/28933/file/draft-liberty-igf-carml-profile-privcon-v1.0-02.pdf >>>> >>>> Please feel free to review these documents as supplemental to our >>>> discussions. Also list members are encouraged to share these >>>> references with friends, colleagues (etc) who may find them >>>> interesting. >>>> >>>> Cheers, >>>> >>>> -- >>>> Joni Brennan >>>> IEEE-ISTO >>>> Liberty Alliance Project >>>> Operations Manager >>>> voice:+1 732-226-4223 >>>> email: joni @ projectliberty.org >>>> email: joni @ ieee-isto.org >>>> >>>> >>> Iain Henderson >>> iainhenderson at mac.com >>> >>> This email and any attachment contains information which is private >>> and confidential and is intended for the addressee only. If you are >>> not an addressee, you are not authorised to read, copy or use the e- >>> mail or any attachment. If you have received this e-mail in error, >>> please notify the sender by return e-mail and then destroy it. >>> >> Eve Maler +1 425 947 4522 Principal Engineer eve.maler @ sun.com Business Alliances group Sun Microsystems, Inc. From iain.henderson at mydex.org Wed Nov 12 10:53:18 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 12 Nov 2008 18:53:18 +0000 Subject: [Sig-vpi] Liberty IGF Privacy Constraints and CARML Profile of Privacy Constraints In-Reply-To: References: <947ea3330810301108h74c153b1o2481356638137267@mail.gmail.com> Message-ID: <6AD2A0EB-8D3B-4A24-9379-2947A299D250@mydex.org> yes, still sorting out our processes!!! Thanks Iain On 12 Nov 2008, at 18:48, Eve Maler wrote: > Aha, somehow I was expecting to see minutes on email, but now I see > they're on the wiki. Will review. Thanks! > > Eve > > On Nov 11, 2008, at 2:35 PM, Iain Henderson wrote: > >> Thanks Eve, that interpretation is very useful. >> >> You'll see from the minutes of the first call that we already >> started to touch on the axes around an individual's privacy >> preferences from work i've done before. The variant we discussed >> was built with simple terminology in mind, but it looks like there >> are quite of few of the 12 areas that are touched on CARML/ Privacy >> constraints. >> >> We can discuss on the next meet, or when we next talk. >> >> Cheers >> >> Iain >> >> On 10 Nov 2008, at 20:57, Eve Maler wrote: >> >>> I still don't grok CARML itself very well, but these two documents >>> are >>> actually rather short and simple. Here's a summary of the Privacy >>> Constraints spec, which folks here may find helpful enough to make >>> them want to crack open the specs and take a quick look! >>> >>> A code example taken from the spec's intro, to give a feel for its >>> specialty: >>> >>> >>> >>> >> Issuer="urn:liberty:names:1.0:igf:pri:entity:user" >>> ref="urn:mycorp:2007:marketing" /> >>> >> Issuer="urn:liberty:names:1.0:igf:pri:entity:user" >>> ref="urn:liberty:names:1.0:igf:pri:propagate:requestor" /> >>> >> Issuer="urn:liberty:names:1.0:igf:pri:entity:user" >>> ref="urn:liberty:names:1.0:igf:pri:retention:transient" >>> >>> 59 >>> 23 >>> >>> >>> >>> >>> >>> A summary of the privacy constraint "axes" you can set with this >>> spec: >>> >>> - The issuer of the policy assertion >>> >>> - A "purpose" constraint: "the usage context in which data is sought >>> or the context in which data is being provided" >>> (default: purpose to be determined from context) >>> >>> - A "propagate" constraint: "constraints on the services or end- >>> points >>> to which the data may be propagated or forwarded" >>> (default: may not be propagated) >>> >>> - A "retention" constraint: "whether the data value can be >>> retained by >>> the requestor, in memory or otherwise, and, >>> optionally the time period for which it can be retained" >>> (no default, but five options: no caching, cachable but not >>> persisted, persistable, encrypted and persisted, non-loggable) >>> >>> - A "lifetime" constraint: "the time period for which data MAY be >>> retained for active use by the requestor" >>> (no default; they should probably add one) >>> >>> - A "data loss or breach" constraint: "the entities (e.g. business >>> or >>> government authority, the user, etc) to be informed >>> if the data is lost or compromised" >>> (no default, but two nonexclusive options: report to end-user, >>> report to original source) >>> >>> - A "contract or legal" constraint: "contractual or legal context >>> governing the sharing of identity attributes" >>> (default: contract to be determined from context) >>> >>> - A "data mask" constraint: "components of string data which >>> should be >>> masked when data is displayed or logged" >>> (no default) >>> >>> The CARML profile of Privacy Constraints adds a bit more container >>> metadata to allow the constraints to be used somehow (??) in a >>> CARML- >>> enabled system. >>> >>> I'm quite interested in figuring out what the right handful of axes >>> should be for an individual's expression of their privacy >>> desires. I >>> don't know if this spec is it, but it gives a useful starting point >>> for argumentation. >>> >>> Eve >>> >>> On Nov 10, 2008, at 11:44 AM, Iain Henderson wrote: >>> >>>> Thanks Joni. >>>> >>>> One thing i'm going to keep asking for in this group is whether we >>>> have more user-friendly descriptions of what these worthy specs >>>> mean >>>> for the individual. I suspect we don't have them as yet for these >>>> documents as they were written for a technical audience, i'm just >>>> flagging that we need such things for the VRM aspect of this work. >>>> >>>> Cheers >>>> >>>> Iain >>>> >>>> On 30 Oct 2008, at 18:08, Joni Brennan wrote: >>>> >>>>> Hi VPI SIG folks, >>>>> >>>>> As per our discussion on today's I am including links to 2 >>>>> published >>>>> components of the Liberty IGF Framework. >>>>> >>>>> 1. Liberty IGF Privacy Constraints >>>>> http://www.projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf >>>>> >>>>> 2. CARML Profile of Liberty IGF Privacy Constraints >>>>> http://www.projectliberty.org/liberty/content/download/4327/28933/file/draft-liberty-igf-carml-profile-privcon-v1.0-02.pdf >>>>> >>>>> Please feel free to review these documents as supplemental to our >>>>> discussions. Also list members are encouraged to share these >>>>> references with friends, colleagues (etc) who may find them >>>>> interesting. >>>>> >>>>> Cheers, >>>>> >>>>> -- >>>>> Joni Brennan >>>>> IEEE-ISTO >>>>> Liberty Alliance Project >>>>> Operations Manager >>>>> voice:+1 732-226-4223 >>>>> email: joni @ projectliberty.org >>>>> email: joni @ ieee-isto.org >>>>> >>>>> >>>> Iain Henderson >>>> iainhenderson at mac.com >>>> >>>> This email and any attachment contains information which is private >>>> and confidential and is intended for the addressee only. If you are >>>> not an addressee, you are not authorised to read, copy or use the >>>> e- >>>> mail or any attachment. If you have received this e-mail in error, >>>> please notify the sender by return e-mail and then destroy it. >>>> >>> > > Eve Maler +1 425 947 4522 > Principal Engineer eve.maler @ sun.com > Business Alliances group Sun Microsystems, Inc. > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From iainhenderson at mac.com Thu Nov 13 09:19:06 2008 From: iainhenderson at mac.com (Iain Henderson) Date: Thu, 13 Nov 2008 17:19:06 +0000 Subject: [Sig-vpi] VPI Data Types for OUr Discussion Message-ID: Factual updates (I?ve changed address/email address) Change of Circumstance (we?re getting married, I?ve now got 3 points on my licence) My Location Factual queries (I don?t understand my bill, where?s my order) Online searches (data input: this is what I am interested in right now) Orders (I would like to buy this, please) Specifications (please give me these features, functions etc) Complaints Suggestions (why don?t you do X?) User generated content (personal, creative expression) Views, reviews and opinions (I tried it and in my experience Shared experiences (I had a similar problem, I know how you feel) Peer advice (I had a similar problem, what I learned was) If only.. (what I would really like is X, but nobody is offering it) Future plans and intentions (I plan to buy a car in the next three months) Expressions of interest (I am interested in golf but not scuba diving) Preferences (I don?t like green but I do like blue) Questions (I don?t understand! But what about? Can you help with..) But what if.. (what will happen if I do X or if I do Y) Permissions (I am happy for A but not B to access my data, for these purposes) Iain Henderson iainhenderson at mac.com This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From jtrentadams at gmail.com Tue Nov 18 06:41:06 2008 From: jtrentadams at gmail.com (J. Trent Adams) Date: Tue, 18 Nov 2008 09:41:06 -0500 Subject: [Sig-vpi] Meeting Follow-Up Message-ID: <4922D402.8020303@gmail.com> VPI Crew - I'm trying to hunt down minutes from the last call. Will they be added to the wiki? http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG#Meeting_Minutes Specifically, I believe we agreed to work up some use cases and I'm trying to remember which ones were first on the list. Also, anyone suggest a specific format we should follow? Thanks, Trent -- J. Trent Adams =jtrentadams Profile: http://www.mediaslate.org/jtrentadams/ LinkedIN: http://www.linkedin.com/in/jtrentadams Twitter: http://twitter.com/jtrentadams From iain.henderson at mydex.org Tue Nov 18 08:15:45 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Tue, 18 Nov 2008 16:15:45 +0000 Subject: [Sig-vpi] Meeting Follow-Up In-Reply-To: <4922D402.8020303@gmail.com> References: <4922D402.8020303@gmail.com> Message-ID: <97772D5F-0A0A-42C5-8E11-FE8D21727BB3@mydex.org> Hi Trent, I'm working on getting the minutes out more quickly but we are not there yet - i'll chase them along today; yes they will be posted to the wiki. In advance of that, we agreed to focus on 'purchase intention' data. I'll have a go at specifying that in a bit more detail in the minutes. In terms of formats, Kurt was going to dig out some of the Liberty formats and circulate, others were going to flag any preferred formats they had access to. I was going to circulate a 'storyboard' format, which I think will complement the use cases. Cheers Iain On 18 Nov 2008, at 14:41, J. Trent Adams wrote: > VPI Crew - > > I'm trying to hunt down minutes from the last call. Will they be > added to the wiki? > > http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG#Meeting_Minutes > > Specifically, I believe we agreed to work up some use cases and I'm > trying to remember which ones were first on the list. > > Also, anyone suggest a specific format we should follow? > > Thanks, > Trent > > -- > J. Trent Adams > =jtrentadams > > Profile: http://www.mediaslate.org/jtrentadams/ > LinkedIN: http://www.linkedin.com/in/jtrentadams > Twitter: http://twitter.com/jtrentadams > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From iain.henderson at mydex.org Wed Nov 19 00:12:00 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 19 Nov 2008 08:12:00 +0000 Subject: [Sig-vpi] Suggested Next Steps Message-ID: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> Folks, The minutes from the last call have not emerged yet, but in the meantime i'm keen to get moving. I've set out what I think the next steps might be on the attached file, they should speak for themselves - for those not on the last call we decided to focus on 'purchase intention' as the early focus, not least because it has the most obvious high impact. The next call was due to be on Thursday 27th but I guess our USA colleagues will be otherwise engaged that day - what's the view, should we move to the Wednesday or leave to the following week? Meantime, if any of you have comments/ suggestions on the proposed direction, or want to lead on any particular area then by all means ping me on e-mail and we can arrange to talk - or just e-mail the group. Cheers Iain -------------- next part -------------- A non-text attachment was scrubbed... Name: VPI SIG Work Plan.pdf Type: application/pdf Size: 77669 bytes Desc: not available URL: -------------- next part -------------- Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From brett at projectliberty.org Wed Nov 19 10:07:17 2008 From: brett at projectliberty.org (Brett McDowell) Date: Wed, 19 Nov 2008 13:07:17 -0500 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> Message-ID: <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> FWIW, I suggest skipping next week because of the holiday in the US. As for feedback on the proposed work area, see comments inline below: > 1. Data Definitions - What types of data we are talking about (e.g. > search engine input, > purchase intentions, complaints, attention), and building use cases > that bring these to life. Do we need to define a schema for this? What's the use-case that would require a common schema? I'd guess that use-case development would need to come before data definitions. > 2. Terms and Conditions for Sharing VPI - The terms and conditions > under which VPI will > be shared (building on privacy law plus VRM logic) I think this fits well with another Liberty activity going on in TEG right now, the Privacy Constraints work that's within the context of the Identity Governance Framework. The public draft of this work is online here: http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs > 3. VPI Data Sharing Technologies/ Standards - The data gathering, > management and > sharing technologies that might comply to VPI standards (e.g > Information Cards, Higgins), > including how this information will be originated by the individual. There is a long list of open standards that handle attribute exchange which would probably be capable of fulfilling these use cases. Maybe the VPI SIG could start to wrote a paper, like an implementation guideline or deployment guideline, for who these VRM use cases would be fulfilled by each technology. For example, we could have a paper on how to do this using ID-WSF, one on using OpenID AX, one using Oauth, one using XDI, one using Information Cards, etc. I assume these would be authored by experts of each technology and therefore could be done in parallel... but only after the SIG has collectively defined the use cases. > 4. VPI Data Sharing Processes and Policies - The processes and > policies that will emerge > around different types of VPI, and how those mechanisms will work > (e.g. link contracts, > machine readable creative commons type policies, contract law). I think this is or could be the same as item #2. I suggest looking at IGF for this as well. Again, we'll only know for sure after we define the use cases and test those against what IGF can achieve. > 5. Compliance - The governance processes we will use to ensure > compliance (e.g. audit > mechanisms, Liberty IAF and IGF). I'll recommend to IAEG members that they provide someone to join the VPI SIG to keep the two efforts coordinated and to share ideas, best practices, etc. I see a lot of synergy between the IAEG accreditation program and the VPI compliance program (in my mind's eye anyway). > 6. Business Case/ Why VPI Should Be Enabled - The business model/ > business case for > an individual sharing VPI and for an organisation agreeing to > receive VPI. This is a great activity and the sooner the better. I imagine we might want to start here and build our use cases off of these business cases/deployment scenarios. We generally do this in three phases of detail: scenario (high-level slideware), use case (diagrams of actors and flows), requirements (pre-engineering level of detail). > 7. Advocacy - Proofs of Concept/ Demonstrations of VPI capability > (from both individual and > organisational perspective). Finding which organisations are able to > engage on this basis. We can work with our Marketing Oversight Committee to build plans for doing this work in 2009. We'd need a pretty clear idea of what activities we want to achieve (events, conferences, online resources, webcasts, etc.) and an idea of what these activities might cost (Britta and I can help in that regard). But we'd need to work quickly to get this into our 2009 marketing plan. If we simply don't know yet, that's okay too but it means we will have to request "extra" marketing support at some point mid-year which may or may not be possible at that point. Just something to consider. Great work getting this going Iain. Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: > Folks, > > The minutes from the last call have not emerged yet, but in the > meantime i'm keen to get moving. > > I've set out what I think the next steps might be on the attached > file, they should speak for themselves - for those not on the last > call we decided to focus on 'purchase intention' as the early focus, > not least because it has the most obvious high impact. > > The next call was due to be on Thursday 27th but I guess our USA > colleagues will be otherwise engaged that day - what's the view, > should we move to the Wednesday or leave to the following week? > > Meantime, if any of you have comments/ suggestions on the proposed > direction, or want to lead on any particular area then by all means > ping me on e-mail and we can arrange to talk - or just e-mail the > group. > > Cheers > > Iain > > > > > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From jtrentadams at gmail.com Wed Nov 19 10:36:42 2008 From: jtrentadams at gmail.com (J. Trent Adams) Date: Wed, 19 Nov 2008 13:36:42 -0500 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> Message-ID: <49245CBA.5060505@gmail.com> I agree with Brett on two fronts: A) Skipping next week's call makes sense. I don't see enough work being done before then to warrant moving the call up to Wednesday. B) We would do well to focus on the Business Cases (ie. scenarios, use cases, and requirements) first. Working toward the scenarios, is there a template folks on this distribution are familiar with? I've seen a lot of different formats, so if there's one that people like, we might as well start there and fill in the blanks. - Trent Brett McDowell wrote: > FWIW, I suggest skipping next week because of the holiday in the US. > > As for feedback on the proposed work area, see comments inline below: > >> *1.* *Data Definitions* - What types of data we are talking about >> (e.g. search engine input, >> purchase intentions, complaints, attention), and building use cases >> that bring these to life. > > Do we need to define a schema for this? What's the use-case that > would require a common schema? I'd guess that use-case development > would need to come before data definitions. > >> *2.* *Terms and Conditions for Sharing VPI* - The terms and >> conditions under which VPI will >> be shared (building on privacy law plus VRM logic) > > I think this fits well with another Liberty activity going on in TEG > right now, the Privacy Constraints work that's within the context of > the Identity Governance Framework. The public draft of this work is > online here: > > http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs > >> *3.* *VPI Data Sharing Technologies/ Standards* - The data gathering, >> management and >> sharing technologies that might comply to VPI standards (e.g >> Information Cards, Higgins), >> including how this information will be originated by the individual. > > There is a long list of open standards that handle attribute exchange > which would probably be capable of fulfilling these use cases. Maybe > the VPI SIG could start to wrote a paper, like an implementation > guideline or deployment guideline, for who these VRM use cases would > be fulfilled by each technology. For example, we could have a paper > on how to do this using ID-WSF, one on using OpenID AX, one using > Oauth, one using XDI, one using Information Cards, etc. I assume > these would be authored by experts of each technology and therefore > could be done in parallel... but only after the SIG has collectively > defined the use cases. > >> *4.* *VPI Data Sharing Processes and Policies - *The processes and >> policies that will emerge >> around different types of VPI, and how those mechanisms will work >> (e.g. link contracts, >> machine readable creative commons type policies, contract law). > > I think this is or could be the same as item #2. I suggest looking at > IGF for this as well. Again, we'll only know for sure after we define > the use cases and test those against what IGF can achieve. > >> *5.* *Compliance* - The governance processes we will use to ensure >> compliance (e.g. audit >> mechanisms, Liberty IAF and IGF). > > I'll recommend to IAEG members that they provide someone to join the > VPI SIG to keep the two efforts coordinated and to share ideas, best > practices, etc. I see a lot of synergy between the IAEG accreditation > program and the VPI compliance program (in my mind's eye anyway). > >> *6.* *Business Case/ Why VPI Should Be Enabled* - The business model/ >> business case for >> an individual sharing VPI and for an organisation agreeing to receive >> VPI. > > This is a great activity and the sooner the better. I imagine we > might want to start here and build our use cases off of these business > cases/deployment scenarios. We generally do this in three phases of > detail: scenario (high-level slideware), use case (diagrams of actors > and flows), requirements (pre-engineering level of detail). > >> *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI capability >> (from both individual and >> organisational perspective). Finding which organisations are able to >> engage on this basis. > > We can work with our Marketing Oversight Committee to build plans for > doing this work in 2009. We'd need a pretty clear idea of what > activities we want to achieve (events, conferences, online resources, > webcasts, etc.) and an idea of what these activities might cost > (Britta and I can help in that regard). But we'd need to work quickly > to get this into our 2009 marketing plan. If we simply don't know > yet, that's okay too but it means we will have to request "extra" > marketing support at some point mid-year which may or may not be > possible at that point. Just something to consider. > > Great work getting this going Iain. > > > Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 > > > > > > > On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: > >> Folks, >> >> The minutes from the last call have not emerged yet, but in the >> meantime i'm keen to get moving. >> >> I've set out what I think the next steps might be on the attached >> file, they should speak for themselves - for those not on the last >> call we decided to focus on 'purchase intention' as the early focus, >> not least because it has the most obvious high impact. >> >> The next call was due to be on Thursday 27th but I guess our USA >> colleagues will be otherwise engaged that day - what's the view, >> should we move to the Wednesday or leave to the following week? >> >> Meantime, if any of you have comments/ suggestions on the proposed >> direction, or want to lead on any particular area then by all means >> ping me on e-mail and we can arrange to talk - or just e-mail the group. >> >> Cheers >> >> Iain >> >> >> >> >> >> Iain Henderson >> iain.henderson at mydex.org >> >> This email and any attachment contains information which is private >> and confidential and is intended for the addressee only. If you are >> not an addressee, you are not authorised to read, copy or use the >> e-mail or any attachment. If you have received this e-mail in error, >> please notify the sender by return e-mail and then destroy it. >> >> >> >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > ------------------------------------------------------------------------ > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > -- J. Trent Adams =jtrentadams Profile: http://www.mediaslate.org/jtrentadams/ LinkedIN: http://www.linkedin.com/in/jtrentadams Twitter: http://twitter.com/jtrentadams From iain.henderson at mydex.org Wed Nov 19 11:07:22 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 19 Nov 2008 19:07:22 +0000 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> Message-ID: Thanks Brett - see comments and builds inline. On 19 Nov 2008, at 18:07, Brett McDowell wrote: > FWIW, I suggest skipping next week because of the holiday in the US. > > As for feedback on the proposed work area, see comments inline below: > >> 1. Data Definitions - What types of data we are talking about (e.g. >> search engine input, >> purchase intentions, complaints, attention), and building use cases >> that bring these to life. > > Do we need to define a schema for this? What's the use-case that > would require a common schema? I'd guess that use-case development > would need to come before data definitions. Some history that may help. When I started looking at this issue many years back we did a whole stack of consumer research on 'use cases' pain points/ opportunities for improvement from the individuals perspective (1000 interviews). The feedback was loud and clear that the big pain/ opportunity points come around what came to be called Life Episodes. These are things like 'getting married', having a child, becoming a carer, retiring, death in the family.....and so it went on to the point where we had mapped 65 or so such Life Episodes. What was found was that the Life Episodes were hot-beds of interaction and transaction - in which the individual is typically looking to manage and share personal information across multipl organisational silo's - and thus repeating themselves time after time after time (ref various VRM posts on 'the individual as the natural point of integration). The data required to drive any Life Episode typically has a core (ref Robin Wilton's Onion model), and then Episode specific data requirements. So - I guess i'll dig that list out and propose a few Life Episodes that include 'Purchase Intention' that we map as use cases, and then also look at the schema requirements of each (which I think will end up with a common core and them issue specific schema that will typically be cross-sectoral (i.e. many episodes involve having to deal with both government and private sector issues in parallel). > >> 2. Terms and Conditions for Sharing VPI - The terms and conditions >> under which VPI will >> be shared (building on privacy law plus VRM logic) > > I think this fits well with another Liberty activity going on in TEG > right now, the Privacy Constraints work that's within the context of > the Identity Governance Framework. The public draft of this work is > online here: > > http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs Agreed, that work looks very relevant - just need a less technical description that maps onto our use cases. > >> 3. VPI Data Sharing Technologies/ Standards - The data gathering, >> management and >> sharing technologies that might comply to VPI standards (e.g >> Information Cards, Higgins), >> including how this information will be originated by the individual. > > There is a long list of open standards that handle attribute > exchange which would probably be capable of fulfilling these use > cases. Maybe the VPI SIG could start to wrote a paper, like an > implementation guideline or deployment guideline, for who these VRM > use cases would be fulfilled by each technology. For example, we > could have a paper on how to do this using ID-WSF, one on using > OpenID AX, one using Oauth, one using XDI, one using Information > Cards, etc. I assume these would be authored by experts of each > technology and therefore could be done in parallel... but only after > the SIG has collectively defined the use cases. > Agreed >> 4. VPI Data Sharing Processes and Policies - The processes and >> policies that will emerge >> around different types of VPI, and how those mechanisms will work >> (e.g. link contracts, >> machine readable creative commons type policies, contract law). > > I think this is or could be the same as item #2. I suggest looking > at IGF for this as well. Again, we'll only know for sure after we > define the use cases and test those against what IGF can achieve. Agreed > >> 5. Compliance - The governance processes we will use to ensure >> compliance (e.g. audit >> mechanisms, Liberty IAF and IGF). > > I'll recommend to IAEG members that they provide someone to join the > VPI SIG to keep the two efforts coordinated and to share ideas, best > practices, etc. I see a lot of synergy between the IAEG > accreditation program and the VPI compliance program (in my mind's > eye anyway). Yes, that would be useful thanks. > >> 6. Business Case/ Why VPI Should Be Enabled - The business model/ >> business case for >> an individual sharing VPI and for an organisation agreeing to >> receive VPI. > > This is a great activity and the sooner the better. I imagine we > might want to start here and build our use cases off of these > business cases/deployment scenarios. We generally do this in three > phases of detail: scenario (high-level slideware), use case > (diagrams of actors and flows), requirements (pre-engineering level > of detail). Yes, I think we'll pick some use cases and quickly sync that up with business case work. > >> 7. Advocacy - Proofs of Concept/ Demonstrations of VPI capability >> (from both individual and >> organisational perspective). Finding which organisations are able >> to engage on this basis. > > We can work with our Marketing Oversight Committee to build plans > for doing this work in 2009. We'd need a pretty clear idea of what > activities we want to achieve (events, conferences, online > resources, webcasts, etc.) and an idea of what these activities > might cost (Britta and I can help in that regard). But we'd need to > work quickly to get this into our 2009 marketing plan. If we simply > don't know yet, that's okay too but it means we will have to request > "extra" marketing support at some point mid-year which may or may > not be possible at that point. Just something to consider. I think we could move on this fairly quickly, albeit based on my own assumptions that would need to be kicked around by the group - what's the best way to engage with the Marketing Oversight Committee? > > Great work getting this going Iain. Thanks > > > Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 > > > > > > > On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: > >> Folks, >> >> The minutes from the last call have not emerged yet, but in the >> meantime i'm keen to get moving. >> >> I've set out what I think the next steps might be on the attached >> file, they should speak for themselves - for those not on the last >> call we decided to focus on 'purchase intention' as the early >> focus, not least because it has the most obvious high impact. >> >> The next call was due to be on Thursday 27th but I guess our USA >> colleagues will be otherwise engaged that day - what's the view, >> should we move to the Wednesday or leave to the following week? >> >> Meantime, if any of you have comments/ suggestions on the proposed >> direction, or want to lead on any particular area then by all means >> ping me on e-mail and we can arrange to talk - or just e-mail the >> group. >> >> Cheers >> >> Iain >> >> >> >> >> >> Iain Henderson >> iain.henderson at mydex.org >> >> This email and any attachment contains information which is private >> and confidential and is intended for the addressee only. If you are >> not an addressee, you are not authorised to read, copy or use the e- >> mail or any attachment. If you have received this e-mail in error, >> please notify the sender by return e-mail and then destroy it. >> >> >> >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From iain.henderson at mydex.org Wed Nov 19 11:14:08 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 19 Nov 2008 19:14:08 +0000 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <49245CBA.5060505@gmail.com> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> <49245CBA.5060505@gmail.com> Message-ID: Thanks Trent. Agreed - no call next week, next call Thursday 4th December, usual time (invite e-mail will follow). Yes, as per response to Brett - i'll propose some use cases based on Life Episodes that include a Purchase Intention and we'll move on those via e-mail before the next call if resources allow. I see use cases and business cases being done in parallel. In terms of use case formats - Brett, could you circulate the Liberty MRD one in MS Word format (I only have PDF); or any other one that Liberty use? That is probably a good start point, but by all means anyone else flag up good templates they have used before. Iain On 19 Nov 2008, at 18:36, J. Trent Adams wrote: > I agree with Brett on two fronts: > > A) Skipping next week's call makes sense. I don't see enough work > being done before then to warrant moving the call up to Wednesday. > > B) We would do well to focus on the Business Cases (ie. scenarios, > use cases, and requirements) first. > > Working toward the scenarios, is there a template folks on this > distribution are familiar with? I've seen a lot of different > formats, so if there's one that people like, we might as well start > there and fill in the blanks. > > - Trent > > > Brett McDowell wrote: >> FWIW, I suggest skipping next week because of the holiday in the US. >> >> As for feedback on the proposed work area, see comments inline below: >> >>> *1.* *Data Definitions* - What types of data we are talking about >>> (e.g. search engine input, purchase intentions, complaints, >>> attention), and building use cases that bring these to life. >> >> Do we need to define a schema for this? What's the use-case that >> would require a common schema? I'd guess that use-case development >> would need to come before data definitions. >> >>> *2.* *Terms and Conditions for Sharing VPI* - The terms and >>> conditions under which VPI will be shared (building on privacy law >>> plus VRM logic) >> >> I think this fits well with another Liberty activity going on in >> TEG right now, the Privacy Constraints work that's within the >> context of the Identity Governance Framework. The public draft of >> this work is online here: >> >> http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs >> >>> *3.* *VPI Data Sharing Technologies/ Standards* - The data >>> gathering, management and sharing technologies that might comply >>> to VPI standards (e.g Information Cards, Higgins), including how >>> this information will be originated by the individual. >> >> There is a long list of open standards that handle attribute >> exchange which would probably be capable of fulfilling these use >> cases. Maybe the VPI SIG could start to wrote a paper, like an >> implementation guideline or deployment guideline, for who these VRM >> use cases would be fulfilled by each technology. For example, we >> could have a paper on how to do this using ID-WSF, one on using >> OpenID AX, one using Oauth, one using XDI, one using Information >> Cards, etc. I assume these would be authored by experts of each >> technology and therefore could be done in parallel... but only >> after the SIG has collectively defined the use cases. >> >>> *4.* *VPI Data Sharing Processes and Policies - *The processes and >>> policies that will emerge around different types of VPI, and how >>> those mechanisms will work (e.g. link contracts, machine readable >>> creative commons type policies, contract law). >> >> I think this is or could be the same as item #2. I suggest looking >> at IGF for this as well. Again, we'll only know for sure after we >> define the use cases and test those against what IGF can achieve. >> >>> *5.* *Compliance* - The governance processes we will use to ensure >>> compliance (e.g. audit mechanisms, Liberty IAF and IGF). >> >> I'll recommend to IAEG members that they provide someone to join >> the VPI SIG to keep the two efforts coordinated and to share ideas, >> best practices, etc. I see a lot of synergy between the IAEG >> accreditation program and the VPI compliance program (in my mind's >> eye anyway). >> >>> *6.* *Business Case/ Why VPI Should Be Enabled* - The business >>> model/ business case for an individual sharing VPI and for an >>> organisation agreeing to receive VPI. >> >> This is a great activity and the sooner the better. I imagine we >> might want to start here and build our use cases off of these >> business cases/deployment scenarios. We generally do this in three >> phases of detail: scenario (high-level slideware), use case >> (diagrams of actors and flows), requirements (pre-engineering level >> of detail). >> >>> *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI >>> capability (from both individual and organisational perspective). >>> Finding which organisations are able to engage on this basis. >> >> We can work with our Marketing Oversight Committee to build plans >> for doing this work in 2009. We'd need a pretty clear idea of what >> activities we want to achieve (events, conferences, online >> resources, webcasts, etc.) and an idea of what these activities >> might cost (Britta and I can help in that regard). But we'd need >> to work quickly to get this into our 2009 marketing plan. If we >> simply don't know yet, that's okay too but it means we will have to >> request "extra" marketing support at some point mid-year which may >> or may not be possible at that point. Just something to consider. >> >> Great work getting this going Iain. >> >> >> Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 >> >> >> >> >> >> >> On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: >> >>> Folks, >>> >>> The minutes from the last call have not emerged yet, but in the >>> meantime i'm keen to get moving. >>> >>> I've set out what I think the next steps might be on the attached >>> file, they should speak for themselves - for those not on the last >>> call we decided to focus on 'purchase intention' as the early >>> focus, not least because it has the most obvious high impact. >>> >>> The next call was due to be on Thursday 27th but I guess our USA >>> colleagues will be otherwise engaged that day - what's the view, >>> should we move to the Wednesday or leave to the following week? >>> >>> Meantime, if any of you have comments/ suggestions on the proposed >>> direction, or want to lead on any particular area then by all >>> means ping me on e-mail and we can arrange to talk - or just e- >>> mail the group. >>> >>> Cheers >>> >>> Iain >>> >>> >>> >>> >>> >>> Iain Henderson >>> iain.henderson at mydex.org >>> >>> This email and any attachment contains information which is >>> private and confidential and is intended for the addressee only. >>> If you are not an addressee, you are not authorised to read, copy >>> or use the e-mail or any attachment. If you have received this e- >>> mail in error, please notify the sender by return e-mail and then >>> destroy it. >>> >>> >>> >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> > > -- > J. Trent Adams > =jtrentadams > > Profile: http://www.mediaslate.org/jtrentadams/ > LinkedIN: http://www.linkedin.com/in/jtrentadams > Twitter: http://twitter.com/jtrentadams > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From bill at oidf.org Wed Nov 19 11:48:05 2008 From: bill at oidf.org (Bill Washburn) Date: Wed, 19 Nov 2008 11:48:05 -0800 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <49245CBA.5060505@gmail.com> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> <49245CBA.5060505@gmail.com> Message-ID: <891348600811191148t19e9e46atfad85c12357ddcbe@mail.gmail.com> +1 on both counts. Also, in reviewing Iain's VPI document, an array of questions arose for me about what I think of as complex and/or conditional plans and intentions. When making vacation travel plans, for example, it seems to me that the intentions and plans evolve, take concrete form, and solidify gradually over a series of research steps that are often pretty complicated and longitudinal, for lack of a better term. When it comes to focusing on "purchase intention," is the assumption already established that all the preliminary steps in the planning process are in or out of scope? I'm asking to make certain I'm on the same page with everyone regarding thinking about the purchase intentions. cheers, -bill On Wed, Nov 19, 2008 at 10:36 AM, J. Trent Adams wrote: > I agree with Brett on two fronts: > > A) Skipping next week's call makes sense. I don't see enough work being > done before then to warrant moving the call up to Wednesday. > > B) We would do well to focus on the Business Cases (ie. scenarios, use > cases, and requirements) first. > > Working toward the scenarios, is there a template folks on this > distribution are familiar with? I've seen a lot of different formats, so if > there's one that people like, we might as well start there and fill in the > blanks. > > - Trent > > > Brett McDowell wrote: > >> FWIW, I suggest skipping next week because of the holiday in the US. >> >> As for feedback on the proposed work area, see comments inline below: >> >> *1.* *Data Definitions* - What types of data we are talking about (e.g. >>> search engine input, purchase intentions, complaints, attention), and >>> building use cases that bring these to life. >>> >> >> Do we need to define a schema for this? What's the use-case that would >> require a common schema? I'd guess that use-case development would need to >> come before data definitions. >> >> *2.* *Terms and Conditions for Sharing VPI* - The terms and conditions >>> under which VPI will be shared (building on privacy law plus VRM logic) >>> >> >> I think this fits well with another Liberty activity going on in TEG right >> now, the Privacy Constraints work that's within the context of the Identity >> Governance Framework. The public draft of this work is online here: >> >> http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs >> >> *3.* *VPI Data Sharing Technologies/ Standards* - The data gathering, >>> management and sharing technologies that might comply to VPI standards (e.g >>> Information Cards, Higgins), including how this information will be >>> originated by the individual. >>> >> >> There is a long list of open standards that handle attribute exchange >> which would probably be capable of fulfilling these use cases. Maybe the >> VPI SIG could start to wrote a paper, like an implementation guideline or >> deployment guideline, for who these VRM use cases would be fulfilled by each >> technology. For example, we could have a paper on how to do this using >> ID-WSF, one on using OpenID AX, one using Oauth, one using XDI, one using >> Information Cards, etc. I assume these would be authored by experts of each >> technology and therefore could be done in parallel... but only after the SIG >> has collectively defined the use cases. >> >> *4.* *VPI Data Sharing Processes and Policies - *The processes and >>> policies that will emerge around different types of VPI, and how those >>> mechanisms will work (e.g. link contracts, machine readable creative commons >>> type policies, contract law). >>> >> >> I think this is or could be the same as item #2. I suggest looking at IGF >> for this as well. Again, we'll only know for sure after we define the use >> cases and test those against what IGF can achieve. >> >> *5.* *Compliance* - The governance processes we will use to ensure >>> compliance (e.g. audit mechanisms, Liberty IAF and IGF). >>> >> >> I'll recommend to IAEG members that they provide someone to join the VPI >> SIG to keep the two efforts coordinated and to share ideas, best practices, >> etc. I see a lot of synergy between the IAEG accreditation program and the >> VPI compliance program (in my mind's eye anyway). >> >> *6.* *Business Case/ Why VPI Should Be Enabled* - The business model/ >>> business case for an individual sharing VPI and for an organisation agreeing >>> to receive VPI. >>> >> >> This is a great activity and the sooner the better. I imagine we might >> want to start here and build our use cases off of these business >> cases/deployment scenarios. We generally do this in three phases of detail: >> scenario (high-level slideware), use case (diagrams of actors and flows), >> requirements (pre-engineering level of detail). >> >> *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI capability >>> (from both individual and organisational perspective). Finding which >>> organisations are able to engage on this basis. >>> >> >> We can work with our Marketing Oversight Committee to build plans for >> doing this work in 2009. We'd need a pretty clear idea of what activities >> we want to achieve (events, conferences, online resources, webcasts, etc.) >> and an idea of what these activities might cost (Britta and I can help in >> that regard). But we'd need to work quickly to get this into our 2009 >> marketing plan. If we simply don't know yet, that's okay too but it means >> we will have to request "extra" marketing support at some point mid-year >> which may or may not be possible at that point. Just something to consider. >> >> Great work getting this going Iain. >> >> >> Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 >> >> >> >> >> >> >> On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: >> >> Folks, >>> >>> The minutes from the last call have not emerged yet, but in the meantime >>> i'm keen to get moving. >>> >>> I've set out what I think the next steps might be on the attached file, >>> they should speak for themselves - for those not on the last call we decided >>> to focus on 'purchase intention' as the early focus, not least because it >>> has the most obvious high impact. >>> >>> The next call was due to be on Thursday 27th but I guess our USA >>> colleagues will be otherwise engaged that day - what's the view, should we >>> move to the Wednesday or leave to the following week? >>> >>> Meantime, if any of you have comments/ suggestions on the proposed >>> direction, or want to lead on any particular area then by all means ping me >>> on e-mail and we can arrange to talk - or just e-mail the group. >>> >>> Cheers >>> >>> Iain >>> >>> >>> >>> >>> >>> Iain Henderson >>> iain.henderson at mydex.org >>> >>> This email and any attachment contains information which is private and >>> confidential and is intended for the addressee only. If you are not an >>> addressee, you are not authorised to read, copy or use the e-mail or any >>> attachment. If you have received this e-mail in error, please notify the >>> sender by return e-mail and then destroy it. >>> >>> >>> >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> >> > > -- > J. Trent Adams > =jtrentadams > > Profile: http://www.mediaslate.org/jtrentadams/ > LinkedIN: http://www.linkedin.com/in/jtrentadams > Twitter: http://twitter.com/jtrentadams > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at projectliberty.org Wed Nov 19 13:01:05 2008 From: kurt at projectliberty.org (Kurt Kolok) Date: Wed, 19 Nov 2008 16:01:05 -0500 Subject: [Sig-vpi] Minutes from Nov 13 Conference Call Message-ID: <009e01c94a89$f03f8740$d0be95c0$@org> All, The draft minutes from our last call have been posted to the wiki at the following link. Please let me know if you have any questions or if you have been mistakenly omitted from the attendance roster. http://wiki.projectliberty.org/index.php/HIMSIG20081113 The following link will direct you to a number of published Liberty case studies as mentioned on the call: http://projectliberty.org/liberty/resource_center/case_studies Regards, Kurt Kurt Kolok Program Coordinator Liberty Alliance Project -------------- next part -------------- An HTML attachment was scrubbed... URL: From iain.henderson at mydex.org Wed Nov 19 14:41:29 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 19 Nov 2008 22:41:29 +0000 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <891348600811191148t19e9e46atfad85c12357ddcbe@mail.gmail.com> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> <49245CBA.5060505@gmail.com> <891348600811191148t19e9e46atfad85c12357ddcbe@mail.gmail.com> Message-ID: <033ADAF3-20BD-48DB-A75B-03BB92FCFADB@mydex.org> Hi Bill, you're right to flag this as something we need to drill down into and discuss more - we deliberately chose purchase intention as a focus, knowing that there was stuff that happens upstream and downstream. Our view was that if we tried to tackle the whole buying process we might never get started. But, as you say, some purchase intentions, even when you ignore the upstream and downstream bits, are complex, and others less so. I guess we'll need to tackle that variation by having use cases for each distinct type. So - your purchase intention for your trip to Italy could be one that we might use? Nothing like real life examples to make a use case fly? One i've recently been through was buying a car, a tedious, torturous process with vast inefficiencies built in - i'll offer that up as a use case. Iain On 19 Nov 2008, at 19:48, Bill Washburn wrote: > +1 on both counts. > > Also, in reviewing Iain's VPI document, an array of questions arose > for me about what I think of as complex and/or conditional plans and > intentions. > > When making vacation travel plans, for example, it seems to me that > the intentions and plans evolve, take concrete form, and solidify > gradually over a series of research steps that are often pretty > complicated and longitudinal, for lack of a better term. > > When it comes to focusing on "purchase intention," is the assumption > already established that all the preliminary steps in the planning > process are in or out of scope? > > I'm asking to make certain I'm on the same page with everyone > regarding thinking about the purchase intentions. > > cheers, > -bill > > > > On Wed, Nov 19, 2008 at 10:36 AM, J. Trent Adams > wrote: > I agree with Brett on two fronts: > > A) Skipping next week's call makes sense. I don't see enough work > being done before then to warrant moving the call up to Wednesday. > > B) We would do well to focus on the Business Cases (ie. scenarios, > use cases, and requirements) first. > > Working toward the scenarios, is there a template folks on this > distribution are familiar with? I've seen a lot of different > formats, so if there's one that people like, we might as well start > there and fill in the blanks. > > - Trent > > > Brett McDowell wrote: > FWIW, I suggest skipping next week because of the holiday in the US. > > As for feedback on the proposed work area, see comments inline below: > > *1.* *Data Definitions* - What types of data we are talking about > (e.g. search engine input, purchase intentions, complaints, > attention), and building use cases that bring these to life. > > Do we need to define a schema for this? What's the use-case that > would require a common schema? I'd guess that use-case development > would need to come before data definitions. > > *2.* *Terms and Conditions for Sharing VPI* - The terms and > conditions under which VPI will be shared (building on privacy law > plus VRM logic) > > I think this fits well with another Liberty activity going on in TEG > right now, the Privacy Constraints work that's within the context of > the Identity Governance Framework. The public draft of this work is > online here: > > http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs > > *3.* *VPI Data Sharing Technologies/ Standards* - The data > gathering, management and sharing technologies that might comply to > VPI standards (e.g Information Cards, Higgins), including how this > information will be originated by the individual. > > There is a long list of open standards that handle attribute > exchange which would probably be capable of fulfilling these use > cases. Maybe the VPI SIG could start to wrote a paper, like an > implementation guideline or deployment guideline, for who these VRM > use cases would be fulfilled by each technology. For example, we > could have a paper on how to do this using ID-WSF, one on using > OpenID AX, one using Oauth, one using XDI, one using Information > Cards, etc. I assume these would be authored by experts of each > technology and therefore could be done in parallel... but only after > the SIG has collectively defined the use cases. > > *4.* *VPI Data Sharing Processes and Policies - *The processes and > policies that will emerge around different types of VPI, and how > those mechanisms will work (e.g. link contracts, machine readable > creative commons type policies, contract law). > > I think this is or could be the same as item #2. I suggest looking > at IGF for this as well. Again, we'll only know for sure after we > define the use cases and test those against what IGF can achieve. > > *5.* *Compliance* - The governance processes we will use to ensure > compliance (e.g. audit mechanisms, Liberty IAF and IGF). > > I'll recommend to IAEG members that they provide someone to join the > VPI SIG to keep the two efforts coordinated and to share ideas, best > practices, etc. I see a lot of synergy between the IAEG > accreditation program and the VPI compliance program (in my mind's > eye anyway). > > *6.* *Business Case/ Why VPI Should Be Enabled* - The business > model/ business case for an individual sharing VPI and for an > organisation agreeing to receive VPI. > > This is a great activity and the sooner the better. I imagine we > might want to start here and build our use cases off of these > business cases/deployment scenarios. We generally do this in three > phases of detail: scenario (high-level slideware), use case > (diagrams of actors and flows), requirements (pre-engineering level > of detail). > > *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI > capability (from both individual and organisational perspective). > Finding which organisations are able to engage on this basis. > > We can work with our Marketing Oversight Committee to build plans > for doing this work in 2009. We'd need a pretty clear idea of what > activities we want to achieve (events, conferences, online > resources, webcasts, etc.) and an idea of what these activities > might cost (Britta and I can help in that regard). But we'd need to > work quickly to get this into our 2009 marketing plan. If we simply > don't know yet, that's okay too but it means we will have to request > "extra" marketing support at some point mid-year which may or may > not be possible at that point. Just something to consider. > > Great work getting this going Iain. > > > Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 > > > > > > > On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: > > Folks, > > The minutes from the last call have not emerged yet, but in the > meantime i'm keen to get moving. > > I've set out what I think the next steps might be on the attached > file, they should speak for themselves - for those not on the last > call we decided to focus on 'purchase intention' as the early focus, > not least because it has the most obvious high impact. > > The next call was due to be on Thursday 27th but I guess our USA > colleagues will be otherwise engaged that day - what's the view, > should we move to the Wednesday or leave to the following week? > > Meantime, if any of you have comments/ suggestions on the proposed > direction, or want to lead on any particular area then by all means > ping me on e-mail and we can arrange to talk - or just e-mail the > group. > > Cheers > > Iain > > > > > > Iain Henderson > iain.henderson at mydex.org > > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > ------------------------------------------------------------------------ > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > > -- > J. Trent Adams > =jtrentadams > > Profile: http://www.mediaslate.org/jtrentadams/ > LinkedIN: http://www.linkedin.com/in/jtrentadams > Twitter: http://twitter.com/jtrentadams > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From brett at projectliberty.org Wed Nov 19 15:08:30 2008 From: brett at projectliberty.org (Brett McDowell) Date: Wed, 19 Nov 2008 18:08:30 -0500 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> <49245CBA.5060505@gmail.com> Message-ID: I'm trying to lay my hands on a .doc version of our MRD template. I'll send it out once I find it :-( On Nov 19, 2008, at 2:14 PM, Iain Henderson wrote: > Thanks Trent. > > Agreed - no call next week, next call Thursday 4th December, usual > time (invite e-mail will follow). > > Yes, as per response to Brett - i'll propose some use cases based on > Life Episodes that include a Purchase Intention and we'll move on > those via e-mail before the next call if resources allow. I see use > cases and business cases being done in parallel. > > In terms of use case formats - Brett, could you circulate the > Liberty MRD one in MS Word format (I only have PDF); or any other > one that Liberty use? That is probably a good start point, but by > all means anyone else flag up good templates they have used before. > > Iain > > On 19 Nov 2008, at 18:36, J. Trent Adams wrote: > >> I agree with Brett on two fronts: >> >> A) Skipping next week's call makes sense. I don't see enough work >> being done before then to warrant moving the call up to Wednesday. >> >> B) We would do well to focus on the Business Cases (ie. scenarios, >> use cases, and requirements) first. >> >> Working toward the scenarios, is there a template folks on this >> distribution are familiar with? I've seen a lot of different >> formats, so if there's one that people like, we might as well start >> there and fill in the blanks. >> >> - Trent >> >> >> Brett McDowell wrote: >>> FWIW, I suggest skipping next week because of the holiday in the US. >>> >>> As for feedback on the proposed work area, see comments inline >>> below: >>> >>>> *1.* *Data Definitions* - What types of data we are talking about >>>> (e.g. search engine input, purchase intentions, complaints, >>>> attention), and building use cases that bring these to life. >>> >>> Do we need to define a schema for this? What's the use-case that >>> would require a common schema? I'd guess that use-case >>> development would need to come before data definitions. >>> >>>> *2.* *Terms and Conditions for Sharing VPI* - The terms and >>>> conditions under which VPI will be shared (building on privacy >>>> law plus VRM logic) >>> >>> I think this fits well with another Liberty activity going on in >>> TEG right now, the Privacy Constraints work that's within the >>> context of the Identity Governance Framework. The public draft of >>> this work is online here: >>> >>> http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs >>> >>>> *3.* *VPI Data Sharing Technologies/ Standards* - The data >>>> gathering, management and sharing technologies that might comply >>>> to VPI standards (e.g Information Cards, Higgins), including how >>>> this information will be originated by the individual. >>> >>> There is a long list of open standards that handle attribute >>> exchange which would probably be capable of fulfilling these use >>> cases. Maybe the VPI SIG could start to wrote a paper, like an >>> implementation guideline or deployment guideline, for who these >>> VRM use cases would be fulfilled by each technology. For example, >>> we could have a paper on how to do this using ID-WSF, one on using >>> OpenID AX, one using Oauth, one using XDI, one using Information >>> Cards, etc. I assume these would be authored by experts of each >>> technology and therefore could be done in parallel... but only >>> after the SIG has collectively defined the use cases. >>> >>>> *4.* *VPI Data Sharing Processes and Policies - *The processes >>>> and policies that will emerge around different types of VPI, and >>>> how those mechanisms will work (e.g. link contracts, machine >>>> readable creative commons type policies, contract law). >>> >>> I think this is or could be the same as item #2. I suggest >>> looking at IGF for this as well. Again, we'll only know for sure >>> after we define the use cases and test those against what IGF can >>> achieve. >>> >>>> *5.* *Compliance* - The governance processes we will use to >>>> ensure compliance (e.g. audit mechanisms, Liberty IAF and IGF). >>> >>> I'll recommend to IAEG members that they provide someone to join >>> the VPI SIG to keep the two efforts coordinated and to share >>> ideas, best practices, etc. I see a lot of synergy between the >>> IAEG accreditation program and the VPI compliance program (in my >>> mind's eye anyway). >>> >>>> *6.* *Business Case/ Why VPI Should Be Enabled* - The business >>>> model/ business case for an individual sharing VPI and for an >>>> organisation agreeing to receive VPI. >>> >>> This is a great activity and the sooner the better. I imagine we >>> might want to start here and build our use cases off of these >>> business cases/deployment scenarios. We generally do this in >>> three phases of detail: scenario (high-level slideware), use case >>> (diagrams of actors and flows), requirements (pre-engineering >>> level of detail). >>> >>>> *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI >>>> capability (from both individual and organisational perspective). >>>> Finding which organisations are able to engage on this basis. >>> >>> We can work with our Marketing Oversight Committee to build plans >>> for doing this work in 2009. We'd need a pretty clear idea of >>> what activities we want to achieve (events, conferences, online >>> resources, webcasts, etc.) and an idea of what these activities >>> might cost (Britta and I can help in that regard). But we'd need >>> to work quickly to get this into our 2009 marketing plan. If we >>> simply don't know yet, that's okay too but it means we will have >>> to request "extra" marketing support at some point mid-year which >>> may or may not be possible at that point. Just something to >>> consider. >>> >>> Great work getting this going Iain. >>> >>> >>> Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 >>> >>> >>> >>> >>> >>> >>> On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: >>> >>>> Folks, >>>> >>>> The minutes from the last call have not emerged yet, but in the >>>> meantime i'm keen to get moving. >>>> >>>> I've set out what I think the next steps might be on the attached >>>> file, they should speak for themselves - for those not on the >>>> last call we decided to focus on 'purchase intention' as the >>>> early focus, not least because it has the most obvious high impact. >>>> >>>> The next call was due to be on Thursday 27th but I guess our USA >>>> colleagues will be otherwise engaged that day - what's the view, >>>> should we move to the Wednesday or leave to the following week? >>>> >>>> Meantime, if any of you have comments/ suggestions on the >>>> proposed direction, or want to lead on any particular area then >>>> by all means ping me on e-mail and we can arrange to talk - or >>>> just e-mail the group. >>>> >>>> Cheers >>>> >>>> Iain >>>> >>>> >>>> >>>> >>>> >>>> Iain Henderson >>>> iain.henderson at mydex.org >>>> >>>> This email and any attachment contains information which is >>>> private and confidential and is intended for the addressee only. >>>> If you are not an addressee, you are not authorised to read, copy >>>> or use the e-mail or any attachment. If you have received this e- >>>> mail in error, please notify the sender by return e-mail and then >>>> destroy it. >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Sig-vpi mailing list >>>> Sig-vpi at lists.projectliberty.org >>>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>> >> >> -- >> J. Trent Adams >> =jtrentadams >> >> Profile: http://www.mediaslate.org/jtrentadams/ >> LinkedIN: http://www.linkedin.com/in/jtrentadams >> Twitter: http://twitter.com/jtrentadams >> >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org From iain.henderson at mydex.org Thu Nov 20 00:05:50 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Thu, 20 Nov 2008 08:05:50 +0000 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <49245CBA.5060505@gmail.com> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> <49245CBA.5060505@gmail.com> Message-ID: <4CECBDFB-D80D-4274-9646-3BBCF82D61A1@mydex.org> Trent/ All, Here is a storyboard format that I often use to set out the use case in visual format (usually when working with business side not IS). (All) let me know if this format works for setting out the scenario's, then we could use a more detailed write up (e.g. in Liberty Marketing Requirements Document format) to run alongside. In essence it means breaking the story into 8 chunks, describing what goes on at each stage - including the separate section on 'what's going on behind the scenes'. If this one suits i'll dig out the working Word version and circulate. Cheers Iain -------------- next part -------------- A non-text attachment was scrubbed... Name: Mydex Storyboard for PAM.ppt Type: application/vnd.ms-powerpoint Size: 181248 bytes Desc: not available URL: -------------- next part -------------- On 19 Nov 2008, at 18:36, J. Trent Adams wrote: > I agree with Brett on two fronts: > > A) Skipping next week's call makes sense. I don't see enough work > being done before then to warrant moving the call up to Wednesday. > > B) We would do well to focus on the Business Cases (ie. scenarios, > use cases, and requirements) first. > > Working toward the scenarios, is there a template folks on this > distribution are familiar with? I've seen a lot of different > formats, so if there's one that people like, we might as well start > there and fill in the blanks. > > - Trent > > > Brett McDowell wrote: >> FWIW, I suggest skipping next week because of the holiday in the US. >> >> As for feedback on the proposed work area, see comments inline below: >> >>> *1.* *Data Definitions* - What types of data we are talking about >>> (e.g. search engine input, purchase intentions, complaints, >>> attention), and building use cases that bring these to life. >> >> Do we need to define a schema for this? What's the use-case that >> would require a common schema? I'd guess that use-case development >> would need to come before data definitions. >> >>> *2.* *Terms and Conditions for Sharing VPI* - The terms and >>> conditions under which VPI will be shared (building on privacy law >>> plus VRM logic) >> >> I think this fits well with another Liberty activity going on in >> TEG right now, the Privacy Constraints work that's within the >> context of the Identity Governance Framework. The public draft of >> this work is online here: >> >> http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs >> >>> *3.* *VPI Data Sharing Technologies/ Standards* - The data >>> gathering, management and sharing technologies that might comply >>> to VPI standards (e.g Information Cards, Higgins), including how >>> this information will be originated by the individual. >> >> There is a long list of open standards that handle attribute >> exchange which would probably be capable of fulfilling these use >> cases. Maybe the VPI SIG could start to wrote a paper, like an >> implementation guideline or deployment guideline, for who these VRM >> use cases would be fulfilled by each technology. For example, we >> could have a paper on how to do this using ID-WSF, one on using >> OpenID AX, one using Oauth, one using XDI, one using Information >> Cards, etc. I assume these would be authored by experts of each >> technology and therefore could be done in parallel... but only >> after the SIG has collectively defined the use cases. >> >>> *4.* *VPI Data Sharing Processes and Policies - *The processes and >>> policies that will emerge around different types of VPI, and how >>> those mechanisms will work (e.g. link contracts, machine readable >>> creative commons type policies, contract law). >> >> I think this is or could be the same as item #2. I suggest looking >> at IGF for this as well. Again, we'll only know for sure after we >> define the use cases and test those against what IGF can achieve. >> >>> *5.* *Compliance* - The governance processes we will use to ensure >>> compliance (e.g. audit mechanisms, Liberty IAF and IGF). >> >> I'll recommend to IAEG members that they provide someone to join >> the VPI SIG to keep the two efforts coordinated and to share ideas, >> best practices, etc. I see a lot of synergy between the IAEG >> accreditation program and the VPI compliance program (in my mind's >> eye anyway). >> >>> *6.* *Business Case/ Why VPI Should Be Enabled* - The business >>> model/ business case for an individual sharing VPI and for an >>> organisation agreeing to receive VPI. >> >> This is a great activity and the sooner the better. I imagine we >> might want to start here and build our use cases off of these >> business cases/deployment scenarios. We generally do this in three >> phases of detail: scenario (high-level slideware), use case >> (diagrams of actors and flows), requirements (pre-engineering level >> of detail). >> >>> *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI >>> capability (from both individual and organisational perspective). >>> Finding which organisations are able to engage on this basis. >> >> We can work with our Marketing Oversight Committee to build plans >> for doing this work in 2009. We'd need a pretty clear idea of what >> activities we want to achieve (events, conferences, online >> resources, webcasts, etc.) and an idea of what these activities >> might cost (Britta and I can help in that regard). But we'd need >> to work quickly to get this into our 2009 marketing plan. If we >> simply don't know yet, that's okay too but it means we will have to >> request "extra" marketing support at some point mid-year which may >> or may not be possible at that point. Just something to consider. >> >> Great work getting this going Iain. >> >> >> Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 >> >> >> >> >> >> >> On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: >> >>> Folks, >>> >>> The minutes from the last call have not emerged yet, but in the >>> meantime i'm keen to get moving. >>> >>> I've set out what I think the next steps might be on the attached >>> file, they should speak for themselves - for those not on the last >>> call we decided to focus on 'purchase intention' as the early >>> focus, not least because it has the most obvious high impact. >>> >>> The next call was due to be on Thursday 27th but I guess our USA >>> colleagues will be otherwise engaged that day - what's the view, >>> should we move to the Wednesday or leave to the following week? >>> >>> Meantime, if any of you have comments/ suggestions on the proposed >>> direction, or want to lead on any particular area then by all >>> means ping me on e-mail and we can arrange to talk - or just e- >>> mail the group. >>> >>> Cheers >>> >>> Iain >>> >>> >>> >>> >>> >>> Iain Henderson >>> iain.henderson at mydex.org >>> >>> This email and any attachment contains information which is >>> private and confidential and is intended for the addressee only. >>> If you are not an addressee, you are not authorised to read, copy >>> or use the e-mail or any attachment. If you have received this e- >>> mail in error, please notify the sender by return e-mail and then >>> destroy it. >>> >>> >>> >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> > > -- > J. Trent Adams > =jtrentadams > > Profile: http://www.mediaslate.org/jtrentadams/ > LinkedIN: http://www.linkedin.com/in/jtrentadams > Twitter: http://twitter.com/jtrentadams > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From bill at oidf.org Thu Nov 20 12:57:29 2008 From: bill at oidf.org (Bill Washburn) Date: Thu, 20 Nov 2008 12:57:29 -0800 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <4CECBDFB-D80D-4274-9646-3BBCF82D61A1@mydex.org> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> <49245CBA.5060505@gmail.com> <4CECBDFB-D80D-4274-9646-3BBCF82D61A1@mydex.org> Message-ID: <891348600811201257h33a7c05cgde0576a4c11d82b0@mail.gmail.com> Iain, My eyes are having a hard time with the story board. Do you have it in a larger format? BTW, I'm happy to use the Italy trip from last summer. cheers, -bill On Thu, Nov 20, 2008 at 12:05 AM, Iain Henderson wrote: > Trent/ All, > > Here is a storyboard format that I often use to set out the use case in > visual format (usually when working with business side not IS). (All) let me > know if this format works for setting out the scenario's, then we could use > a more detailed write up (e.g. in Liberty Marketing Requirements Document > format) to run alongside. > > In essence it means breaking the story into 8 chunks, describing what goes > on at each stage - including the separate section on 'what's going on behind > the scenes'. > > If this one suits i'll dig out the working Word version and circulate. > > Cheers > > Iain > > > > > > > > On 19 Nov 2008, at 18:36, J. Trent Adams wrote: > > I agree with Brett on two fronts: >> >> A) Skipping next week's call makes sense. I don't see enough work being >> done before then to warrant moving the call up to Wednesday. >> >> B) We would do well to focus on the Business Cases (ie. scenarios, use >> cases, and requirements) first. >> >> Working toward the scenarios, is there a template folks on this >> distribution are familiar with? I've seen a lot of different formats, so if >> there's one that people like, we might as well start there and fill in the >> blanks. >> >> - Trent >> >> >> Brett McDowell wrote: >> >>> FWIW, I suggest skipping next week because of the holiday in the US. >>> >>> As for feedback on the proposed work area, see comments inline below: >>> >>> *1.* *Data Definitions* - What types of data we are talking about (e.g. >>>> search engine input, purchase intentions, complaints, attention), and >>>> building use cases that bring these to life. >>>> >>> >>> Do we need to define a schema for this? What's the use-case that would >>> require a common schema? I'd guess that use-case development would need to >>> come before data definitions. >>> >>> *2.* *Terms and Conditions for Sharing VPI* - The terms and conditions >>>> under which VPI will be shared (building on privacy law plus VRM logic) >>>> >>> >>> I think this fits well with another Liberty activity going on in TEG >>> right now, the Privacy Constraints work that's within the context of the >>> Identity Governance Framework. The public draft of this work is online >>> here: >>> >>> >>> http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs >>> >>> *3.* *VPI Data Sharing Technologies/ Standards* - The data gathering, >>>> management and sharing technologies that might comply to VPI standards (e.g >>>> Information Cards, Higgins), including how this information will be >>>> originated by the individual. >>>> >>> >>> There is a long list of open standards that handle attribute exchange >>> which would probably be capable of fulfilling these use cases. Maybe the >>> VPI SIG could start to wrote a paper, like an implementation guideline or >>> deployment guideline, for who these VRM use cases would be fulfilled by each >>> technology. For example, we could have a paper on how to do this using >>> ID-WSF, one on using OpenID AX, one using Oauth, one using XDI, one using >>> Information Cards, etc. I assume these would be authored by experts of each >>> technology and therefore could be done in parallel... but only after the SIG >>> has collectively defined the use cases. >>> >>> *4.* *VPI Data Sharing Processes and Policies - *The processes and >>>> policies that will emerge around different types of VPI, and how those >>>> mechanisms will work (e.g. link contracts, machine readable creative commons >>>> type policies, contract law). >>>> >>> >>> I think this is or could be the same as item #2. I suggest looking at >>> IGF for this as well. Again, we'll only know for sure after we define the >>> use cases and test those against what IGF can achieve. >>> >>> *5.* *Compliance* - The governance processes we will use to ensure >>>> compliance (e.g. audit mechanisms, Liberty IAF and IGF). >>>> >>> >>> I'll recommend to IAEG members that they provide someone to join the VPI >>> SIG to keep the two efforts coordinated and to share ideas, best practices, >>> etc. I see a lot of synergy between the IAEG accreditation program and the >>> VPI compliance program (in my mind's eye anyway). >>> >>> *6.* *Business Case/ Why VPI Should Be Enabled* - The business model/ >>>> business case for an individual sharing VPI and for an organisation agreeing >>>> to receive VPI. >>>> >>> >>> This is a great activity and the sooner the better. I imagine we might >>> want to start here and build our use cases off of these business >>> cases/deployment scenarios. We generally do this in three phases of detail: >>> scenario (high-level slideware), use case (diagrams of actors and flows), >>> requirements (pre-engineering level of detail). >>> >>> *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI capability >>>> (from both individual and organisational perspective). Finding which >>>> organisations are able to engage on this basis. >>>> >>> >>> We can work with our Marketing Oversight Committee to build plans for >>> doing this work in 2009. We'd need a pretty clear idea of what activities >>> we want to achieve (events, conferences, online resources, webcasts, etc.) >>> and an idea of what these activities might cost (Britta and I can help in >>> that regard). But we'd need to work quickly to get this into our 2009 >>> marketing plan. If we simply don't know yet, that's okay too but it means >>> we will have to request "extra" marketing support at some point mid-year >>> which may or may not be possible at that point. Just something to consider. >>> >>> Great work getting this going Iain. >>> >>> >>> Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 >>> >>> >>> >>> >>> >>> >>> On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: >>> >>> Folks, >>>> >>>> The minutes from the last call have not emerged yet, but in the meantime >>>> i'm keen to get moving. >>>> >>>> I've set out what I think the next steps might be on the attached file, >>>> they should speak for themselves - for those not on the last call we decided >>>> to focus on 'purchase intention' as the early focus, not least because it >>>> has the most obvious high impact. >>>> >>>> The next call was due to be on Thursday 27th but I guess our USA >>>> colleagues will be otherwise engaged that day - what's the view, should we >>>> move to the Wednesday or leave to the following week? >>>> >>>> Meantime, if any of you have comments/ suggestions on the proposed >>>> direction, or want to lead on any particular area then by all means ping me >>>> on e-mail and we can arrange to talk - or just e-mail the group. >>>> >>>> Cheers >>>> >>>> Iain >>>> >>>> >>>> >>>> >>>> >>>> Iain Henderson >>>> iain.henderson at mydex.org >>>> >>>> This email and any attachment contains information which is private and >>>> confidential and is intended for the addressee only. If you are not an >>>> addressee, you are not authorised to read, copy or use the e-mail or any >>>> attachment. If you have received this e-mail in error, please notify the >>>> sender by return e-mail and then destroy it. >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Sig-vpi mailing list >>>> Sig-vpi at lists.projectliberty.org >>>> >>>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>> >>> >> -- >> J. Trent Adams >> =jtrentadams >> >> Profile: http://www.mediaslate.org/jtrentadams/ >> LinkedIN: http://www.linkedin.com/in/jtrentadams >> Twitter: http://twitter.com/jtrentadams >> >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private and > confidential and is intended for the addressee only. If you are not an > addressee, you are not authorised to read, copy or use the e-mail or any > attachment. If you have received this e-mail in error, please notify the > sender by return e-mail and then destroy it. > > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From koneil at cyva.com Thu Nov 20 15:07:09 2008 From: koneil at cyva.com (Kevin O'Neil) Date: Thu, 20 Nov 2008 15:07:09 -0800 Subject: [Sig-vpi] FW: REMINDER: Comments Due Nov 19 on SCC Privacy Standardization Roadmap Message-ID: SIG-VPI, See attached ANSI Privacy 005, TBM Privacy Standardization Roadmap with markups in progress. Contact Jim McCabe if you wish to know more about the ANSI Virtual TAG Privacy group. Jim McCabe Director, Consumer Relations and IDSP American National Standards Institute 25 West 43rd Street, 4th Floor New York, NY 10036 1-212-642-8921; Fax: 1-212-840-2298 jmccabe at ansi.org Kevin Kevin O'Neil CYVA Research Corporation 3525 Del Mar Heights Rd., Ste. #327 San Diego, CA 92130 858 793 8100 (direct) koneil at cyva.com www.cyva.com Confidentiality Notice The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance of the contents of this information is strictly prohibited and may be unlawful. CYVA Research is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. _____ From: James McCabe [mailto:jmccabe at ANSI.ORG] Sent: Thursday, November 20, 2008 12:56 PM To: IDSPPRIVACY at MAILLIST.ANSI.ORG Subject: FW: REMINDER: Comments Due Nov 19 on SCC Privacy Standardization Roadmap I'm taking the liberty of forwarding John Sabo's contribution as his was the only mark-up other than Dan Bart's that was received. That's quite all right in retrospect as it was challenging enough just reconciling the two. I'll send the consolidated spreadsheet later that we'll use for purposes of discussion during the con call. There were many areas of agreement between John and Dan but a few variances that I will note and that we can discuss during the call. I'll also incorporate any miscellaneous comments as best I can either in the spreadsheet mark-up or a slightly reworked draft ANSI contribution using what Dan Bart sent as the starting point. Thanks to everyone who contributed. More to follow. Jim McCabe Director, Consumer Relations and IDSP American National Standards Institute 25 West 43rd Street, 4th Floor New York, NY 10036 1-212-642-8921; Fax: 1-212-840-2298 jmccabe at ansi.org _____ From: Sabo, John T [mailto:John.T.Sabo at ca.com] Sent: Wednesday, November 19, 2008 10:08 AM To: James McCabe Subject: RE: REMINDER: Comments Due Nov 19 on SCC Privacy Standardization Roadmap Jim, Attached is my marked up spreadsheet. The thrust of my reds and greens and yellows is that the focus must be on technical analysis of privacy operational principles/requirements at this point to determine the starting point for needed standards that will be useful for architectures and technical implementations/processes. The focus should not be on assessing laws and policies or moving to a certification scheme or worrying about consumers before we have defined what information privacy is from a technical perspective. In much of the ANSI material I have the sense that the prevailing view on this issue is that there is pre-disposition to assume that the task is for policy harmonization or ranking, whereas the real issue from my perspective after working in this space for many years is the need for standards that enable the management of multiple privacy policies and requirements over time and across policy and system boundaries. The ISTPA Privacy Framework v1.1, referenced in the SC 27/WG5 material and the SCC annex, and our "Analysis of Privacy Principles: An Operational Study," are a good starting points for this type of approach and analysis. Best regards, John __________________________________ John T. Sabo, CISSP Director, Global Government Relations CA, Inc. Suite 1220 1401 I Street NW Washington DC 20005 Tel: +1 202-513-6304 Mobile: +1 443-629-6198 Fax: +1 202-513-6395 ------------------------------------ This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: James McCabe [mailto:jmccabe at ansi.org] Sent: Friday, November 14, 2008 12:15 PM To: Kevin O'Neil Cc: Alison Ziegler Subject: Re: ANSI Virtual TAG Privacy: Action Items Today's Con Call Kevin, If you're sharing the info to facilitate the development of U.S.consensus positions that Ansi's expert may take forward to the ISO/TMB task force, then by all means. It was for that purpose that it was provided to you as a member of the Ansi virtual Tag. Jim McCabe Sent from my BlackBerry wireless device. Jim McCabe 347-813-1013 cell _____ From: Kevin O'Neil To: James McCabe Sent: Thu Nov 13 14:21:54 2008 Subject: FW: ANSI Virtual TAG Privacy: Action Items Today's Con Call Jim, Can I forward this spreadsheet to others within the Liberty Alliance Volunteered Personal Information SIG? And for future reference what exactly is the policy regarding sharing of content contributed to the ANSI Virtual TAG Privacy with others outside - any restrictions? The Liberty VIP SIG group is made up of others engaged in aspects of personal information protection and technology. http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG Kevin Kevin O'Neil CYVA Research Corporation 3525 Del Mar Heights Rd., Ste. #327 San Diego, CA 92130 858 793 8100 (direct) koneil at cyva.com www.cyva.com Confidentiality Notice The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance of the contents of this information is strictly prohibited and may be unlawful. CYVA Research is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ANSI Privacy 005, TMB Privacy Standardization Roadmap-John Sabo.xls Type: application/vnd.ms-excel Size: 38912 bytes Desc: not available URL: From iain.henderson at mydex.org Fri Nov 21 04:26:56 2008 From: iain.henderson at mydex.org (Iain Henderson) Date: Fri, 21 Nov 2008 12:26:56 +0000 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <891348600811201257h33a7c05cgde0576a4c11d82b0@mail.gmail.com> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> <49245CBA.5060505@gmail.com> <4CECBDFB-D80D-4274-9646-3BBCF82D61A1@mydex.org> <891348600811201257h33a7c05cgde0576a4c11d82b0@mail.gmail.com> Message-ID: <9DBA566A-5B2C-4796-9C1E-3BC1866124C3@mydex.org> Hi Bill, i'll blow it up to poster size; it is the way it is to print of a4 but I agree its not very readable on screen. I'll get that to you early next week - am snowed under today. Yes, good that we can use your trip as an example of a complex purchase intent. Thanks Iain On 20 Nov 2008, at 20:57, Bill Washburn wrote: > Iain, > > My eyes are having a hard time with the story board. Do you have it > in a larger format? > > BTW, I'm happy to use the Italy trip from last summer. > > cheers, > -bill > > On Thu, Nov 20, 2008 at 12:05 AM, Iain Henderson > wrote: > Trent/ All, > > Here is a storyboard format that I often use to set out the use case > in visual format (usually when working with business side not IS). > (All) let me know if this format works for setting out the > scenario's, then we could use a more detailed write up (e.g. in > Liberty Marketing Requirements Document format) to run alongside. > > In essence it means breaking the story into 8 chunks, describing > what goes on at each stage - including the separate section on > 'what's going on behind the scenes'. > > If this one suits i'll dig out the working Word version and circulate. > > Cheers > > Iain > > > > > > > > On 19 Nov 2008, at 18:36, J. Trent Adams wrote: > > I agree with Brett on two fronts: > > A) Skipping next week's call makes sense. I don't see enough work > being done before then to warrant moving the call up to Wednesday. > > B) We would do well to focus on the Business Cases (ie. scenarios, > use cases, and requirements) first. > > Working toward the scenarios, is there a template folks on this > distribution are familiar with? I've seen a lot of different > formats, so if there's one that people like, we might as well start > there and fill in the blanks. > > - Trent > > > Brett McDowell wrote: > FWIW, I suggest skipping next week because of the holiday in the US. > > As for feedback on the proposed work area, see comments inline below: > > *1.* *Data Definitions* - What types of data we are talking about > (e.g. search engine input, purchase intentions, complaints, > attention), and building use cases that bring these to life. > > Do we need to define a schema for this? What's the use-case that > would require a common schema? I'd guess that use-case development > would need to come before data definitions. > > *2.* *Terms and Conditions for Sharing VPI* - The terms and > conditions under which VPI will be shared (building on privacy law > plus VRM logic) > > I think this fits well with another Liberty activity going on in TEG > right now, the Privacy Constraints work that's within the context of > the Identity Governance Framework. The public draft of this work is > online here: > > http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs > > *3.* *VPI Data Sharing Technologies/ Standards* - The data > gathering, management and sharing technologies that might comply to > VPI standards (e.g Information Cards, Higgins), including how this > information will be originated by the individual. > > There is a long list of open standards that handle attribute > exchange which would probably be capable of fulfilling these use > cases. Maybe the VPI SIG could start to wrote a paper, like an > implementation guideline or deployment guideline, for who these VRM > use cases would be fulfilled by each technology. For example, we > could have a paper on how to do this using ID-WSF, one on using > OpenID AX, one using Oauth, one using XDI, one using Information > Cards, etc. I assume these would be authored by experts of each > technology and therefore could be done in parallel... but only after > the SIG has collectively defined the use cases. > > *4.* *VPI Data Sharing Processes and Policies - *The processes and > policies that will emerge around different types of VPI, and how > those mechanisms will work (e.g. link contracts, machine readable > creative commons type policies, contract law). > > I think this is or could be the same as item #2. I suggest looking > at IGF for this as well. Again, we'll only know for sure after we > define the use cases and test those against what IGF can achieve. > > *5.* *Compliance* - The governance processes we will use to ensure > compliance (e.g. audit mechanisms, Liberty IAF and IGF). > > I'll recommend to IAEG members that they provide someone to join the > VPI SIG to keep the two efforts coordinated and to share ideas, best > practices, etc. I see a lot of synergy between the IAEG > accreditation program and the VPI compliance program (in my mind's > eye anyway). > > *6.* *Business Case/ Why VPI Should Be Enabled* - The business > model/ business case for an individual sharing VPI and for an > organisation agreeing to receive VPI. > > This is a great activity and the sooner the better. I imagine we > might want to start here and build our use cases off of these > business cases/deployment scenarios. We generally do this in three > phases of detail: scenario (high-level slideware), use case > (diagrams of actors and flows), requirements (pre-engineering level > of detail). > > *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI > capability (from both individual and organisational perspective). > Finding which organisations are able to engage on this basis. > > We can work with our Marketing Oversight Committee to build plans > for doing this work in 2009. We'd need a pretty clear idea of what > activities we want to achieve (events, conferences, online > resources, webcasts, etc.) and an idea of what these activities > might cost (Britta and I can help in that regard). But we'd need to > work quickly to get this into our 2009 marketing plan. If we simply > don't know yet, that's okay too but it means we will have to request > "extra" marketing support at some point mid-year which may or may > not be possible at that point. Just something to consider. > > Great work getting this going Iain. > > > Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 > > > > > > > On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: > > Folks, > > The minutes from the last call have not emerged yet, but in the > meantime i'm keen to get moving. > > I've set out what I think the next steps might be on the attached > file, they should speak for themselves - for those not on the last > call we decided to focus on 'purchase intention' as the early focus, > not least because it has the most obvious high impact. > > The next call was due to be on Thursday 27th but I guess our USA > colleagues will be otherwise engaged that day - what's the view, > should we move to the Wednesday or leave to the following week? > > Meantime, if any of you have comments/ suggestions on the proposed > direction, or want to lead on any particular area then by all means > ping me on e-mail and we can arrange to talk - or just e-mail the > group. > > Cheers > > Iain > > > > > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > ------------------------------------------------------------------------ > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > > -- > J. Trent Adams > =jtrentadams > > Profile: http://www.mediaslate.org/jtrentadams/ > LinkedIN: http://www.linkedin.com/in/jtrentadams > Twitter: http://twitter.com/jtrentadams > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From joni at ieee-isto.org Fri Nov 21 06:31:50 2008 From: joni at ieee-isto.org (Joni Brennan) Date: Fri, 21 Nov 2008 09:31:50 -0500 Subject: [Sig-vpi] Suggested Next Steps In-Reply-To: <49245CBA.5060505@gmail.com> References: <7E1BC16B-917D-4C19-BE6F-A1F48255F4DE@mydex.org> <476FB739-B392-47D6-A32D-81BEFDA4FCAF@projectliberty.org> <49245CBA.5060505@gmail.com> Message-ID: <947ea3330811210631l5cd4e08do32f6d8d31b8235bb@mail.gmail.com> Hi All, I'm writing to let you know that we should have a generic Use Case for your use very shortly. I expect this to be delivered to your group by Monday next week. Cheers, Joni On Wed, Nov 19, 2008 at 1:36 PM, J. Trent Adams wrote: > I agree with Brett on two fronts: > > A) Skipping next week's call makes sense. I don't see enough work being > done before then to warrant moving the call up to Wednesday. > > B) We would do well to focus on the Business Cases (ie. scenarios, use > cases, and requirements) first. > > Working toward the scenarios, is there a template folks on this > distribution are familiar with? I've seen a lot of different formats, so if > there's one that people like, we might as well start there and fill in the > blanks. > > - Trent > > > Brett McDowell wrote: > >> FWIW, I suggest skipping next week because of the holiday in the US. >> >> As for feedback on the proposed work area, see comments inline below: >> >> *1.* *Data Definitions* - What types of data we are talking about (e.g. >>> search engine input, purchase intentions, complaints, attention), and >>> building use cases that bring these to life. >>> >> >> Do we need to define a schema for this? What's the use-case that would >> require a common schema? I'd guess that use-case development would need to >> come before data definitions. >> >> *2.* *Terms and Conditions for Sharing VPI* - The terms and conditions >>> under which VPI will be shared (building on privacy law plus VRM logic) >>> >> >> I think this fits well with another Liberty activity going on in TEG right >> now, the Privacy Constraints work that's within the context of the Identity >> Governance Framework. The public draft of this work is online here: >> >> http://www.projectliberty.org/resource_center/specifications/igf_1_0_specs >> >> *3.* *VPI Data Sharing Technologies/ Standards* - The data gathering, >>> management and sharing technologies that might comply to VPI standards (e.g >>> Information Cards, Higgins), including how this information will be >>> originated by the individual. >>> >> >> There is a long list of open standards that handle attribute exchange >> which would probably be capable of fulfilling these use cases. Maybe the >> VPI SIG could start to wrote a paper, like an implementation guideline or >> deployment guideline, for who these VRM use cases would be fulfilled by each >> technology. For example, we could have a paper on how to do this using >> ID-WSF, one on using OpenID AX, one using Oauth, one using XDI, one using >> Information Cards, etc. I assume these would be authored by experts of each >> technology and therefore could be done in parallel... but only after the SIG >> has collectively defined the use cases. >> >> *4.* *VPI Data Sharing Processes and Policies - *The processes and >>> policies that will emerge around different types of VPI, and how those >>> mechanisms will work (e.g. link contracts, machine readable creative commons >>> type policies, contract law). >>> >> >> I think this is or could be the same as item #2. I suggest looking at IGF >> for this as well. Again, we'll only know for sure after we define the use >> cases and test those against what IGF can achieve. >> >> *5.* *Compliance* - The governance processes we will use to ensure >>> compliance (e.g. audit mechanisms, Liberty IAF and IGF). >>> >> >> I'll recommend to IAEG members that they provide someone to join the VPI >> SIG to keep the two efforts coordinated and to share ideas, best practices, >> etc. I see a lot of synergy between the IAEG accreditation program and the >> VPI compliance program (in my mind's eye anyway). >> >> *6.* *Business Case/ Why VPI Should Be Enabled* - The business model/ >>> business case for an individual sharing VPI and for an organisation agreeing >>> to receive VPI. >>> >> >> This is a great activity and the sooner the better. I imagine we might >> want to start here and build our use cases off of these business >> cases/deployment scenarios. We generally do this in three phases of detail: >> scenario (high-level slideware), use case (diagrams of actors and flows), >> requirements (pre-engineering level of detail). >> >> *7.* *Advocacy* - Proofs of Concept/ Demonstrations of VPI capability >>> (from both individual and organisational perspective). Finding which >>> organisations are able to engage on this basis. >>> >> >> We can work with our Marketing Oversight Committee to build plans for >> doing this work in 2009. We'd need a pretty clear idea of what activities >> we want to achieve (events, conferences, online resources, webcasts, etc.) >> and an idea of what these activities might cost (Britta and I can help in >> that regard). But we'd need to work quickly to get this into our 2009 >> marketing plan. If we simply don't know yet, that's okay too but it means >> we will have to request "extra" marketing support at some point mid-year >> which may or may not be possible at that point. Just something to consider. >> >> Great work getting this going Iain. >> >> >> Brett McDowell | http://www.projectliberty.org | +1.413.652.1248 >> >> >> >> >> >> >> On Nov 19, 2008, at 3:12 AM, Iain Henderson wrote: >> >> Folks, >>> >>> The minutes from the last call have not emerged yet, but in the meantime >>> i'm keen to get moving. >>> >>> I've set out what I think the next steps might be on the attached file, >>> they should speak for themselves - for those not on the last call we decided >>> to focus on 'purchase intention' as the early focus, not least because it >>> has the most obvious high impact. >>> >>> The next call was due to be on Thursday 27th but I guess our USA >>> colleagues will be otherwise engaged that day - what's the view, should we >>> move to the Wednesday or leave to the following week? >>> >>> Meantime, if any of you have comments/ suggestions on the proposed >>> direction, or want to lead on any particular area then by all means ping me >>> on e-mail and we can arrange to talk - or just e-mail the group. >>> >>> Cheers >>> >>> Iain >>> >>> >>> >>> >>> >>> Iain Henderson >>> iain.henderson at mydex.org >>> >>> This email and any attachment contains information which is private and >>> confidential and is intended for the addressee only. If you are not an >>> addressee, you are not authorised to read, copy or use the e-mail or any >>> attachment. If you have received this e-mail in error, please notify the >>> sender by return e-mail and then destroy it. >>> >>> >>> >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> >> > > -- > J. Trent Adams > =jtrentadams > > Profile: http://www.mediaslate.org/jtrentadams/ > LinkedIN: http://www.linkedin.com/in/jtrentadams > Twitter: http://twitter.com/jtrentadams > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > -- Joni Brennan IEEE-ISTO Liberty Alliance Project Operations Manager voice:+1 732-226-4223 email: joni @ projectliberty.org email: joni @ ieee-isto.org -------------- next part -------------- An HTML attachment was scrubbed... URL: