From joni at ieee-isto.org Thu Apr 2 09:13:46 2009 From: joni at ieee-isto.org (Joni Brennan) Date: Thu, 2 Apr 2009 09:13:46 -0700 Subject: [Sig-vpi] Last Call for Responses - New Time for VPI Calls? Message-ID: <947ea3330904020913r51119d6fld7e288a95ba818dd@mail.gmail.com> Hello VPI SIGers, I was looking over the Doodle survey Iain sent out and it looks like April 8th at 11am Pacific Time works for all who's responded so far. I'm wondering if there are any additional responses. As such I'm pushing this survey out one more time. I believe Iain is planning to send a confirmation of the time and call agenda early next week. If you have not responded to the Doodle survey yet please do so here: http://www.doodle.com/fzfw98h3xtxpm493 Cheers, Joni -- Joni Brennan IEEE-ISTO Liberty Alliance Project Director of Operations voice:+1 732-226-4223 email: joni @ projectliberty.org email: joni @ ieee-isto.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From brett at projectliberty.org Thu Apr 2 09:24:51 2009 From: brett at projectliberty.org (Brett McDowell) Date: Thu, 2 Apr 2009 12:24:51 -0400 Subject: [Sig-vpi] Last Call for Responses - New Time for VPI Calls? In-Reply-To: <947ea3330904020913r51119d6fld7e288a95ba818dd@mail.gmail.com> References: <947ea3330904020913r51119d6fld7e288a95ba818dd@mail.gmail.com> Message-ID: <340BDD56-22F6-495D-8BF0-56CADC76A6E1@projectliberty.org> I've updated the survey for my schedule. The time that is working for everyone else still works for me too. Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com On Apr 2, 2009, at 12:13 PM, Joni Brennan wrote: > Hello VPI SIGers, > > I was looking over the Doodle survey Iain sent out and it looks like > April 8th at 11am Pacific Time works for all who's responded so > far. I'm wondering if there are any additional responses. As such > I'm pushing this survey out one more time. I believe Iain is > planning to send a confirmation of the time and call agenda early > next week. > > If you have not responded to the Doodle survey yet please do so > here: http://www.doodle.com/fzfw98h3xtxpm493 > > Cheers, > > Joni > > -- > Joni Brennan > IEEE-ISTO > Liberty Alliance Project > Director of Operations > voice:+1 732-226-4223 > email: joni @ projectliberty.org > email: joni @ ieee-isto.org > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From iain.henderson at mydex.org Thu Apr 2 09:44:11 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Thu, 2 Apr 2009 17:44:11 +0100 Subject: [Sig-vpi] Last Call for Responses - New Time for VPI Calls? In-Reply-To: <340BDD56-22F6-495D-8BF0-56CADC76A6E1@projectliberty.org> References: <947ea3330904020913r51119d6fld7e288a95ba818dd@mail.gmail.com> <340BDD56-22F6-495D-8BF0-56CADC76A6E1@projectliberty.org> Message-ID: <32FF1ACB-25D7-4DF3-977E-8A3C3210FCA5@mydex.org> OK, as 11am on April 8th Pacific time is good for a majority let's lock that down now and go for that option. The main purpose for this call will be to review the updated charter(s) we require under the NewOrg. I'll send the draft charters and the context around those on Monday in order that we have time to review on the call on Wednesday. Thanks Iain On 2 Apr 2009, at 17:24, Brett McDowell wrote: > I've updated the survey for my schedule. The time that is working > for everyone else still works for me too. > > > Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com > > On Apr 2, 2009, at 12:13 PM, Joni Brennan wrote: > >> Hello VPI SIGers, >> >> I was looking over the Doodle survey Iain sent out and it looks >> like April 8th at 11am Pacific Time works for all who's responded >> so far. I'm wondering if there are any additional responses. As >> such I'm pushing this survey out one more time. I believe Iain is >> planning to send a confirmation of the time and call agenda early >> next week. >> >> If you have not responded to the Doodle survey yet please do so >> here: http://www.doodle.com/fzfw98h3xtxpm493 >> >> Cheers, >> >> Joni >> >> -- >> Joni Brennan >> IEEE-ISTO >> Liberty Alliance Project >> Director of Operations >> voice:+1 732-226-4223 >> email: joni @ projectliberty.org >> email: joni @ ieee-isto.org >> >> >> >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From joe at switchbook.com Thu Apr 2 09:58:24 2009 From: joe at switchbook.com (Joe Andrieu) Date: Thu, 02 Apr 2009 09:58:24 -0700 Subject: [Sig-vpi] Last Call for Responses - New Time for VPI Calls? In-Reply-To: <32FF1ACB-25D7-4DF3-977E-8A3C3210FCA5@mydex.org> References: <947ea3330904020913r51119d6fld7e288a95ba818dd@mail.gmail.com> <340BDD56-22F6-495D-8BF0-56CADC76A6E1@projectliberty.org> <32FF1ACB-25D7-4DF3-977E-8A3C3210FCA5@mydex.org> Message-ID: <49D4EEB0.5040408@switchbook.com> Sounds good. It's on my calendar. -j -- Joe Andrieu joe at switchbook.com @joeandrieu +1 (805) 705-8651 joe.andrieu (skype) http://blog.joeandrieu.com http://www.switchbook.com On 4/2/2009 9:44 AM, Iain Henderson wrote: > OK, as 11am on April 8th Pacific time is good for a majority let's lock > that down now and go for that option. > > The main purpose for this call will be to review the updated charter(s) > we require under the NewOrg. I'll send the draft charters and the > context around those on Monday in order that we have time to review on > the call on Wednesday. > > Thanks > > Iain > > On 2 Apr 2009, at 17:24, Brett McDowell wrote: > >> I've updated the survey for my schedule. The time that is working for >> everyone else still works for me too. >> >> >> Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com >> >> On Apr 2, 2009, at 12:13 PM, Joni Brennan wrote: >> >>> Hello VPI SIGers, >>> >>> I was looking over the Doodle survey Iain sent out and it looks like >>> April 8th at 11am Pacific Time works for all who's responded so far. >>> I'm wondering if there are any additional responses. As such I'm >>> pushing this survey out one more time. I believe Iain is planning to >>> send a confirmation of the time and call agenda early next week. >>> >>> If you have not responded to the Doodle survey yet please do so here: >>> http://www.doodle.com/fzfw98h3xtxpm493 >>> >>> Cheers, >>> >>> Joni >>> >>> -- >>> Joni Brennan >>> IEEE-ISTO >>> Liberty Alliance Project >>> Director of Operations >>> voice:+1 732-226-4223 >>> email: joni @ projectliberty.org >>> email: joni @ ieee-isto.org >>> >>> >>> >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>> >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private and > confidential and is intended for the addressee only. If you are not an > addressee, you are not authorised to read, copy or use the e-mail or any > attachment. If you have received this e-mail in error, please notify the > sender by return e-mail and then destroy it. > > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > > From Eve.Maler at Sun.COM Thu Apr 2 12:58:32 2009 From: Eve.Maler at Sun.COM (Eve Maler) Date: Thu, 02 Apr 2009 12:58:32 -0700 Subject: [Sig-vpi] Last Call for Responses - New Time for VPI Calls? In-Reply-To: <49D4EEB0.5040408@switchbook.com> References: <947ea3330904020913r51119d6fld7e288a95ba818dd@mail.gmail.com> <340BDD56-22F6-495D-8BF0-56CADC76A6E1@projectliberty.org> <32FF1ACB-25D7-4DF3-977E-8A3C3210FCA5@mydex.org> <49D4EEB0.5040408@switchbook.com> Message-ID: <7BFD11D4-AD74-43EC-B396-350255D7D101@sun.com> Confirming that it's on mine too. I will only be able to join for the first ~15 minutes on April 8 itself (dr's appt), but will be able to attend regularly afterward. Eve On Apr 2, 2009, at 9:58 AM, Joe Andrieu wrote: > Sounds good. It's on my calendar. > > -j > > -- > Joe Andrieu > joe at switchbook.com @joeandrieu > +1 (805) 705-8651 joe.andrieu (skype) > http://blog.joeandrieu.com http://www.switchbook.com > > On 4/2/2009 9:44 AM, Iain Henderson wrote: >> OK, as 11am on April 8th Pacific time is good for a majority let's >> lock >> that down now and go for that option. >> >> The main purpose for this call will be to review the updated >> charter(s) >> we require under the NewOrg. I'll send the draft charters and the >> context around those on Monday in order that we have time to review >> on >> the call on Wednesday. >> >> Thanks >> >> Iain >> >> On 2 Apr 2009, at 17:24, Brett McDowell wrote: >> >>> I've updated the survey for my schedule. The time that is working >>> for >>> everyone else still works for me too. >>> >>> >>> Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com >>> >>> On Apr 2, 2009, at 12:13 PM, Joni Brennan wrote: >>> >>>> Hello VPI SIGers, >>>> >>>> I was looking over the Doodle survey Iain sent out and it looks >>>> like >>>> April 8th at 11am Pacific Time works for all who's responded so >>>> far. >>>> I'm wondering if there are any additional responses. As such I'm >>>> pushing this survey out one more time. I believe Iain is planning >>>> to >>>> send a confirmation of the time and call agenda early next week. >>>> >>>> If you have not responded to the Doodle survey yet please do so >>>> here: >>>> http://www.doodle.com/fzfw98h3xtxpm493 >>>> >>>> Cheers, >>>> >>>> Joni >>>> Eve Maler eve.maler @ sun.com Emerging Technologies Director cell +1 425 345 6756 Sun Microsystems Identity Software www.xmlgrrl.com/blog From iain.henderson at mydex.org Tue Apr 7 23:40:40 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 8 Apr 2009 07:40:40 +0100 Subject: [Sig-vpi] Draft Charter under NewOrg in advance of our call later today Message-ID: <7385F7D7-DF13-4ABD-BB8A-B335C98286C0@mydex.org> Folks, Sorry for the late issue but there is lots going on in the VPI world at present. As discussed in the last few calls, we need to re-charter the group as Liberty Alliance transitions to NewOrg, and in doing so have the opportunity to step up to become a full working group rather than a special interest group (i.e. we get to build stuff as well as talk about it.....). Could you have a look at the draft charter (attached) if you have time and we'll discuss it on the call later today. It's by no means the finished article but we can do that over the next week. If you can't make the call then by all means feed back to me by e-mail or let me know if you want to one to one discussion on it. Call details are: http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG Today (8th April) at 11-12 PDT, 19:00-20:00 UK time USA toll-free - 866- 469-3239 USA toll - 650-429-3300 Regards Iain -------------- next part -------------- A non-text attachment was scrubbed... Name: VPI_WG_NewOrg_Draft_Charter_v.02ih Type: application/octet-stream Size: 44544 bytes Desc: not available URL: -------------- next part -------------- Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From iain.henderson at mydex.org Wed Apr 8 01:14:17 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 8 Apr 2009 09:14:17 +0100 Subject: [Sig-vpi] Draft Charter under NewOrg in advance of our call later today In-Reply-To: <49DC5C34.9090300@switchbook.com> References: <7385F7D7-DF13-4ABD-BB8A-B335C98286C0@mydex.org> <49DC5C34.9090300@switchbook.com> Message-ID: strange, yes it is a Word doc (.doc) On 8 Apr 2009, at 09:11, Joe Andrieu wrote: > Iain, > > The attachment came up as a .02ih file. Is it a word doc? Is it > just that its missing the .doc extension? It opened as gobblygook > when opened directly into word. > > -j > > -- > Joe Andrieu > joe at switchbook.com @joeandrieu > +1 (805) 705-8651 joe.andrieu (skype) > http://blog.joeandrieu.com http://www.switchbook.com > > On 4/7/2009 11:40 PM, Iain Henderson wrote: >> Folks, >> >> Sorry for the late issue but there is lots going on in the VPI >> world at >> present. >> >> As discussed in the last few calls, we need to re-charter the group >> as >> Liberty Alliance transitions to NewOrg, and in doing so have the >> opportunity to step up to become a full working group rather than a >> special interest group (i.e. we get to build stuff as well as talk >> about >> it.....). >> >> Could you have a look at the draft charter (attached) if you have >> time >> and we'll discuss it on the call later today. It's by no means the >> finished article but we can do that over the next week. >> >> If you can't make the call then by all means feed back to me by e- >> mail >> or let me know if you want to one to one discussion on it. >> >> Call details are: >> >> http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG >> >> Today (8th April) at 11-12 PDT, 19:00-20:00 UK time >> >> USA toll-free - 866- 469-3239 >> USA toll - 650-429-3300 >> >> >> Regards >> >> Iain >> >> >> >> >> >> >> Iain Henderson >> iain.henderson at mydex.org >> >> This email and any attachment contains information which is private >> and >> confidential and is intended for the addressee only. If you are not >> an >> addressee, you are not authorised to read, copy or use the e-mail >> or any >> attachment. If you have received this e-mail in error, please >> notify the >> sender by return e-mail and then destroy it. >> >> >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From info at smartspecies.com Wed Apr 8 10:02:08 2009 From: info at smartspecies.com (Mark Lizar) Date: Wed, 8 Apr 2009 18:02:08 +0100 Subject: [Sig-vpi] Draft Charter under NewOrg in advance of our call later today In-Reply-To: <7385F7D7-DF13-4ABD-BB8A-B335C98286C0@mydex.org> References: <7385F7D7-DF13-4ABD-BB8A-B335C98286C0@mydex.org> Message-ID: I have had a chance to revise this a little please see attached document for revisions. - Mark -------------- next part -------------- A non-text attachment was scrubbed... Name: VPI_WG_NewOrg_Draft_Charter_vML.doc Type: application/octet-stream Size: 46080 bytes Desc: not available URL: -------------- next part -------------- On 8 Apr 2009, at 07:40, Iain Henderson wrote: > Folks, > > Sorry for the late issue but there is lots going on in the VPI world > at present. > > As discussed in the last few calls, we need to re-charter the group > as Liberty Alliance transitions to NewOrg, and in doing so have the > opportunity to step up to become a full working group rather than a > special interest group (i.e. we get to build stuff as well as talk > about it.....). > > Could you have a look at the draft charter (attached) if you have > time and we'll discuss it on the call later today. It's by no means > the finished article but we can do that over the next week. > > If you can't make the call then by all means feed back to me by e- > mail or let me know if you want to one to one discussion on it. > > Call details are: > > http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG > > Today (8th April) at 11-12 PDT, 19:00-20:00 UK time > > USA toll-free - 866- 469-3239 > USA toll - 650-429-3300 > > > Regards > > Iain > > > > > > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org From Eve.Maler at Sun.COM Wed Apr 8 11:00:32 2009 From: Eve.Maler at Sun.COM (Eve Maler) Date: Wed, 08 Apr 2009 11:00:32 -0700 Subject: [Sig-vpi] Draft Charter under NewOrg in advance of our call later today In-Reply-To: <7385F7D7-DF13-4ABD-BB8A-B335C98286C0@mydex.org> References: <7385F7D7-DF13-4ABD-BB8A-B335C98286C0@mydex.org> Message-ID: <75F664BA-BE56-4EB7-900A-FB5A976D2CBF@sun.com> I didn't see an access code in this email... According to the wiki, the dial-in details are: US toll-free number: 866-469-3239 US toll number: 650-429-3300 SIG Meeting Number or Access Code: 78701111# On Apr 7, 2009, at 11:40 PM, Iain Henderson wrote: > Folks, > > Sorry for the late issue but there is lots going on in the VPI world > at present. > > As discussed in the last few calls, we need to re-charter the group > as Liberty Alliance transitions to NewOrg, and in doing so have the > opportunity to step up to become a full working group rather than a > special interest group (i.e. we get to build stuff as well as talk > about it.....). > > Could you have a look at the draft charter (attached) if you have > time and we'll discuss it on the call later today. It's by no means > the finished article but we can do that over the next week. > > If you can't make the call then by all means feed back to me by e- > mail or let me know if you want to one to one discussion on it. > > Call details are: > > http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG > > Today (8th April) at 11-12 PDT, 19:00-20:00 UK time > > USA toll-free - 866- 469-3239 > USA toll - 650-429-3300 > > > Regards > > Iain > > > > > > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Eve Maler eve.maler @ sun.com Emerging Technologies Director cell +1 425 345 6756 Sun Microsystems Identity Software www.xmlgrrl.com/blog From iain.henderson at mydex.org Wed Apr 15 00:40:38 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 15 Apr 2009 08:40:38 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg Message-ID: Folks, As we have discussed on the last few calls, Liberty Alliance is about to transform into 'NewOrg', with some fanfare, some new directions and a new working group infrastructure. In the new organisation, Special Interest Groups such as this one are eligible to become Working Groups, i.e. we get to build stuff and write stuff as well as talk about it. In the last few calls we have discussed the practicalities of the above, and determined that we are likely to need two working groups to cover our proposed areas of work; that is because we wish to develop some technical specifications which require an appropriate IPR regime around them, but also write some white papers, draft data sharing contracts etc which require a much more accessible type of license regime. As such, i've drafted these two new charters, one for tech specifications, and the other for 'policy' related work. These are going off to the Mgt Board for review but also feel free to send any comments/ queries back to the list and we'll iterate to final versions over the next week (next call is Wed 22nd April). On that call i'll be looking to set out the plan of work and talk through who wishes to/ is able to work on which aspect. You will also notice that we're proposing to change the name from Volunteered Personal Information to User Driven Information. This is because when digging into the detail of 'VPI', we realised that not all of the information shareable by the individual is strictly personal, so we felt it better to look for a more inclusive option.....so UDI it is, and writing up a full description of that is one of the proposed work packages. Hope that's all clear. Cheers Iain -------------- next part -------------- A non-text attachment was scrubbed... Name: UDI_WG_NewOrg_Draft_Charter Policy_v.04 Type: application/octet-stream Size: 45056 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: UDI_WG_NewOrg_Draft_Charter Tech_v.04 Type: application/octet-stream Size: 43008 bytes Desc: not available URL: -------------- next part -------------- Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From jtrentadams at gmail.com Wed Apr 15 06:08:36 2009 From: jtrentadams at gmail.com (J. Trent Adams) Date: Wed, 15 Apr 2009 09:08:36 -0400 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: References: Message-ID: <49E5DC54.8030406@gmail.com> Iain - Quick comment about the IPR selection on the "UDI Work Group (Policy)" proposal. Since there is no Creative Commons option available in the documents currently under legal review, would it be reasonable to select the Apache option for now and shift to CC later (after the group is formed and a CC option can be approved? I'm proposing something similar for another Discussion Group I'm working up and am curious if you think this'll work for UDI-WG, too. - Trent Iain Henderson wrote: > Folks, > > As we have discussed on the last few calls, Liberty Alliance is about > to transform into 'NewOrg', with some fanfare, some new directions and > a new working group infrastructure. > > In the new organisation, Special Interest Groups such as this one are > eligible to become Working Groups, i.e. we get to build stuff and > write stuff as well as talk about it. > > In the last few calls we have discussed the practicalities of the > above, and determined that we are likely to need two working groups to > cover our proposed areas of work; that is because we wish to develop > some technical specifications which require an appropriate IPR regime > around them, but also write some white papers, draft data sharing > contracts etc which require a much more accessible type of license > regime. > > As such, i've drafted these two new charters, one for tech > specifications, and the other for 'policy' related work. These are > going off to the Mgt Board for review but also feel free to send any > comments/ queries back to the list and we'll iterate to final versions > over the next week (next call is Wed 22nd April). On that call i'll be > looking to set out the plan of work and talk through who wishes to/ is > able to work on which aspect. > > You will also notice that we're proposing to change the name from > Volunteered Personal Information to User Driven Information. This is > because when digging into the detail of 'VPI', we realised that not > all of the information shareable by the individual is strictly > personal, so we felt it better to look for a more inclusive > option.....so UDI it is, and writing up a full description of that is > one of the proposed work packages. > > Hope that's all clear. > > Cheers > > Iain > > > > > > > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the > e-mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > -- J. Trent Adams =jtrentadams Profile: http://www.mediaslate.org/jtrentadams/ LinkedIN: http://www.linkedin.com/in/jtrentadams Twitter: http://twitter.com/jtrentadams From iain.henderson at mydex.org Wed Apr 15 07:04:44 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 15 Apr 2009 15:04:44 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <49E5DC54.8030406@gmail.com> References: <49E5DC54.8030406@gmail.com> Message-ID: <7A868A3B-4F89-4D74-9C38-733727DAE60F@mydex.org> Thanks Trent, yes i'm aware of that issue - i'm told that if there is sufficient demand for a different type of license then it will be added. In practice I don't think the Apache license is at all relevant to the Policy working group so we'd be more likely to delay its formation rather than opt for something that we know would not work. No doubt we'll hear more back on this from Brett/ Joni. Cheers Iain On 15 Apr 2009, at 14:08, J. Trent Adams wrote: > Iain - > > Quick comment about the IPR selection on the "UDI Work Group (Policy)" > proposal. Since there is no Creative Commons option available in the > documents currently under legal review, would it be reasonable to > select > the Apache option for now and shift to CC later (after the group is > formed and a CC option can be approved? > > I'm proposing something similar for another Discussion Group I'm > working > up and am curious if you think this'll work for UDI-WG, too. > > - Trent > > > Iain Henderson wrote: >> Folks, >> >> As we have discussed on the last few calls, Liberty Alliance is about >> to transform into 'NewOrg', with some fanfare, some new directions >> and >> a new working group infrastructure. >> >> In the new organisation, Special Interest Groups such as this one are >> eligible to become Working Groups, i.e. we get to build stuff and >> write stuff as well as talk about it. >> >> In the last few calls we have discussed the practicalities of the >> above, and determined that we are likely to need two working groups >> to >> cover our proposed areas of work; that is because we wish to develop >> some technical specifications which require an appropriate IPR regime >> around them, but also write some white papers, draft data sharing >> contracts etc which require a much more accessible type of license >> regime. >> >> As such, i've drafted these two new charters, one for tech >> specifications, and the other for 'policy' related work. These are >> going off to the Mgt Board for review but also feel free to send any >> comments/ queries back to the list and we'll iterate to final >> versions >> over the next week (next call is Wed 22nd April). On that call i'll >> be >> looking to set out the plan of work and talk through who wishes to/ >> is >> able to work on which aspect. >> >> You will also notice that we're proposing to change the name from >> Volunteered Personal Information to User Driven Information. This is >> because when digging into the detail of 'VPI', we realised that not >> all of the information shareable by the individual is strictly >> personal, so we felt it better to look for a more inclusive >> option.....so UDI it is, and writing up a full description of that is >> one of the proposed work packages. >> >> Hope that's all clear. >> >> Cheers >> >> Iain >> >> >> >> >> >> >> >> Iain Henderson >> iain.henderson at mydex.org >> >> This email and any attachment contains information which is private >> and confidential and is intended for the addressee only. If you are >> not an addressee, you are not authorised to read, copy or use the >> e-mail or any attachment. If you have received this e-mail in error, >> please notify the sender by return e-mail and then destroy it. >> >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> > > -- > J. Trent Adams > =jtrentadams > > Profile: http://www.mediaslate.org/jtrentadams/ > LinkedIN: http://www.linkedin.com/in/jtrentadams > Twitter: http://twitter.com/jtrentadams > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From info at smartspecies.com Wed Apr 15 09:36:33 2009 From: info at smartspecies.com (Mark Lizar) Date: Wed, 15 Apr 2009 17:36:33 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: References: Message-ID: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> On 15 Apr 2009, at 08:40, Iain Henderson wrote: > You will also notice that we're proposing to change the name from > Volunteered Personal Information to User Driven Information. This is > because when digging into the detail of 'VPI', we realised that not > all of the information shareable by the individual is strictly > personal, so we felt it better to look for a more inclusive > option.....so UDI it is, and writing up a full description of that > is one of the proposed work packages. Although I can see the sense in broadening the scope of VPI to UDI, I do think we loose something quite powerful in that personal information falls under privacy and has a lot of force when applied in customer relationships as well as in terms of compliance. I can see that this isnt necessarily a salient point in that the data we are discussing will be enforced in contract and subscribed to regardless. Is there is a list somewhere or notes from a previous discussion that details what data doesn't fall under VPI? From joni at ieee-isto.org Wed Apr 15 09:57:21 2009 From: joni at ieee-isto.org (Joni Brennan) Date: Wed, 15 Apr 2009 09:57:21 -0700 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> Message-ID: <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> Hi Mark, This may not be exactly what you're looking for but perhaps the VPI SIG charter will be helpful as one reference: http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter Cheers, Joni On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar wrote: > > On 15 Apr 2009, at 08:40, Iain Henderson wrote: > > You will also notice that we're proposing to change the name from >> Volunteered Personal Information to User Driven Information. This is because >> when digging into the detail of 'VPI', we realised that not all of the >> information shareable by the individual is strictly personal, so we felt it >> better to look for a more inclusive option.....so UDI it is, and writing up >> a full description of that is one of the proposed work packages. >> > > Although I can see the sense in broadening the scope of VPI to UDI, I do > think we loose something quite powerful in that personal information falls > under privacy and has a lot of force when applied in customer relationships > as well as in terms of compliance. I can see that this isnt necessarily a > salient point in that the data we are discussing will be enforced in > contract and subscribed to regardless. > > Is there is a list somewhere or notes from a previous discussion that > details what data doesn't fall under VPI? > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > -- Joni Brennan IEEE-ISTO Liberty Alliance Project Director of Operations voice:+1 732-226-4223 email: joni @ projectliberty.org email: joni @ ieee-isto.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at smartspecies.com Wed Apr 15 10:22:35 2009 From: info at smartspecies.com (Mark Lizar) Date: Wed, 15 Apr 2009 18:22:35 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> Message-ID: <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> Thanks Joni, The context wiki and the name change does make a great deal of sense. Personal information does immediately seem restrictive for the broader stake-holders which we will want to get involved. Perhaps in writing up a full description of what UDI is we can create a category of information for Volunteered Personal Information? - Mark On 15 Apr 2009, at 17:57, Joni Brennan wrote: > Hi Mark, > > This may not be exactly what you're looking for but perhaps the VPI > SIG charter will be helpful as one reference: > > http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter > > Cheers, > > Joni > > On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar > wrote: > > On 15 Apr 2009, at 08:40, Iain Henderson wrote: > > You will also notice that we're proposing to change the name from > Volunteered Personal Information to User Driven Information. This is > because when digging into the detail of 'VPI', we realised that not > all of the information shareable by the individual is strictly > personal, so we felt it better to look for a more inclusive > option.....so UDI it is, and writing up a full description of that > is one of the proposed work packages. > > Although I can see the sense in broadening the scope of VPI to UDI, > I do think we loose something quite powerful in that personal > information falls under privacy and has a lot of force when applied > in customer relationships as well as in terms of compliance. I can > see that this isnt necessarily a salient point in that the data we > are discussing will be enforced in contract and subscribed to > regardless. > > Is there is a list somewhere or notes from a previous discussion > that details what data doesn't fall under VPI? > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > > > -- > Joni Brennan > IEEE-ISTO > Liberty Alliance Project > Director of Operations > voice:+1 732-226-4223 > email: joni @ projectliberty.org > email: joni @ ieee-isto.org > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iain.henderson at mydex.org Wed Apr 15 12:21:57 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Wed, 15 Apr 2009 20:21:57 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> Message-ID: <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> yes, as we move from discussion group to working group we'll need to improve our documentation - starting with a description of User Driven Information and how (if) that differs from VPI. Ultimately, I think the shift is the right thing to do, but I agree we lose a little bit of the pure focus that VPI gave us - let's see if we can find a way to do both, because I certainly see the VPI aspect being the key area of new value creation. Cheers Iain On 15 Apr 2009, at 18:22, Mark Lizar wrote: > Thanks Joni, > > The context wiki and the name change does make a great deal of > sense. Personal information does immediately seem restrictive for > the broader stake-holders which we will want to get involved. > Perhaps in writing up a full description of what UDI is we can > create a category of information for Volunteered Personal Information? > > - Mark > > > > > > On 15 Apr 2009, at 17:57, Joni Brennan wrote: > >> Hi Mark, >> >> This may not be exactly what you're looking for but perhaps the VPI >> SIG charter will be helpful as one reference: >> >> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >> >> Cheers, >> >> Joni >> >> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >> wrote: >> >> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >> >> You will also notice that we're proposing to change the name from >> Volunteered Personal Information to User Driven Information. This >> is because when digging into the detail of 'VPI', we realised that >> not all of the information shareable by the individual is strictly >> personal, so we felt it better to look for a more inclusive >> option.....so UDI it is, and writing up a full description of that >> is one of the proposed work packages. >> >> Although I can see the sense in broadening the scope of VPI to UDI, >> I do think we loose something quite powerful in that personal >> information falls under privacy and has a lot of force when applied >> in customer relationships as well as in terms of compliance. I >> can see that this isnt necessarily a salient point in that the data >> we are discussing will be enforced in contract and subscribed to >> regardless. >> >> Is there is a list somewhere or notes from a previous discussion >> that details what data doesn't fall under VPI? >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> >> >> >> -- >> Joni Brennan >> IEEE-ISTO >> Liberty Alliance Project >> Director of Operations >> voice:+1 732-226-4223 >> email: joni @ projectliberty.org >> email: joni @ ieee-isto.org >> >> >> >> > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From brett at projectliberty.org Wed Apr 15 12:46:00 2009 From: brett at projectliberty.org (Brett McDowell) Date: Wed, 15 Apr 2009 15:46:00 -0400 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: References: Message-ID: <418B68BC-325F-4DF8-B0C3-4FA39415B011@projectliberty.org> Do you know which SSO you want to submit the Technical Specifications to yet? Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com On Apr 15, 2009, at 3:40 AM, Iain Henderson wrote: > Folks, > > As we have discussed on the last few calls, Liberty Alliance is > about to transform into 'NewOrg', with some fanfare, some new > directions and a new working group infrastructure. > > In the new organisation, Special Interest Groups such as this one > are eligible to become Working Groups, i.e. we get to build stuff > and write stuff as well as talk about it. > > In the last few calls we have discussed the practicalities of the > above, and determined that we are likely to need two working groups > to cover our proposed areas of work; that is because we wish to > develop some technical specifications which require an appropriate > IPR regime around them, but also write some white papers, draft data > sharing contracts etc which require a much more accessible type of > license regime. > > As such, i've drafted these two new charters, one for tech > specifications, and the other for 'policy' related work. These are > going off to the Mgt Board for review but also feel free to send any > comments/ queries back to the list and we'll iterate to final > versions over the next week (next call is Wed 22nd April). On that > call i'll be looking to set out the plan of work and talk through > who wishes to/ is able to work on which aspect. > > You will also notice that we're proposing to change the name from > Volunteered Personal Information to User Driven Information. This is > because when digging into the detail of 'VPI', we realised that not > all of the information shareable by the individual is strictly > personal, so we felt it better to look for a more inclusive > option.....so UDI it is, and writing up a full description of that > is one of the proposed work packages. > > Hope that's all clear. > > Cheers > > Iain > > > > 04> > > > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org From Eve.Maler at Sun.COM Thu Apr 16 12:56:24 2009 From: Eve.Maler at Sun.COM (Eve Maler) Date: Thu, 16 Apr 2009 12:56:24 -0700 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> Message-ID: <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> Reviewing the draft charters, I'm finding that I'm a little reluctant to leave "VPI" behind (having argued, when the term was invented, that "Premium Personal Information" would be my preferred choice!). Here's my best shot at making the argument. Any information created by a person, about a person, related to a person, under the control of a person when it comes to distribution rights, etc. could be described as "personal" without any serious loss of precision. Also, having gotten used to "volunteered" (and even done some public promotion around it), I'd hate to leave it behind. Finally, information isn't "driven" -- processes are driven. Information *sharing* could be user-driven, but I believe this effort is trying to leave the technical/architectural implications of sharing *mechanisms* out of scope. (That is, "user-driven information sharing" is awfully broad and doesn't get at what's unique about this effort.) Eve On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: > yes, as we move from discussion group to working group we'll need to > improve our documentation - starting with a description of User > Driven Information and how (if) that differs from VPI. > > Ultimately, I think the shift is the right thing to do, but I agree > we lose a little bit of the pure focus that VPI gave us - let's see > if we can find a way to do both, because I certainly see the VPI > aspect being the key area of new value creation. > > Cheers > > Iain > > On 15 Apr 2009, at 18:22, Mark Lizar wrote: > >> Thanks Joni, >> >> The context wiki and the name change does make a great deal of >> sense. Personal information does immediately seem restrictive for >> the broader stake-holders which we will want to get involved. >> Perhaps in writing up a full description of what UDI is we can >> create a category of information for Volunteered Personal >> Information? >> >> - Mark >> >> >> >> >> >> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >> >>> Hi Mark, >>> >>> This may not be exactly what you're looking for but perhaps the >>> VPI SIG charter will be helpful as one reference: >>> >>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>> >>> Cheers, >>> >>> Joni >>> >>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>> wrote: >>> >>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>> >>> You will also notice that we're proposing to change the name from >>> Volunteered Personal Information to User Driven Information. This >>> is because when digging into the detail of 'VPI', we realised that >>> not all of the information shareable by the individual is strictly >>> personal, so we felt it better to look for a more inclusive >>> option.....so UDI it is, and writing up a full description of that >>> is one of the proposed work packages. >>> >>> Although I can see the sense in broadening the scope of VPI to >>> UDI, I do think we loose something quite powerful in that personal >>> information falls under privacy and has a lot of force when >>> applied in customer relationships as well as in terms of >>> compliance. I can see that this isnt necessarily a salient point >>> in that the data we are discussing will be enforced in contract >>> and subscribed to regardless. >>> >>> Is there is a list somewhere or notes from a previous discussion >>> that details what data doesn't fall under VPI? Eve Maler eve.maler @ sun.com Emerging Technologies Director cell +1 425 345 6756 Sun Microsystems Identity Software www.xmlgrrl.com/blog From iain.henderson at mydex.org Thu Apr 16 13:13:54 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Thu, 16 Apr 2009 21:13:54 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> Message-ID: <47C94ABD-71EF-4064-B255-7911AFA0C05F@mydex.org> Thanks Eve, i've had similar feedback from Mark Lizar and i've asked him to post that to the list. I'll respond tomorrow with the various logic threads for the name change and we can debate - nothing is fixed in stone and if the consensus is to retain VPI then that's fine by me. I like the term and it offers great focus, but there are areas where it constrains - more on that tomorrow. Cheers Iain On 16 Apr 2009, at 20:56, Eve Maler wrote: > Reviewing the draft charters, I'm finding that I'm a little > reluctant to leave "VPI" behind (having argued, when the term was > invented, that "Premium Personal Information" would be my preferred > choice!). Here's my best shot at making the argument. > > Any information created by a person, about a person, related to a > person, under the control of a person when it comes to distribution > rights, etc. could be described as "personal" without any serious > loss of precision. Also, having gotten used to "volunteered" (and > even done some public promotion around it), I'd hate to leave it > behind. Finally, information isn't "driven" -- processes are > driven. Information *sharing* could be user-driven, but I believe > this effort is trying to leave the technical/architectural > implications of sharing *mechanisms* out of scope. (That is, "user- > driven information sharing" is awfully broad and doesn't get at > what's unique about this effort.) > > Eve > > On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: > >> yes, as we move from discussion group to working group we'll need >> to improve our documentation - starting with a description of User >> Driven Information and how (if) that differs from VPI. >> >> Ultimately, I think the shift is the right thing to do, but I agree >> we lose a little bit of the pure focus that VPI gave us - let's see >> if we can find a way to do both, because I certainly see the VPI >> aspect being the key area of new value creation. >> >> Cheers >> >> Iain >> >> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >> >>> Thanks Joni, >>> >>> The context wiki and the name change does make a great deal of >>> sense. Personal information does immediately seem restrictive for >>> the broader stake-holders which we will want to get involved. >>> Perhaps in writing up a full description of what UDI is we can >>> create a category of information for Volunteered Personal >>> Information? >>> >>> - Mark >>> >>> >>> >>> >>> >>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>> >>>> Hi Mark, >>>> >>>> This may not be exactly what you're looking for but perhaps the >>>> VPI SIG charter will be helpful as one reference: >>>> >>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>>> >>>> Cheers, >>>> >>>> Joni >>>> >>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>> wrote: >>>> >>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>>> >>>> You will also notice that we're proposing to change the name from >>>> Volunteered Personal Information to User Driven Information. This >>>> is because when digging into the detail of 'VPI', we realised >>>> that not all of the information shareable by the individual is >>>> strictly personal, so we felt it better to look for a more >>>> inclusive option.....so UDI it is, and writing up a full >>>> description of that is one of the proposed work packages. >>>> >>>> Although I can see the sense in broadening the scope of VPI to >>>> UDI, I do think we loose something quite powerful in that >>>> personal information falls under privacy and has a lot of force >>>> when applied in customer relationships as well as in terms of >>>> compliance. I can see that this isnt necessarily a salient >>>> point in that the data we are discussing will be enforced in >>>> contract and subscribed to regardless. >>>> >>>> Is there is a list somewhere or notes from a previous discussion >>>> that details what data doesn't fall under VPI? > > > Eve Maler eve.maler @ sun.com > Emerging Technologies Director cell +1 425 345 6756 > Sun Microsystems Identity Software www.xmlgrrl.com/blog > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From joe at switchbook.com Thu Apr 16 13:49:55 2009 From: joe at switchbook.com (Joe Andrieu) Date: Thu, 16 Apr 2009 13:49:55 -0700 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <47C94ABD-71EF-4064-B255-7911AFA0C05F@mydex.org> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <47C94ABD-71EF-4064-B255-7911AFA0C05F@mydex.org> Message-ID: <49E799F3.9080509@switchbook.com> Hi. I'll chime in for the new term. Volunteered always struck me as a bit disempowering. That is, volunteering implies a lack of subsequent control or even value exchange. Voluntary is subtly different, but volunteer and volunteered imply that one is providing something without explicit quid-pro-quo--even if it is an opening prelude to more interesting development. Volunteers don't get paid. Voluntary contributions don't explicitly get remuneration in return. It's a bit devaluing that way. Second, the "personal" in VPI masks categorical blinders in the open/portability debate. This became evident to me at the Identity lunch Kaliya organized at SXSW. In response to something I said about personal information, both Bob Blakely and Joseph Smarr replied that there isn't any copyright in "personal data" because it is factual. (True enough with a limited set of data.) That is, "personal data" currently means things like your name, address and age, etc. It does not mean things that you personally bring to the table. So, "personal information" would, imo, by most people, generally be globbed into that same bucket: "Oh, you mean like your name and address." Instead, we are discussing something quite different: information provided by individuals in order to provide enhanced services... information like their intentions, deadlines, budgets, certifications, memberships, special needs, disabilities, etc. Information which won't be (and isn't) accurately provided today because of concerns of abuse and misuse. Third, I am a fan of "user driven" for two main reasons. One: it considers the individual from a systems perspective, not the potentially more complicated perspectives of human rights, civil rights, natural rights, etc. After all, we aren't focused on reinventing the government or society directly, we are talking about how to build better systems by handling information from users of those systems in a particular way. Two: it establishes the user as the point of both origination and control. Volunteered seems to miss the controlled part. I'll be promoting User Driven Services and User Driven Search quite a bit in the next year, and the fuel for both of those is, imo, naturally referred to as User Driven Information. Fourth, it sidesteps--neatly, IMO--the issues of "who owns your personal data?" That phrase a rallying cry and a point of both motivation and conflict in the larger debate about identity. Part of what attracted me to Iain's work from the beginning was that what we are talking about is a particular set of information provided by the user, and /at the point of provision/ contracted for a certain set of uses. It doesn't attempt to control the data already present in vendors' systems. Instead, it simply sets up a way to get high quality information at the right time for the right uses, with everyone able to benefit more. That said, I think the points raised so far are valid. We'll lose a certain accessibility switching from VPI, but on the other hand, I think UDI ties us into the larger trend of user driven services, which is, for my money, the more interesting, powerful, and accessible trend in the marketplace. -j On 4/16/2009 1:13 PM, Iain Henderson wrote: > Thanks Eve, i've had similar feedback from Mark Lizar and i've asked him > to post that to the list. > > I'll respond tomorrow with the various logic threads for the name change > and we can debate - nothing is fixed in stone and if the consensus is to > retain VPI then that's fine by me. I like the term and it offers great > focus, but there are areas where it constrains - more on that tomorrow. > > Cheers > > Iain > > > > On 16 Apr 2009, at 20:56, Eve Maler wrote: > >> Reviewing the draft charters, I'm finding that I'm a little reluctant >> to leave "VPI" behind (having argued, when the term was invented, that >> "Premium Personal Information" would be my preferred choice!). Here's >> my best shot at making the argument. >> >> Any information created by a person, about a person, related to a >> person, under the control of a person when it comes to distribution >> rights, etc. could be described as "personal" without any serious loss >> of precision. Also, having gotten used to "volunteered" (and even done >> some public promotion around it), I'd hate to leave it behind. >> Finally, information isn't "driven" -- processes are driven. >> Information *sharing* could be user-driven, but I believe this effort >> is trying to leave the technical/architectural implications of sharing >> *mechanisms* out of scope. (That is, "user-driven information sharing" >> is awfully broad and doesn't get at what's unique about this effort.) >> >> Eve >> >> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: >> >>> yes, as we move from discussion group to working group we'll need to >>> improve our documentation - starting with a description of User >>> Driven Information and how (if) that differs from VPI. >>> >>> Ultimately, I think the shift is the right thing to do, but I agree >>> we lose a little bit of the pure focus that VPI gave us - let's see >>> if we can find a way to do both, because I certainly see the VPI >>> aspect being the key area of new value creation. >>> >>> Cheers >>> >>> Iain >>> >>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >>> >>>> Thanks Joni, >>>> >>>> The context wiki and the name change does make a great deal of >>>> sense. Personal information does immediately seem restrictive for >>>> the broader stake-holders which we will want to get involved. >>>> Perhaps in writing up a full description of what UDI is we can >>>> create a category of information for Volunteered Personal Information? >>>> >>>> - Mark >>>> >>>> >>>> >>>> >>>> >>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>>> >>>>> Hi Mark, >>>>> >>>>> This may not be exactly what you're looking for but perhaps the VPI >>>>> SIG charter will be helpful as one reference: >>>>> >>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>>>> >>>>> >>>>> Cheers, >>>>> >>>>> Joni >>>>> >>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>>> wrote: >>>>> >>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>>>> >>>>> You will also notice that we're proposing to change the name from >>>>> Volunteered Personal Information to User Driven Information. This >>>>> is because when digging into the detail of 'VPI', we realised that >>>>> not all of the information shareable by the individual is strictly >>>>> personal, so we felt it better to look for a more inclusive >>>>> option.....so UDI it is, and writing up a full description of that >>>>> is one of the proposed work packages. >>>>> >>>>> Although I can see the sense in broadening the scope of VPI to UDI, >>>>> I do think we loose something quite powerful in that personal >>>>> information falls under privacy and has a lot of force when applied >>>>> in customer relationships as well as in terms of compliance. I can >>>>> see that this isnt necessarily a salient point in that the data we >>>>> are discussing will be enforced in contract and subscribed to >>>>> regardless. >>>>> >>>>> Is there is a list somewhere or notes from a previous discussion >>>>> that details what data doesn't fall under VPI? >> >> >> Eve Maler eve.maler @ sun.com >> Emerging Technologies Director cell +1 425 345 6756 >> Sun Microsystems Identity Software www.xmlgrrl.com/blog >> > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private and > confidential and is intended for the addressee only. If you are not an > addressee, you are not authorised to read, copy or use the e-mail or any > attachment. If you have received this e-mail in error, please notify the > sender by return e-mail and then destroy it. > > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > > > -- Joe Andrieu joe at switchbook.com +1 (805) 705-8651 http://www.switchbook.com From info at smartspecies.com Thu Apr 16 14:20:49 2009 From: info at smartspecies.com (Mark Lizar) Date: Thu, 16 Apr 2009 22:20:49 +0100 Subject: [Sig-vpi] Fwd: Proposed Charters and Work Packages for 'VPI' in NewOrg References: <7dfb3ade0904160827r4a1a7c1cgee6fe89b93cdb580@mail.gmail.com> Message-ID: <3793A84A-4F0F-4308-BBC0-A5B838EE5ECE@smartspecies.com> I just saw Joe's email, but I though I would forward this on first, invite a reply and put some serious thought into what Joe has written for a response tomorrow. - M Begin forwarded message: > > HI Iain, > > After some thought, I believe that VPI provides a 'crispness and > righteousness' that only the term volunteered personal information > can provide. It seems that one of the reasons that VPI was such a > good label is that it universally implies the type of forward > looking information that is autonomically believed to be owned and > 'special' for each individual. In addition, personal information is > protected by law where user driven information is open for a much > more contentious path of potential copyright infringement and other > issues relating to the right to control specific information. > > To this end I wonder if it is possible to name the working group VPI- > UDI or similar, as putting together both in the tittle to me > immediately seems very powerful. The argument being that > Volunteered Personal Information places in context User Driven > Information. Without this context user driven information seems > much more technical, generic, and overtly broad weakening needed > impact, obsfucating needed clarity, while also sounding very third > party instead of the needed first. Although in contrast when put > together in a name the addition of UDI makes the concept of VPI > much more concrete and usable. > > I truly believe this to be important enough for additional thought, > especially since I can not clearly see the benefits this name change > creates. > > Best of Regards, > > Mark From info at smartspecies.com Fri Apr 17 05:04:11 2009 From: info at smartspecies.com (Mark Lizar) Date: Fri, 17 Apr 2009 13:04:11 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <49E799F3.9080509@switchbook.com> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <47C94ABD-71EF-4064-B255-7911AFA0C05F@mydex.org> <49E799F3.9080509@switchbook.com> Message-ID: <19B89AEB-F1F2-4168-AE15-240D5A826CB8@smartspecies.com> Dear Joe, While I highly value your views, opinions and contributions on this particular 'naming issue' I almost completely disagree, On 16 Apr 2009, at 21:49, Joe Andrieu wrote: > Hi. I'll chime in for the new term. > > Volunteered always struck me as a bit disempowering. That is, > volunteering implies a lack of subsequent control or even value > exchange. > Voluntary is subtly different, but volunteer and volunteered imply > that one is providing something without explicit quid-pro-quo--even > if it is an opening prelude to more interesting development. > Volunteers don't get paid. Voluntary contributions don't explicitly > get remuneration in return. It's a bit devaluing that way. I strongly disagree with this first point, voluntary means "done, given, or acting of one's own free will" which also means self- determined commonly defined as "free choice of one?s own acts without external compulsion". Self determination has a lot of history and is significant in the development of 'social contract' (John Locke, 1690) which has been realised in the development of many current modern meta- systems around the globe, I highly recommend reading the definition of self-determination in wikipedia on this subject. Specifically relevant to this working group and a catalysts to a 'new' era of identity management is ?The right of the individual to decide what information about himself should be communicated to others and under what circumstances? (1970, quoted in Altman, 1975, p17) This view has been upheld by a the German Federal Constitutional Court in 1983, and is coined 'information self-determination.' One other point that may provide significant insight relevant to this working group is self-determination theory (SDT). This theory focuses on the degree to which people endorse their actions at the highest level of reflection and engage in actions with a full sense of choice. This academic research provides a deeper insight to the psychology of how VPI is appropriate in terms of identity management and evolving current market systems. Additional Reading on this point: [1] Edward L. Deci and Richard M. Ryan ?Self-Determination Theory: A Macrotheory of Human Motivation, Development, and Health? University of Rochester, Canadian Psychological Association 2008, Vol. 49, No. 3, 182?185 1] International Security, Trust and Privacy Alliance, 2007 ?Analysis of Privacy?, pg. 66[Internet] [1] Locke, John 1690 "Second Treatise of Government" based on the paperback book, "John Locke Second Treatise of Government", Edited, with an Introduction, By C.B. McPherson, Indianapolis and Cambridge, 1980. [1] Bennett, Colin 1992 Regulating Privacy. Cornell University Press [1] Hosein, I et al. XX THE FOOTPRINT OF REGULATION How information systems are affecting the sources of control in a global economy, Department of Information Systems London School of Economics and Political Science [Internet] http://www.aueb.gr/ifip-isglob03/proceedings/42%20-%20Tsiavos.pdf [Accessed: February 2, 2009] > Second, the "personal" in VPI masks categorical blinders in the open/ > portability debate. This became evident to me at the Identity lunch > Kaliya organized at SXSW. In response to something I said about > personal information, both Bob Blakely and Joseph Smarr replied that > there isn't any copyright in "personal data" because it is factual. > (True enough with a limited set of data.) > > That is, "personal data" currently means things like your name, > address and age, etc. It does not mean things that you personally > bring to the table. So, "personal information" would, imo, what does 'imo' mean ? I agree that their are some categories unrepresented in the term VPI, but this also applies to the the term UDI. > by most people, generally be globbed into that same bucket: "Oh, you > mean like your name and address." Instead, we are discussing > something quite different: information provided by individuals in > order to provide enhanced services... information like their > intentions, deadlines, budgets, certifications, memberships, special > needs, disabilities, etc. Information which won't be (and isn't) > accurately provided today because of concerns of abuse and misuse. > Personal information has a rich and articulate legal/polical/systems history to which many of the issues you refer have been dealt with or are being dealt with. > Third, I am a fan of "user driven" for two main reasons. One: it > considers the individual from a systems perspective, not the > potentially more complicated perspectives of human rights, civil > rights, natural rights, etc. Firstly, 'user driven' in my opinion doesn't consider the individual. The term user has a tradition as a negative term implying 'being used' or using something or someone else. In these terms to me this implies what is currently wrong with information systems thinking and in part is what prevents rich individual information in the ICT market place. Secondly, personal information and self determination is the language that has been evolved from a systemic perspective, a major flaw in current technological thinking is the perception that the issues we are dealing with today are 'new'. Many of the issues about information transfer were first dealt with when railroads were built, banking systems transferred money internationally, and the first telephone systems were put in place. All of these technologies are 'user driven information' systems. All of which have been dealt with in case law and jurisprudence. (which I can dig out upon request) > After all, we aren't focused on reinventing the government or > society directly, we are talking about how to build better systems > by handling information from users of those systems in a particular > way. Precisely my point. VPI isnt a reinvention of government, the term is indicitive of government, a very long standing system that is in-fact 'user' driven. The law and government has dealt and struggled with the issues that the technical community is making software for at the moment. The government system that we have now is in fact an evolution of information systems represented in these issues we discuss. I would argue that the term voluntary personal information used as a technical concept bridges and evolves the existing issues that have a great deal of pertinent history. I would also argue that it is the technical community with out reference to the existing historical context that is trying to reinvent government. > Two: it establishes the user as the point of both origination and > control. Volunteered seems to miss the controlled part. I am quite sure that the word user does not establish the individual as an originator, but I do agree that broad term volunteered as you describe does miss the controlled part as it generically describes both passive control and active control of personal information. I have recently written a research paper describing a framework contribution for the analysis of the difference between passively and actively controlled volunteered personal information in varying types of information exchanges. Defining; actively controlled VPI as managed by the individual and passively controlled VPI as managed by an organization or third party through the use of contract. "Active VPI as a distinction in the research framework assumes an activity where an individual has usable access to information, in addition to control of this personal data as described in information self -determination. Transparency over access to personal information is critical in understanding the quantity and the quality of information an individual can actively and passively control and apply to any given context." > I'll be promoting User Driven Services and User Driven Search quite > a bit in the next year, and the fuel for both of those is, imo, > naturally referred to as User Driven Information. Ironically, just this morning, I have j been asked to participate and speak at the Global International Governance Workshop on May 11 in Brussels to present the above described VPI research framework to academics (from all over the world) who are currently doing research in the area of Internet Governance. > > Fourth, it sidesteps--neatly, IMO--the issues of "who owns your > personal data?" That phrase a rallying cry and a point of both > motivation and conflict in the larger debate about identity. Is this a good sidestep or a bad sidestep ? VPI as a name inspires an amazing opportunity to evolve existing identity management infrastructure, while providing this working group (and its associated projects) a necessary catalyst to successfully developing global identity management standards. > Part of what attracted me to Iain's work from the beginning was that > what we are talking about is a particular set of information > provided by the user, (I would say 'individual' not a user, or rather a creator, an originator. The term user indicates not only a person but any identity which takes advantage of or "uses".) Why does the term detract you from this particular set of information? This is where we have the opportunity to define, describe, and standardize "a particular set of information provided by the" individual. > and /at the point of provision/ contracted for a certain set of > uses. It doesn't attempt to control the data already present in > vendors' systems. Instead, it simply sets up a way to get high > quality information at the right time for the right uses, with > everyone able to benefit more. I completely agree that we should not attempt to control data already present in vendors systems. In fact, I believe we need to explicitly make it clear that we deal exclusively with current and forward looking information originated from the individual. > That said, I think the points raised so far are valid. We'll lose a > certain accessibility switching from VPI, but on the other hand, I > think UDI ties us into the larger trend of user driven services, > which is, for my money, the more interesting, powerful, and > accessible trend in the marketplace. There is a constant, unwavering and very historical trend to better articulate 'new' and individually originated information. To this end UDI in this context seems to be a new slang for existing discourse, (in my 'personal' opinion) badly explaining newly desired technical information process. Naturally, I object to the term 'user' but less so when it is first qualified and put in the context of actively controlled (by the user) personal information. Perhaps a better more accurate term would be actively controlled personally driven information ACPDI, but even this misses what VPI already represents and natively enables in future discourse, representing commercial access to rich un-tapped individual information. Personally volunteered information insinuates a wealth of active information that is missed through un-equal information sharing, one sided contracts, and information management practices. Practices clearly seen in bulk advertising, spam, TOSA's, Privacy Policies, and targeted marketing, which is based on an individuals historical information. (behavior targeted advertising) One additional point which may be relevant for this discussion; VPI is currently and most commonly used in privacy policies, meaning it is not a new concept, as is the active technical control of VPI. VPI in the legal context is a part of what makes legitimate legal contracts and is embodied in the passive control of personal information by third party organisations. This is significant in that privacy policies represent a global network of information sharing and control that is insufficient for modern information sharing practices. Rephrased: VPI at this time is most commonly used in privacy policies. Policies which globally represent old school identity management infrastructure which I believe VPI standards (represented through 'NewOrg' ) have a great (and easy) opportunity of updating at a systemic and global level (to enable new information economy). Perhaps an appropriate discussion would be how can this (already global) infrastructure of policy be evolved with new VPI technical standards in collaboration with existing Sigs in Liberty Alliance? With the greatest respect, Mark > > > -j > > > On 4/16/2009 1:13 PM, Iain Henderson wrote: >> Thanks Eve, i've had similar feedback from Mark Lizar and i've >> asked him >> to post that to the list. >> >> I'll respond tomorrow with the various logic threads for the name >> change >> and we can debate - nothing is fixed in stone and if the consensus >> is to >> retain VPI then that's fine by me. I like the term and it offers >> great >> focus, but there are areas where it constrains - more on that >> tomorrow. >> >> Cheers >> >> Iain >> >> >> >> On 16 Apr 2009, at 20:56, Eve Maler wrote: >> >>> Reviewing the draft charters, I'm finding that I'm a little >>> reluctant >>> to leave "VPI" behind (having argued, when the term was invented, >>> that >>> "Premium Personal Information" would be my preferred choice!). >>> Here's >>> my best shot at making the argument. >>> >>> Any information created by a person, about a person, related to a >>> person, under the control of a person when it comes to distribution >>> rights, etc. could be described as "personal" without any serious >>> loss >>> of precision. Also, having gotten used to "volunteered" (and even >>> done >>> some public promotion around it), I'd hate to leave it behind. >>> Finally, information isn't "driven" -- processes are driven. >>> Information *sharing* could be user-driven, but I believe this >>> effort >>> is trying to leave the technical/architectural implications of >>> sharing >>> *mechanisms* out of scope. (That is, "user-driven information >>> sharing" >>> is awfully broad and doesn't get at what's unique about this >>> effort.) >>> >>> Eve >>> >>> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: >>> >>>> yes, as we move from discussion group to working group we'll need >>>> to >>>> improve our documentation - starting with a description of User >>>> Driven Information and how (if) that differs from VPI. >>>> >>>> Ultimately, I think the shift is the right thing to do, but I agree >>>> we lose a little bit of the pure focus that VPI gave us - let's see >>>> if we can find a way to do both, because I certainly see the VPI >>>> aspect being the key area of new value creation. >>>> >>>> Cheers >>>> >>>> Iain >>>> >>>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >>>> >>>>> Thanks Joni, >>>>> >>>>> The context wiki and the name change does make a great deal of >>>>> sense. Personal information does immediately seem restrictive for >>>>> the broader stake-holders which we will want to get involved. >>>>> Perhaps in writing up a full description of what UDI is we can >>>>> create a category of information for Volunteered Personal >>>>> Information? >>>>> >>>>> - Mark >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>>>> >>>>>> Hi Mark, >>>>>> >>>>>> This may not be exactly what you're looking for but perhaps the >>>>>> VPI >>>>>> SIG charter will be helpful as one reference: >>>>>> >>>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>>>>> >>>>>> >>>>>> Cheers, >>>>>> >>>>>> Joni >>>>>> >>>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>>> > >>>>>> wrote: >>>>>> >>>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>>>>> >>>>>> You will also notice that we're proposing to change the name from >>>>>> Volunteered Personal Information to User Driven Information. This >>>>>> is because when digging into the detail of 'VPI', we realised >>>>>> that >>>>>> not all of the information shareable by the individual is >>>>>> strictly >>>>>> personal, so we felt it better to look for a more inclusive >>>>>> option.....so UDI it is, and writing up a full description of >>>>>> that >>>>>> is one of the proposed work packages. >>>>>> >>>>>> Although I can see the sense in broadening the scope of VPI to >>>>>> UDI, >>>>>> I do think we loose something quite powerful in that personal >>>>>> information falls under privacy and has a lot of force when >>>>>> applied >>>>>> in customer relationships as well as in terms of compliance. I >>>>>> can >>>>>> see that this isnt necessarily a salient point in that the data >>>>>> we >>>>>> are discussing will be enforced in contract and subscribed to >>>>>> regardless. >>>>>> >>>>>> Is there is a list somewhere or notes from a previous discussion >>>>>> that details what data doesn't fall under VPI? >>> >>> >>> Eve Maler eve.maler @ sun.com >>> Emerging Technologies Director cell +1 425 345 6756 >>> Sun Microsystems Identity Software www.xmlgrrl.com/blog >>> >> >> Iain Henderson >> iain.henderson at mydex.org >> >> This email and any attachment contains information which is private >> and >> confidential and is intended for the addressee only. If you are not >> an >> addressee, you are not authorised to read, copy or use the e-mail >> or any >> attachment. If you have received this e-mail in error, please >> notify the >> sender by return e-mail and then destroy it. >> >> >> >> >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> >> >> > > -- > Joe Andrieu > joe at switchbook.com > +1 (805) 705-8651 > http://www.switchbook.com > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From iain.henderson at mydex.org Fri Apr 17 07:52:56 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Fri, 17 Apr 2009 15:52:56 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <19B89AEB-F1F2-4168-AE15-240D5A826CB8@smartspecies.com> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <47C94ABD-71EF-4064-B255-7911AFA0C05F@mydex.org> <49E799F3.9080509@switchbook.com> <19B89AEB-F1F2-4168-AE15-240D5A826CB8@smartspecies.com> Message-ID: <10468B4E-C500-4CB7-98E1-A3D8F7BCC385@mydex.org> Thanks Mark, whilst I actually think there is less to disagree about than you infer, you do in your first sentence get to the heart of why I had an inclination to change the name of the group in the first place - simply that in the 6 months we have been talking about VPI, people have fallen into two camps in how they interpret the word 'volunteered'. I have always been using it as you define it, and deliberately so - but i'd say 25% of the people exposed to the term tend to gravitate towards a more negative interpretation (both options are technically correct according the various dictionaries I looked up. In light of this push-back, and some anomalies I encountered when writing at the more detailed level on VPI I thought a new term might help. I'm still mulling on this, i'll get into the detail over the weekend and we'll look to conclude one way or the other on the call next Wed. Cheers Iain On 17 Apr 2009, at 13:04, Mark Lizar wrote: > Dear Joe, > > While I highly value your views, opinions and contributions on this > particular 'naming issue' I almost completely disagree, > > On 16 Apr 2009, at 21:49, Joe Andrieu wrote: > >> Hi. I'll chime in for the new term. >> >> Volunteered always struck me as a bit disempowering. That is, >> volunteering implies a lack of subsequent control or even value >> exchange. >> Voluntary is subtly different, but volunteer and volunteered imply >> that one is providing something without explicit quid-pro-quo--even >> if it is an opening prelude to more interesting development. >> Volunteers don't get paid. Voluntary contributions don't explicitly >> get remuneration in return. It's a bit devaluing that way. > > I strongly disagree with this first point, voluntary means "done, > given, or acting of one's own free will" which also means self- > determined commonly defined as "free choice of one?s own acts > without external compulsion". Self determination has a lot of > history and is significant in the development of 'social > contract' (John Locke, 1690) which has been realised in the > development of many current modern meta-systems around the globe, I > highly recommend reading the definition of self-determination in > wikipedia on this subject. > > Specifically relevant to this working group and a catalysts to a > 'new' era of identity management is ?The right of the individual to > decide what information about himself should be communicated to > others and under what circumstances? (1970, quoted in Altman, 1975, > p17) This view has been upheld by a the German Federal > Constitutional Court in 1983, and is coined 'information self- > determination.' > > One other point that may provide significant insight relevant to > this working group is self-determination theory (SDT). This theory > focuses on the degree to which people endorse their actions at the > highest level of reflection and engage in actions with a full sense > of choice. This academic research provides a deeper insight to the > psychology of how VPI is appropriate in terms of identity management > and evolving current market systems. > > Additional Reading on this point: > [1] Edward L. Deci and Richard M. Ryan ?Self-Determination Theory: > A Macrotheory of Human Motivation, Development, and Health? > University of Rochester, Canadian Psychological Association 2008, > Vol. 49, No. 3, 182?185 > > 1] International Security, Trust and Privacy Alliance, 2007 > ?Analysis of Privacy?, pg. 66[Internet] > [1] Locke, John 1690 "Second Treatise of Government" based on the > paperback book, "John Locke Second Treatise of Government", Edited, > with an Introduction, By C.B. McPherson, Indianapolis and Cambridge, > 1980. > > [1] Bennett, Colin 1992 Regulating Privacy. Cornell University Press > [1] Hosein, I et al. XX THE FOOTPRINT OF REGULATION How information > systems are affecting the sources of control in a global economy, > Department of Information Systems London School of Economics and > Political Science [Internet] http://www.aueb.gr/ifip-isglob03/proceedings/42%20-%20Tsiavos.pdf > [Accessed: February 2, 2009] > >> Second, the "personal" in VPI masks categorical blinders in the >> open/portability debate. This became evident to me at the Identity >> lunch Kaliya organized at SXSW. In response to something I said >> about personal information, both Bob Blakely and Joseph Smarr >> replied that there isn't any copyright in "personal data" because >> it is factual. (True enough with a limited set of data.) >> >> That is, "personal data" currently means things like your name, >> address and age, etc. It does not mean things that you personally >> bring to the table. So, "personal information" would, imo, > > what does 'imo' mean ? > > I agree that their are some categories unrepresented in the term > VPI, but this also applies to the the term UDI. > >> by most people, generally be globbed into that same bucket: "Oh, >> you mean like your name and address." Instead, we are discussing >> something quite different: information provided by individuals in >> order to provide enhanced services... information like their >> intentions, deadlines, budgets, certifications, memberships, >> special needs, disabilities, etc. Information which won't be (and >> isn't) accurately provided today because of concerns of abuse and >> misuse. >> > Personal information has a rich and articulate legal/polical/systems > history to which many of the issues you refer have been dealt with > or are being dealt with. > >> Third, I am a fan of "user driven" for two main reasons. One: it >> considers the individual from a systems perspective, not the >> potentially more complicated perspectives of human rights, civil >> rights, natural rights, etc. > > Firstly, 'user driven' in my opinion doesn't consider the > individual. The term user has a tradition as a negative term > implying 'being used' or using something or someone else. In these > terms to me this implies what is currently wrong with information > systems thinking and in part is what prevents rich individual > information in the ICT market place. > > Secondly, personal information and self determination is the > language that has been evolved from a systemic perspective, a major > flaw in current technological thinking is the perception that the > issues we are dealing with today are 'new'. Many of the issues > about information transfer were first dealt with when railroads were > built, banking systems transferred money internationally, and the > first telephone systems were put in place. All of these > technologies are 'user driven information' systems. All of which > have been dealt with in case law and jurisprudence. (which I can dig > out upon request) > >> After all, we aren't focused on reinventing the government or >> society directly, we are talking about how to build better systems >> by handling information from users of those systems in a particular >> way. > > Precisely my point. VPI isnt a reinvention of government, the term > is indicitive of government, a very long standing system that is in- > fact 'user' driven. The law and government has dealt and struggled > with the issues that the technical community is making software for > at the moment. The government system that we have now is in fact an > evolution of information systems represented in these issues we > discuss. I would argue that the term voluntary personal information > used as a technical concept bridges and evolves the existing issues > that have a great deal of pertinent history. I would also argue > that it is the technical community with out reference to the > existing historical context that is trying to reinvent government. > >> Two: it establishes the user as the point of both origination and >> control. Volunteered seems to miss the controlled part. > > I am quite sure that the word user does not establish the individual > as an originator, but I do agree that broad term volunteered as you > describe does miss the controlled part as it generically describes > both passive control and active control of personal information. I > have recently written a research paper describing a framework > contribution for the analysis of the difference between passively > and actively controlled volunteered personal information in varying > types of information exchanges. Defining; actively controlled VPI as > managed by the individual and passively controlled VPI as managed by > an organization or third party through the use of contract. > "Active VPI as a distinction in the research framework assumes an > activity where an individual has usable access to information, in > addition to control of this personal data as described in > information self -determination. Transparency over access to > personal information is critical in understanding the quantity and > the quality of information an individual can actively and passively > control and apply to any given context." > >> I'll be promoting User Driven Services and User Driven Search quite >> a bit in the next year, and the fuel for both of those is, imo, >> naturally referred to as User Driven Information. > > Ironically, just this morning, I have j been asked to participate > and speak at the Global International Governance Workshop on May 11 > in Brussels to present the above described VPI research framework to > academics (from all over the world) who are currently doing research > in the area of Internet Governance. >> >> Fourth, it sidesteps--neatly, IMO--the issues of "who owns your >> personal data?" That phrase a rallying cry and a point of both >> motivation and conflict in the larger debate about identity. > > Is this a good sidestep or a bad sidestep ? VPI as a name inspires > an amazing opportunity to evolve existing identity management > infrastructure, while providing this working group (and its > associated projects) a necessary catalyst to successfully developing > global identity management standards. > >> Part of what attracted me to Iain's work from the beginning was >> that what we are talking about is a particular set of information >> provided by the user, > > (I would say 'individual' not a user, or rather a creator, an > originator. The term user indicates not only a person but any > identity which takes advantage of or "uses".) > > Why does the term detract you from this particular set of > information? This is where we have the opportunity to define, > describe, and standardize "a particular set of information provided > by the" individual. > >> and /at the point of provision/ contracted for a certain set of >> uses. It doesn't attempt to control the data already present in >> vendors' systems. Instead, it simply sets up a way to get high >> quality information at the right time for the right uses, with >> everyone able to benefit more. > > I completely agree that we should not attempt to control data > already present in vendors systems. In fact, I believe we need to > explicitly make it clear that we deal exclusively with current and > forward looking information originated from the individual. > >> That said, I think the points raised so far are valid. We'll lose a >> certain accessibility switching from VPI, but on the other hand, I >> think UDI ties us into the larger trend of user driven services, >> which is, for my money, the more interesting, powerful, and >> accessible trend in the marketplace. > > There is a constant, unwavering and very historical trend to better > articulate 'new' and individually originated information. To this > end UDI in this context seems to be a new slang for existing > discourse, (in my 'personal' opinion) badly explaining newly desired > technical information process. Naturally, I object to the term > 'user' but less so when it is first qualified and put in the context > of actively controlled (by the user) personal information. > > Perhaps a better more accurate term would be actively controlled > personally driven information ACPDI, but even this misses what VPI > already represents and natively enables in future discourse, > representing commercial access to rich un-tapped individual > information. > > Personally volunteered information insinuates a wealth of active > information that is missed through un-equal information sharing, one > sided contracts, and information management practices. Practices > clearly seen in bulk advertising, spam, TOSA's, Privacy Policies, > and targeted marketing, which is based on an individuals historical > information. (behavior targeted advertising) > > One additional point which may be relevant for this discussion; VPI > is currently and most commonly used in privacy policies, meaning it > is not a new concept, as is the active technical control of VPI. > VPI in the legal context is a part of what makes legitimate legal > contracts and is embodied in the passive control of personal > information by third party organisations. This is significant in > that privacy policies represent a global network of information > sharing and control that is insufficient for modern information > sharing practices. > > Rephrased: VPI at this time is most commonly used in privacy > policies. Policies which globally represent old school identity > management infrastructure which I believe VPI standards (represented > through 'NewOrg' ) have a great (and easy) opportunity of updating > at a systemic and global level (to enable new information economy). > > Perhaps an appropriate discussion would be how can this (already > global) infrastructure of policy be evolved with new VPI technical > standards in collaboration with existing Sigs in Liberty Alliance? > > With the greatest respect, > > Mark >> >> >> -j >> >> >> On 4/16/2009 1:13 PM, Iain Henderson wrote: >>> Thanks Eve, i've had similar feedback from Mark Lizar and i've >>> asked him >>> to post that to the list. >>> >>> I'll respond tomorrow with the various logic threads for the name >>> change >>> and we can debate - nothing is fixed in stone and if the consensus >>> is to >>> retain VPI then that's fine by me. I like the term and it offers >>> great >>> focus, but there are areas where it constrains - more on that >>> tomorrow. >>> >>> Cheers >>> >>> Iain >>> >>> >>> >>> On 16 Apr 2009, at 20:56, Eve Maler wrote: >>> >>>> Reviewing the draft charters, I'm finding that I'm a little >>>> reluctant >>>> to leave "VPI" behind (having argued, when the term was invented, >>>> that >>>> "Premium Personal Information" would be my preferred choice!). >>>> Here's >>>> my best shot at making the argument. >>>> >>>> Any information created by a person, about a person, related to a >>>> person, under the control of a person when it comes to distribution >>>> rights, etc. could be described as "personal" without any serious >>>> loss >>>> of precision. Also, having gotten used to "volunteered" (and even >>>> done >>>> some public promotion around it), I'd hate to leave it behind. >>>> Finally, information isn't "driven" -- processes are driven. >>>> Information *sharing* could be user-driven, but I believe this >>>> effort >>>> is trying to leave the technical/architectural implications of >>>> sharing >>>> *mechanisms* out of scope. (That is, "user-driven information >>>> sharing" >>>> is awfully broad and doesn't get at what's unique about this >>>> effort.) >>>> >>>> Eve >>>> >>>> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: >>>> >>>>> yes, as we move from discussion group to working group we'll >>>>> need to >>>>> improve our documentation - starting with a description of User >>>>> Driven Information and how (if) that differs from VPI. >>>>> >>>>> Ultimately, I think the shift is the right thing to do, but I >>>>> agree >>>>> we lose a little bit of the pure focus that VPI gave us - let's >>>>> see >>>>> if we can find a way to do both, because I certainly see the VPI >>>>> aspect being the key area of new value creation. >>>>> >>>>> Cheers >>>>> >>>>> Iain >>>>> >>>>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >>>>> >>>>>> Thanks Joni, >>>>>> >>>>>> The context wiki and the name change does make a great deal of >>>>>> sense. Personal information does immediately seem restrictive for >>>>>> the broader stake-holders which we will want to get involved. >>>>>> Perhaps in writing up a full description of what UDI is we can >>>>>> create a category of information for Volunteered Personal >>>>>> Information? >>>>>> >>>>>> - Mark >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>>>>> >>>>>>> Hi Mark, >>>>>>> >>>>>>> This may not be exactly what you're looking for but perhaps >>>>>>> the VPI >>>>>>> SIG charter will be helpful as one reference: >>>>>>> >>>>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>>>>>> >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Joni >>>>>>> >>>>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>>>> > >>>>>>> wrote: >>>>>>> >>>>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>>>>>> >>>>>>> You will also notice that we're proposing to change the name >>>>>>> from >>>>>>> Volunteered Personal Information to User Driven Information. >>>>>>> This >>>>>>> is because when digging into the detail of 'VPI', we realised >>>>>>> that >>>>>>> not all of the information shareable by the individual is >>>>>>> strictly >>>>>>> personal, so we felt it better to look for a more inclusive >>>>>>> option.....so UDI it is, and writing up a full description of >>>>>>> that >>>>>>> is one of the proposed work packages. >>>>>>> >>>>>>> Although I can see the sense in broadening the scope of VPI to >>>>>>> UDI, >>>>>>> I do think we loose something quite powerful in that personal >>>>>>> information falls under privacy and has a lot of force when >>>>>>> applied >>>>>>> in customer relationships as well as in terms of compliance. I >>>>>>> can >>>>>>> see that this isnt necessarily a salient point in that the >>>>>>> data we >>>>>>> are discussing will be enforced in contract and subscribed to >>>>>>> regardless. >>>>>>> >>>>>>> Is there is a list somewhere or notes from a previous discussion >>>>>>> that details what data doesn't fall under VPI? >>>> >>>> >>>> Eve Maler eve.maler @ sun.com >>>> Emerging Technologies Director cell +1 425 345 6756 >>>> Sun Microsystems Identity Software www.xmlgrrl.com/blog >>>> >>> >>> Iain Henderson >>> iain.henderson at mydex.org >>> >>> This email and any attachment contains information which is >>> private and >>> confidential and is intended for the addressee only. If you are >>> not an >>> addressee, you are not authorised to read, copy or use the e-mail >>> or any >>> attachment. If you have received this e-mail in error, please >>> notify the >>> sender by return e-mail and then destroy it. >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>> >>> >>> >> >> -- >> Joe Andrieu >> joe at switchbook.com >> +1 (805) 705-8651 >> http://www.switchbook.com >> >> _______________________________________________ >> Sig-vpi mailing list >> Sig-vpi at lists.projectliberty.org >> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From Eve.Maler at Sun.COM Fri Apr 17 08:11:14 2009 From: Eve.Maler at Sun.COM (Eve Maler) Date: Fri, 17 Apr 2009 08:11:14 -0700 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <10468B4E-C500-4CB7-98E1-A3D8F7BCC385@mydex.org> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <47C94ABD-71EF-4064-B255-7911AFA0C05F@mydex.org> <49E799F3.9080509@switchbook.com> <19B89AEB-F1F2-4168-AE15-240D5A826CB8@smartspecies.com> <10468B4E-C500-4CB7-98E1-A3D8F7BCC385@mydex.org> Message-ID: <1093DFC3-E787-402F-A653-4F1AD2C51EA2@Sun.COM> For what it's worth, I've seen the "volunteered" use cases as distinct from the regular ("mundane"?) VRM use cases around change-of-address and such like this: Mundane: Okay, I've decided to give you this info, which you are asking for in order to give me good service/products. (Implies that the info is simply the minimum necessary to get a known job done.) Volunteered: I *want* you to have this information so that you can figure out how to use it to give me good service/products in some fashion! No, really! Here, please take it! (Implies that the info's usage may be *prospective*, and certainly that it's exchanged at an earlier stage.) Once I saw it this way, it clarified for me the impact the two sets of use cases may have on how the offer and acceptance of information is conducted, that is, on the technical solutions for the high-level problem. That's when I realized I had, maybe, captured some of the relevant technical distinctions here: http://www.xmlgrrl.com/blog/archives/2009/03/29/protectserve-getting-down-to-use-cases/ Whereas the "data dominatrix" use case bucket is about *personally* choosing to provision a vendor with some data because they *asked you* for it, the "hey, sailor" (yeah, I know, read the post for context :-) use case bucket unilaterally offers data to someone -- or possibly *anyone* who comes along. Though I didn't mention personal RFPs specifically in the blog post, I see them as an instance of the latter, not the former. For me, "user-driven data" is too squishy and does not distinguish between the two (especially since "user-driven" is starting to be associated with VRM as a whole and even "user-centricity" more broadly), whereas I am willing to concede that "volunteered" can be used as a term of art for the second one without too much trouble. If "volunteered" isn't cutting it, could we consider one of these (these have some interesting, but I'd say appropriate, legal connotations)? offered proffered tendered ventured Eve On Apr 17, 2009, at 7:52 AM, Iain Henderson wrote: > Thanks Mark, whilst I actually think there is less to disagree about > than you infer, you do in your first sentence get to the heart of > why I had an inclination to change the name of the group in the > first place - simply that in the 6 months we have been talking about > VPI, people have fallen into two camps in how they interpret the > word 'volunteered'. > > I have always been using it as you define it, and deliberately so - > but i'd say 25% of the people exposed to the term tend to gravitate > towards a more negative interpretation (both options are technically > correct according the various dictionaries I looked up. > > In light of this push-back, and some anomalies I encountered when > writing at the more detailed level on VPI I thought a new term might > help. > > I'm still mulling on this, i'll get into the detail over the weekend > and we'll look to conclude one way or the other on the call next Wed. > > Cheers > > Iain > > > On 17 Apr 2009, at 13:04, Mark Lizar wrote: > >> Dear Joe, >> >> While I highly value your views, opinions and contributions on >> this particular 'naming issue' I almost completely disagree, >> >> On 16 Apr 2009, at 21:49, Joe Andrieu wrote: >> >>> Hi. I'll chime in for the new term. >>> >>> Volunteered always struck me as a bit disempowering. That is, >>> volunteering implies a lack of subsequent control or even value >>> exchange. >>> Voluntary is subtly different, but volunteer and volunteered imply >>> that one is providing something without explicit quid-pro-quo-- >>> even if it is an opening prelude to more interesting development. >>> Volunteers don't get paid. Voluntary contributions don't >>> explicitly get remuneration in return. It's a bit devaluing that >>> way. >> >> I strongly disagree with this first point, voluntary means "done, >> given, or acting of one's own free will" which also means self- >> determined commonly defined as "free choice of one?s own acts >> without external compulsion". Self determination has a lot of >> history and is significant in the development of 'social >> contract' (John Locke, 1690) which has been realised in the >> development of many current modern meta-systems around the globe, >> I highly recommend reading the definition of self-determination in >> wikipedia on this subject. >> >> Specifically relevant to this working group and a catalysts to a >> 'new' era of identity management is ?The right of the individual to >> decide what information about himself should be communicated to >> others and under what circumstances? (1970, quoted in Altman, 1975, >> p17) This view has been upheld by a the German Federal >> Constitutional Court in 1983, and is coined 'information self- >> determination.' >> >> One other point that may provide significant insight relevant to >> this working group is self-determination theory (SDT). This theory >> focuses on the degree to which people endorse their actions at the >> highest level of reflection and engage in actions with a full sense >> of choice. This academic research provides a deeper insight to the >> psychology of how VPI is appropriate in terms of identity >> management and evolving current market systems. >> >> Additional Reading on this point: >> [1] Edward L. Deci and Richard M. Ryan ?Self-Determination Theory: >> A Macrotheory of Human Motivation, Development, and Health? >> University of Rochester, Canadian Psychological Association 2008, >> Vol. 49, No. 3, 182?185 >> >> 1] International Security, Trust and Privacy Alliance, 2007 >> ?Analysis of Privacy?, pg. 66[Internet] >> [1] Locke, John 1690 "Second Treatise of Government" based on the >> paperback book, "John Locke Second Treatise of Government", Edited, >> with an Introduction, By C.B. McPherson, Indianapolis and >> Cambridge, 1980. >> >> [1] Bennett, Colin 1992 Regulating Privacy. Cornell University Press >> [1] Hosein, I et al. XX THE FOOTPRINT OF REGULATION How >> information systems are affecting the sources of control in a >> global economy, Department of Information Systems London School of >> Economics and Political Science [Internet] http://www.aueb.gr/ifip-isglob03/proceedings/42%20-%20Tsiavos.pdf >> [Accessed: February 2, 2009] >> >>> Second, the "personal" in VPI masks categorical blinders in the >>> open/portability debate. This became evident to me at the Identity >>> lunch Kaliya organized at SXSW. In response to something I said >>> about personal information, both Bob Blakely and Joseph Smarr >>> replied that there isn't any copyright in "personal data" because >>> it is factual. (True enough with a limited set of data.) >>> >>> That is, "personal data" currently means things like your name, >>> address and age, etc. It does not mean things that you personally >>> bring to the table. So, "personal information" would, imo, >> >> what does 'imo' mean ? >> >> I agree that their are some categories unrepresented in the term >> VPI, but this also applies to the the term UDI. >> >>> by most people, generally be globbed into that same bucket: "Oh, >>> you mean like your name and address." Instead, we are discussing >>> something quite different: information provided by individuals in >>> order to provide enhanced services... information like their >>> intentions, deadlines, budgets, certifications, memberships, >>> special needs, disabilities, etc. Information which won't be (and >>> isn't) accurately provided today because of concerns of abuse and >>> misuse. >>> >> Personal information has a rich and articulate legal/polical/ >> systems history to which many of the issues you refer have been >> dealt with or are being dealt with. >> >>> Third, I am a fan of "user driven" for two main reasons. One: it >>> considers the individual from a systems perspective, not the >>> potentially more complicated perspectives of human rights, civil >>> rights, natural rights, etc. >> >> Firstly, 'user driven' in my opinion doesn't consider the >> individual. The term user has a tradition as a negative term >> implying 'being used' or using something or someone else. In these >> terms to me this implies what is currently wrong with information >> systems thinking and in part is what prevents rich individual >> information in the ICT market place. >> >> Secondly, personal information and self determination is the >> language that has been evolved from a systemic perspective, a major >> flaw in current technological thinking is the perception that the >> issues we are dealing with today are 'new'. Many of the issues >> about information transfer were first dealt with when railroads >> were built, banking systems transferred money internationally, and >> the first telephone systems were put in place. All of these >> technologies are 'user driven information' systems. All of which >> have been dealt with in case law and jurisprudence. (which I can >> dig out upon request) >> >>> After all, we aren't focused on reinventing the government or >>> society directly, we are talking about how to build better systems >>> by handling information from users of those systems in a >>> particular way. >> >> Precisely my point. VPI isnt a reinvention of government, the term >> is indicitive of government, a very long standing system that is in- >> fact 'user' driven. The law and government has dealt and struggled >> with the issues that the technical community is making software for >> at the moment. The government system that we have now is in fact an >> evolution of information systems represented in these issues we >> discuss. I would argue that the term voluntary personal >> information used as a technical concept bridges and evolves the >> existing issues that have a great deal of pertinent history. I >> would also argue that it is the technical community with out >> reference to the existing historical context that is trying to >> reinvent government. >> >>> Two: it establishes the user as the point of both origination and >>> control. Volunteered seems to miss the controlled part. >> >> I am quite sure that the word user does not establish the >> individual as an originator, but I do agree that broad term >> volunteered as you describe does miss the controlled part as it >> generically describes both passive control and active control of >> personal information. I have recently written a research paper >> describing a framework contribution for the analysis of the >> difference between passively and actively controlled volunteered >> personal information in varying types of information exchanges. >> Defining; actively controlled VPI as managed by the individual and >> passively controlled VPI as managed by an organization or third >> party through the use of contract. >> "Active VPI as a distinction in the research framework assumes an >> activity where an individual has usable access to information, in >> addition to control of this personal data as described in >> information self -determination. Transparency over access to >> personal information is critical in understanding the quantity and >> the quality of information an individual can actively and passively >> control and apply to any given context." >> >>> I'll be promoting User Driven Services and User Driven Search >>> quite a bit in the next year, and the fuel for both of those is, >>> imo, naturally referred to as User Driven Information. >> >> Ironically, just this morning, I have j been asked to participate >> and speak at the Global International Governance Workshop on May 11 >> in Brussels to present the above described VPI research framework >> to academics (from all over the world) who are currently doing >> research in the area of Internet Governance. >>> >>> Fourth, it sidesteps--neatly, IMO--the issues of "who owns your >>> personal data?" That phrase a rallying cry and a point of both >>> motivation and conflict in the larger debate about identity. >> >> Is this a good sidestep or a bad sidestep ? VPI as a name inspires >> an amazing opportunity to evolve existing identity management >> infrastructure, while providing this working group (and its >> associated projects) a necessary catalyst to successfully >> developing global identity management standards. >> >>> Part of what attracted me to Iain's work from the beginning was >>> that what we are talking about is a particular set of information >>> provided by the user, >> >> (I would say 'individual' not a user, or rather a creator, an >> originator. The term user indicates not only a person but any >> identity which takes advantage of or "uses".) >> >> Why does the term detract you from this particular set of >> information? This is where we have the opportunity to define, >> describe, and standardize "a particular set of information provided >> by the" individual. >> >>> and /at the point of provision/ contracted for a certain set of >>> uses. It doesn't attempt to control the data already present in >>> vendors' systems. Instead, it simply sets up a way to get high >>> quality information at the right time for the right uses, with >>> everyone able to benefit more. >> >> I completely agree that we should not attempt to control data >> already present in vendors systems. In fact, I believe we need to >> explicitly make it clear that we deal exclusively with current and >> forward looking information originated from the individual. >> >>> That said, I think the points raised so far are valid. We'll lose >>> a certain accessibility switching from VPI, but on the other hand, >>> I think UDI ties us into the larger trend of user driven services, >>> which is, for my money, the more interesting, powerful, and >>> accessible trend in the marketplace. >> >> There is a constant, unwavering and very historical trend to better >> articulate 'new' and individually originated information. To this >> end UDI in this context seems to be a new slang for existing >> discourse, (in my 'personal' opinion) badly explaining newly >> desired technical information process. Naturally, I object to the >> term 'user' but less so when it is first qualified and put in the >> context of actively controlled (by the user) personal information. >> >> Perhaps a better more accurate term would be actively controlled >> personally driven information ACPDI, but even this misses what VPI >> already represents and natively enables in future discourse, >> representing commercial access to rich un-tapped individual >> information. >> >> Personally volunteered information insinuates a wealth of active >> information that is missed through un-equal information sharing, >> one sided contracts, and information management practices. >> Practices clearly seen in bulk advertising, spam, TOSA's, Privacy >> Policies, and targeted marketing, which is based on an individuals >> historical information. (behavior targeted advertising) >> >> One additional point which may be relevant for this discussion; VPI >> is currently and most commonly used in privacy policies, meaning it >> is not a new concept, as is the active technical control of VPI. >> VPI in the legal context is a part of what makes legitimate legal >> contracts and is embodied in the passive control of personal >> information by third party organisations. This is significant in >> that privacy policies represent a global network of information >> sharing and control that is insufficient for modern information >> sharing practices. >> >> Rephrased: VPI at this time is most commonly used in privacy >> policies. Policies which globally represent old school identity >> management infrastructure which I believe VPI standards >> (represented through 'NewOrg' ) have a great (and easy) opportunity >> of updating at a systemic and global level (to enable new >> information economy). >> >> Perhaps an appropriate discussion would be how can this (already >> global) infrastructure of policy be evolved with new VPI technical >> standards in collaboration with existing Sigs in Liberty Alliance? >> >> With the greatest respect, >> >> Mark >>> >>> >>> -j >>> >>> >>> On 4/16/2009 1:13 PM, Iain Henderson wrote: >>>> Thanks Eve, i've had similar feedback from Mark Lizar and i've >>>> asked him >>>> to post that to the list. >>>> >>>> I'll respond tomorrow with the various logic threads for the name >>>> change >>>> and we can debate - nothing is fixed in stone and if the >>>> consensus is to >>>> retain VPI then that's fine by me. I like the term and it offers >>>> great >>>> focus, but there are areas where it constrains - more on that >>>> tomorrow. >>>> >>>> Cheers >>>> >>>> Iain >>>> >>>> >>>> >>>> On 16 Apr 2009, at 20:56, Eve Maler wrote: >>>> >>>>> Reviewing the draft charters, I'm finding that I'm a little >>>>> reluctant >>>>> to leave "VPI" behind (having argued, when the term was >>>>> invented, that >>>>> "Premium Personal Information" would be my preferred choice!). >>>>> Here's >>>>> my best shot at making the argument. >>>>> >>>>> Any information created by a person, about a person, related to a >>>>> person, under the control of a person when it comes to >>>>> distribution >>>>> rights, etc. could be described as "personal" without any >>>>> serious loss >>>>> of precision. Also, having gotten used to "volunteered" (and >>>>> even done >>>>> some public promotion around it), I'd hate to leave it behind. >>>>> Finally, information isn't "driven" -- processes are driven. >>>>> Information *sharing* could be user-driven, but I believe this >>>>> effort >>>>> is trying to leave the technical/architectural implications of >>>>> sharing >>>>> *mechanisms* out of scope. (That is, "user-driven information >>>>> sharing" >>>>> is awfully broad and doesn't get at what's unique about this >>>>> effort.) >>>>> >>>>> Eve >>>>> >>>>> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: >>>>> >>>>>> yes, as we move from discussion group to working group we'll >>>>>> need to >>>>>> improve our documentation - starting with a description of User >>>>>> Driven Information and how (if) that differs from VPI. >>>>>> >>>>>> Ultimately, I think the shift is the right thing to do, but I >>>>>> agree >>>>>> we lose a little bit of the pure focus that VPI gave us - let's >>>>>> see >>>>>> if we can find a way to do both, because I certainly see the VPI >>>>>> aspect being the key area of new value creation. >>>>>> >>>>>> Cheers >>>>>> >>>>>> Iain >>>>>> >>>>>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >>>>>> >>>>>>> Thanks Joni, >>>>>>> >>>>>>> The context wiki and the name change does make a great deal of >>>>>>> sense. Personal information does immediately seem restrictive >>>>>>> for >>>>>>> the broader stake-holders which we will want to get involved. >>>>>>> Perhaps in writing up a full description of what UDI is we can >>>>>>> create a category of information for Volunteered Personal >>>>>>> Information? >>>>>>> >>>>>>> - Mark >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>>>>>> >>>>>>>> Hi Mark, >>>>>>>> >>>>>>>> This may not be exactly what you're looking for but perhaps >>>>>>>> the VPI >>>>>>>> SIG charter will be helpful as one reference: >>>>>>>> >>>>>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>>>>>>> >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Joni >>>>>>>> >>>>>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>>>>> > >>>>>>>> wrote: >>>>>>>> >>>>>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>>>>>>> >>>>>>>> You will also notice that we're proposing to change the name >>>>>>>> from >>>>>>>> Volunteered Personal Information to User Driven Information. >>>>>>>> This >>>>>>>> is because when digging into the detail of 'VPI', we realised >>>>>>>> that >>>>>>>> not all of the information shareable by the individual is >>>>>>>> strictly >>>>>>>> personal, so we felt it better to look for a more inclusive >>>>>>>> option.....so UDI it is, and writing up a full description of >>>>>>>> that >>>>>>>> is one of the proposed work packages. >>>>>>>> >>>>>>>> Although I can see the sense in broadening the scope of VPI >>>>>>>> to UDI, >>>>>>>> I do think we loose something quite powerful in that personal >>>>>>>> information falls under privacy and has a lot of force when >>>>>>>> applied >>>>>>>> in customer relationships as well as in terms of compliance. >>>>>>>> I can >>>>>>>> see that this isnt necessarily a salient point in that the >>>>>>>> data we >>>>>>>> are discussing will be enforced in contract and subscribed to >>>>>>>> regardless. >>>>>>>> >>>>>>>> Is there is a list somewhere or notes from a previous >>>>>>>> discussion >>>>>>>> that details what data doesn't fall under VPI? >>>>> >>>>> >>>>> Eve Maler eve.maler @ sun.com >>>>> Emerging Technologies Director cell +1 425 345 6756 >>>>> Sun Microsystems Identity Software www.xmlgrrl.com/blog >>>>> >>>> >>>> Iain Henderson >>>> iain.henderson at mydex.org >>>> >>>> This email and any attachment contains information which is >>>> private and >>>> confidential and is intended for the addressee only. If you are >>>> not an >>>> addressee, you are not authorised to read, copy or use the e-mail >>>> or any >>>> attachment. If you have received this e-mail in error, please >>>> notify the >>>> sender by return e-mail and then destroy it. >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Sig-vpi mailing list >>>> Sig-vpi at lists.projectliberty.org >>>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>>> >>>> >>>> >>> >>> -- >>> Joe Andrieu >>> joe at switchbook.com >>> +1 (805) 705-8651 >>> http://www.switchbook.com >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Eve Maler eve.maler @ sun.com Emerging Technologies Director cell +1 425 345 6756 Sun Microsystems Identity Software www.xmlgrrl.com/blog From info at smartspecies.com Fri Apr 17 09:15:16 2009 From: info at smartspecies.com (Mark Lizar) Date: Fri, 17 Apr 2009 17:15:16 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <10468B4E-C500-4CB7-98E1-A3D8F7BCC385@mydex.org> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <47C94ABD-71EF-4064-B255-7911AFA0C05F@mydex.org> <49E799F3.9080509@switchbook.com> <19B89AEB-F1F2-4168-AE15-240D5A826CB8@smartspecies.com> <10468B4E-C500-4CB7-98E1-A3D8F7BCC385@mydex.org> Message-ID: Iain, This is definitely an interesting issue, I have ranted in the past about how inadequate english language is to the task of technical innovation and nomenclature. Beyond a personal dislike for the word 'user', common and popular use of terminology is definitely socially significant. If it helps in your 'mulling' I am not particularly attached to the term volunteered or voluntary either. In fact I have only found the term VPI useful in illustrating difference between active and passive control of personal information in legal, policy, and information economy contexts. I most often refer to the term of desired/useful control of personal information when speaking about this issue in information sociology. I also 'upon re-reading my post' agree with Joe that the whole rallying call for data ownership is not a fight to be picked or endorsed when it comes to standards. Rather I believe the issues of data ownership and control are better addressed through the use and the application of standards. If I could recant and reiterate that point, I would write that VPI has been useful for relaying the first person significance of the type of information we are referring to. 'tendered' packs a good commercial punch - M On 17 Apr 2009, at 15:52, Iain Henderson wrote: > Thanks Mark, whilst I actually think there is less to disagree about > than you infer, you do in your first sentence get to the heart of > why I had an inclination to change the name of the group in the > first place - simply that in the 6 months we have been talking about > VPI, people have fallen into two camps in how they interpret the > word 'volunteered'. > > I have always been using it as you define it, and deliberately so - > but i'd say 25% of the people exposed to the term tend to gravitate > towards a more negative interpretation (both options are technically > correct according the various dictionaries I looked up. > > In light of this push-back, and some anomalies I encountered when > writing at the more detailed level on VPI I thought a new term might > help. > > I'm still mulling on this, i'll get into the detail over the weekend > and we'll look to conclude one way or the other on the call next Wed. > > Cheers > > Iain > > > On 17 Apr 2009, at 13:04, Mark Lizar wrote: > >> Dear Joe, >> >> While I highly value your views, opinions and contributions on >> this particular 'naming issue' I almost completely disagree, >> >> On 16 Apr 2009, at 21:49, Joe Andrieu wrote: >> >>> Hi. I'll chime in for the new term. >>> >>> Volunteered always struck me as a bit disempowering. That is, >>> volunteering implies a lack of subsequent control or even value >>> exchange. >>> Voluntary is subtly different, but volunteer and volunteered imply >>> that one is providing something without explicit quid-pro-quo-- >>> even if it is an opening prelude to more interesting development. >>> Volunteers don't get paid. Voluntary contributions don't >>> explicitly get remuneration in return. It's a bit devaluing that >>> way. >> >> I strongly disagree with this first point, voluntary means "done, >> given, or acting of one's own free will" which also means self- >> determined commonly defined as "free choice of one?s own acts >> without external compulsion". Self determination has a lot of >> history and is significant in the development of 'social >> contract' (John Locke, 1690) which has been realised in the >> development of many current modern meta-systems around the globe, >> I highly recommend reading the definition of self-determination in >> wikipedia on this subject. >> >> Specifically relevant to this working group and a catalysts to a >> 'new' era of identity management is ?The right of the individual to >> decide what information about himself should be communicated to >> others and under what circumstances? (1970, quoted in Altman, 1975, >> p17) This view has been upheld by a the German Federal >> Constitutional Court in 1983, and is coined 'information self- >> determination.' >> >> One other point that may provide significant insight relevant to >> this working group is self-determination theory (SDT). This theory >> focuses on the degree to which people endorse their actions at the >> highest level of reflection and engage in actions with a full sense >> of choice. This academic research provides a deeper insight to the >> psychology of how VPI is appropriate in terms of identity >> management and evolving current market systems. >> >> Additional Reading on this point: >> [1] Edward L. Deci and Richard M. Ryan ?Self-Determination Theory: >> A Macrotheory of Human Motivation, Development, and Health? >> University of Rochester, Canadian Psychological Association 2008, >> Vol. 49, No. 3, 182?185 >> >> 1] International Security, Trust and Privacy Alliance, 2007 >> ?Analysis of Privacy?, pg. 66[Internet] >> [1] Locke, John 1690 "Second Treatise of Government" based on the >> paperback book, "John Locke Second Treatise of Government", Edited, >> with an Introduction, By C.B. McPherson, Indianapolis and >> Cambridge, 1980. >> >> [1] Bennett, Colin 1992 Regulating Privacy. Cornell University Press >> [1] Hosein, I et al. XX THE FOOTPRINT OF REGULATION How >> information systems are affecting the sources of control in a >> global economy, Department of Information Systems London School of >> Economics and Political Science [Internet] http://www.aueb.gr/ifip-isglob03/proceedings/42%20-%20Tsiavos.pdf >> [Accessed: February 2, 2009] >> >>> Second, the "personal" in VPI masks categorical blinders in the >>> open/portability debate. This became evident to me at the Identity >>> lunch Kaliya organized at SXSW. In response to something I said >>> about personal information, both Bob Blakely and Joseph Smarr >>> replied that there isn't any copyright in "personal data" because >>> it is factual. (True enough with a limited set of data.) >>> >>> That is, "personal data" currently means things like your name, >>> address and age, etc. It does not mean things that you personally >>> bring to the table. So, "personal information" would, imo, >> >> what does 'imo' mean ? >> >> I agree that their are some categories unrepresented in the term >> VPI, but this also applies to the the term UDI. >> >>> by most people, generally be globbed into that same bucket: "Oh, >>> you mean like your name and address." Instead, we are discussing >>> something quite different: information provided by individuals in >>> order to provide enhanced services... information like their >>> intentions, deadlines, budgets, certifications, memberships, >>> special needs, disabilities, etc. Information which won't be (and >>> isn't) accurately provided today because of concerns of abuse and >>> misuse. >>> >> Personal information has a rich and articulate legal/polical/ >> systems history to which many of the issues you refer have been >> dealt with or are being dealt with. >> >>> Third, I am a fan of "user driven" for two main reasons. One: it >>> considers the individual from a systems perspective, not the >>> potentially more complicated perspectives of human rights, civil >>> rights, natural rights, etc. >> >> Firstly, 'user driven' in my opinion doesn't consider the >> individual. The term user has a tradition as a negative term >> implying 'being used' or using something or someone else. In these >> terms to me this implies what is currently wrong with information >> systems thinking and in part is what prevents rich individual >> information in the ICT market place. >> >> Secondly, personal information and self determination is the >> language that has been evolved from a systemic perspective, a major >> flaw in current technological thinking is the perception that the >> issues we are dealing with today are 'new'. Many of the issues >> about information transfer were first dealt with when railroads >> were built, banking systems transferred money internationally, and >> the first telephone systems were put in place. All of these >> technologies are 'user driven information' systems. All of which >> have been dealt with in case law and jurisprudence. (which I can >> dig out upon request) >> >>> After all, we aren't focused on reinventing the government or >>> society directly, we are talking about how to build better systems >>> by handling information from users of those systems in a >>> particular way. >> >> Precisely my point. VPI isnt a reinvention of government, the term >> is indicitive of government, a very long standing system that is in- >> fact 'user' driven. The law and government has dealt and struggled >> with the issues that the technical community is making software for >> at the moment. The government system that we have now is in fact an >> evolution of information systems represented in these issues we >> discuss. I would argue that the term voluntary personal >> information used as a technical concept bridges and evolves the >> existing issues that have a great deal of pertinent history. I >> would also argue that it is the technical community with out >> reference to the existing historical context that is trying to >> reinvent government. >> >>> Two: it establishes the user as the point of both origination and >>> control. Volunteered seems to miss the controlled part. >> >> I am quite sure that the word user does not establish the >> individual as an originator, but I do agree that broad term >> volunteered as you describe does miss the controlled part as it >> generically describes both passive control and active control of >> personal information. I have recently written a research paper >> describing a framework contribution for the analysis of the >> difference between passively and actively controlled volunteered >> personal information in varying types of information exchanges. >> Defining; actively controlled VPI as managed by the individual and >> passively controlled VPI as managed by an organization or third >> party through the use of contract. >> "Active VPI as a distinction in the research framework assumes an >> activity where an individual has usable access to information, in >> addition to control of this personal data as described in >> information self -determination. Transparency over access to >> personal information is critical in understanding the quantity and >> the quality of information an individual can actively and passively >> control and apply to any given context." >> >>> I'll be promoting User Driven Services and User Driven Search >>> quite a bit in the next year, and the fuel for both of those is, >>> imo, naturally referred to as User Driven Information. >> >> Ironically, just this morning, I have j been asked to participate >> and speak at the Global International Governance Workshop on May 11 >> in Brussels to present the above described VPI research framework >> to academics (from all over the world) who are currently doing >> research in the area of Internet Governance. >>> >>> Fourth, it sidesteps--neatly, IMO--the issues of "who owns your >>> personal data?" That phrase a rallying cry and a point of both >>> motivation and conflict in the larger debate about identity. >> >> Is this a good sidestep or a bad sidestep ? VPI as a name inspires >> an amazing opportunity to evolve existing identity management >> infrastructure, while providing this working group (and its >> associated projects) a necessary catalyst to successfully >> developing global identity management standards. >> >>> Part of what attracted me to Iain's work from the beginning was >>> that what we are talking about is a particular set of information >>> provided by the user, >> >> (I would say 'individual' not a user, or rather a creator, an >> originator. The term user indicates not only a person but any >> identity which takes advantage of or "uses".) >> >> Why does the term detract you from this particular set of >> information? This is where we have the opportunity to define, >> describe, and standardize "a particular set of information provided >> by the" individual. >> >>> and /at the point of provision/ contracted for a certain set of >>> uses. It doesn't attempt to control the data already present in >>> vendors' systems. Instead, it simply sets up a way to get high >>> quality information at the right time for the right uses, with >>> everyone able to benefit more. >> >> I completely agree that we should not attempt to control data >> already present in vendors systems. In fact, I believe we need to >> explicitly make it clear that we deal exclusively with current and >> forward looking information originated from the individual. >> >>> That said, I think the points raised so far are valid. We'll lose >>> a certain accessibility switching from VPI, but on the other hand, >>> I think UDI ties us into the larger trend of user driven services, >>> which is, for my money, the more interesting, powerful, and >>> accessible trend in the marketplace. >> >> There is a constant, unwavering and very historical trend to better >> articulate 'new' and individually originated information. To this >> end UDI in this context seems to be a new slang for existing >> discourse, (in my 'personal' opinion) badly explaining newly >> desired technical information process. Naturally, I object to the >> term 'user' but less so when it is first qualified and put in the >> context of actively controlled (by the user) personal information. >> >> Perhaps a better more accurate term would be actively controlled >> personally driven information ACPDI, but even this misses what VPI >> already represents and natively enables in future discourse, >> representing commercial access to rich un-tapped individual >> information. >> >> Personally volunteered information insinuates a wealth of active >> information that is missed through un-equal information sharing, >> one sided contracts, and information management practices. >> Practices clearly seen in bulk advertising, spam, TOSA's, Privacy >> Policies, and targeted marketing, which is based on an individuals >> historical information. (behavior targeted advertising) >> >> One additional point which may be relevant for this discussion; VPI >> is currently and most commonly used in privacy policies, meaning it >> is not a new concept, as is the active technical control of VPI. >> VPI in the legal context is a part of what makes legitimate legal >> contracts and is embodied in the passive control of personal >> information by third party organisations. This is significant in >> that privacy policies represent a global network of information >> sharing and control that is insufficient for modern information >> sharing practices. >> >> Rephrased: VPI at this time is most commonly used in privacy >> policies. Policies which globally represent old school identity >> management infrastructure which I believe VPI standards >> (represented through 'NewOrg' ) have a great (and easy) opportunity >> of updating at a systemic and global level (to enable new >> information economy). >> >> Perhaps an appropriate discussion would be how can this (already >> global) infrastructure of policy be evolved with new VPI technical >> standards in collaboration with existing Sigs in Liberty Alliance? >> >> With the greatest respect, >> >> Mark >>> >>> >>> -j >>> >>> >>> On 4/16/2009 1:13 PM, Iain Henderson wrote: >>>> Thanks Eve, i've had similar feedback from Mark Lizar and i've >>>> asked him >>>> to post that to the list. >>>> >>>> I'll respond tomorrow with the various logic threads for the name >>>> change >>>> and we can debate - nothing is fixed in stone and if the >>>> consensus is to >>>> retain VPI then that's fine by me. I like the term and it offers >>>> great >>>> focus, but there are areas where it constrains - more on that >>>> tomorrow. >>>> >>>> Cheers >>>> >>>> Iain >>>> >>>> >>>> >>>> On 16 Apr 2009, at 20:56, Eve Maler wrote: >>>> >>>>> Reviewing the draft charters, I'm finding that I'm a little >>>>> reluctant >>>>> to leave "VPI" behind (having argued, when the term was >>>>> invented, that >>>>> "Premium Personal Information" would be my preferred choice!). >>>>> Here's >>>>> my best shot at making the argument. >>>>> >>>>> Any information created by a person, about a person, related to a >>>>> person, under the control of a person when it comes to >>>>> distribution >>>>> rights, etc. could be described as "personal" without any >>>>> serious loss >>>>> of precision. Also, having gotten used to "volunteered" (and >>>>> even done >>>>> some public promotion around it), I'd hate to leave it behind. >>>>> Finally, information isn't "driven" -- processes are driven. >>>>> Information *sharing* could be user-driven, but I believe this >>>>> effort >>>>> is trying to leave the technical/architectural implications of >>>>> sharing >>>>> *mechanisms* out of scope. (That is, "user-driven information >>>>> sharing" >>>>> is awfully broad and doesn't get at what's unique about this >>>>> effort.) >>>>> >>>>> Eve >>>>> >>>>> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: >>>>> >>>>>> yes, as we move from discussion group to working group we'll >>>>>> need to >>>>>> improve our documentation - starting with a description of User >>>>>> Driven Information and how (if) that differs from VPI. >>>>>> >>>>>> Ultimately, I think the shift is the right thing to do, but I >>>>>> agree >>>>>> we lose a little bit of the pure focus that VPI gave us - let's >>>>>> see >>>>>> if we can find a way to do both, because I certainly see the VPI >>>>>> aspect being the key area of new value creation. >>>>>> >>>>>> Cheers >>>>>> >>>>>> Iain >>>>>> >>>>>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >>>>>> >>>>>>> Thanks Joni, >>>>>>> >>>>>>> The context wiki and the name change does make a great deal of >>>>>>> sense. Personal information does immediately seem restrictive >>>>>>> for >>>>>>> the broader stake-holders which we will want to get involved. >>>>>>> Perhaps in writing up a full description of what UDI is we can >>>>>>> create a category of information for Volunteered Personal >>>>>>> Information? >>>>>>> >>>>>>> - Mark >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>>>>>> >>>>>>>> Hi Mark, >>>>>>>> >>>>>>>> This may not be exactly what you're looking for but perhaps >>>>>>>> the VPI >>>>>>>> SIG charter will be helpful as one reference: >>>>>>>> >>>>>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>>>>>>> >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Joni >>>>>>>> >>>>>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>>>>> > >>>>>>>> wrote: >>>>>>>> >>>>>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>>>>>>> >>>>>>>> You will also notice that we're proposing to change the name >>>>>>>> from >>>>>>>> Volunteered Personal Information to User Driven Information. >>>>>>>> This >>>>>>>> is because when digging into the detail of 'VPI', we realised >>>>>>>> that >>>>>>>> not all of the information shareable by the individual is >>>>>>>> strictly >>>>>>>> personal, so we felt it better to look for a more inclusive >>>>>>>> option.....so UDI it is, and writing up a full description of >>>>>>>> that >>>>>>>> is one of the proposed work packages. >>>>>>>> >>>>>>>> Although I can see the sense in broadening the scope of VPI >>>>>>>> to UDI, >>>>>>>> I do think we loose something quite powerful in that personal >>>>>>>> information falls under privacy and has a lot of force when >>>>>>>> applied >>>>>>>> in customer relationships as well as in terms of compliance. >>>>>>>> I can >>>>>>>> see that this isnt necessarily a salient point in that the >>>>>>>> data we >>>>>>>> are discussing will be enforced in contract and subscribed to >>>>>>>> regardless. >>>>>>>> >>>>>>>> Is there is a list somewhere or notes from a previous >>>>>>>> discussion >>>>>>>> that details what data doesn't fall under VPI? >>>>> >>>>> >>>>> Eve Maler eve.maler @ sun.com >>>>> Emerging Technologies Director cell +1 425 345 6756 >>>>> Sun Microsystems Identity Software www.xmlgrrl.com/blog >>>>> >>>> >>>> Iain Henderson >>>> iain.henderson at mydex.org >>>> >>>> This email and any attachment contains information which is >>>> private and >>>> confidential and is intended for the addressee only. If you are >>>> not an >>>> addressee, you are not authorised to read, copy or use the e-mail >>>> or any >>>> attachment. If you have received this e-mail in error, please >>>> notify the >>>> sender by return e-mail and then destroy it. >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Sig-vpi mailing list >>>> Sig-vpi at lists.projectliberty.org >>>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >>>> >>>> >>>> >>> >>> -- >>> Joe Andrieu >>> joe at switchbook.com >>> +1 (805) 705-8651 >>> http://www.switchbook.com >>> >>> _______________________________________________ >>> Sig-vpi mailing list >>> Sig-vpi at lists.projectliberty.org >>> http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org >> > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private > and confidential and is intended for the addressee only. If you are > not an addressee, you are not authorised to read, copy or use the e- > mail or any attachment. If you have received this e-mail in error, > please notify the sender by return e-mail and then destroy it. > > > > From iain.henderson at mydex.org Mon Apr 20 13:14:10 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Mon, 20 Apr 2009 21:14:10 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> Message-ID: <39B0DAC9-0E8C-4BA0-A361-25AE8B351180@mydex.org> Thanks Eve, Joe and Mark for your input on naming the work groups - i've pondered on them and propose a compromise that I think meets the needs of the group yet does not throw away the specific value in the focus/ discussion enabled by Volunteered Personal Information. I think we should name the work group(s) as below: 1) User Driven & Volunteered Personal Information (Technical) 2) User Driven & Volunteered Personal Information (Policy and Commerce) That might seem like a fudge, but I think there is sense in it; here's my logic: Volunteered Personal Information has always been a powerful concept real new value to be accessed through enabling it to flow. An example of how I have explained my interpretation of the term to Doc (who was expressing hotel related preferences) is at the bottom of this e-mail. But it is slightly too narrow in that an individual can generate real value by voluntarily sharing information that is not strictly personal (in the legal sense, looking through the lens of Euro privacy legislation). Examples of this non-personal value add would include 'I think this product is great', or I used outlet X for my shopping because of Y (where 'I' is anonymous or pseudonymous). So we'd be missing some value if we stuck to Volunteered Personal Information, and still not addressing the fact that some of our audience don't like the term Volunteered or assume a definition different to that intended. In parallel, (albeit not yet fully in the public domain) - there is likely to be a VRM.org announced before too much longer that will have 'user driven services' at its' core (as a build out from VRM), with some very detailed and sound explanatory text and principles running alongside. Knowing that this was coming down the track led to my suggesting User Driven Information (UDI). Here's how i'd explain User Driven Information. UDI relates to a wider data set than VPI, i.e. UDI is not necessarily personal (it would include things like organisation identity, product identity etc when the flow is initiated by the individual); the defining characteristic would be that the individual (user) would be the architect of the generation, management and use (inc sharing) of the information in question. Breaking that down: - User, is not a great word in this specific scenario because the term 'individual' (which is the one rooted in privacy legislation) is lost; but Individual Driven Information is pretty clumsy. In naming the VRM.org we have been round this loop many times and have yet to better the term 'user' in our particular context. - Driven, is a good word in that it broadens the scope to cover information that the individual takes action to move around or use as required (although I take Eve's point about driven referring to processes, I think I use driven more in terms of a car....a static thing until someone proactively takes control of it. - Information, certainly the right in the context of the verb 'to inform' as opposed to being the fancy word for data which is how the term is often hijacked. So, given the benefits to be had from both terms, I propose to scrunch them together. In reviewing the arguments, I also realised that we need to operate at a more detailed level in our definitions, specifically around how we define 'personal information' for example (inc ownership, shared access etc). I think we need to tackle this as an early deliverable from the new Policy and Commerce Work Group.....I can feel a venn diagram coming on.... And when push comes to shove, if this new name needs to be changed as time goes on then we're free to do so - as and when we come up with a better option. Hope that makes sense. I suggest we sign this off on the call on Wednesday. Cheers Iain VPI USE CASE EXAMPLE (Hotel Preferences) Hi Doc, Your hotel example provides a great illustration and use case for the work being done on Volunteered Personal Information. It is genuinely VOLUNTEERED, i.e. offered because you want to, not because someone makes you (in fact no-one is even asking you for this at present, and no current CRM system would be able to interpret it). Clearly, it is PERSONAL, because those preferences and implied future intentions are yours and only yours (that does not mean that there won't be others with the same or similar ones, which is what will drive uptake and ultimately your ability to easily get what you want). You offer INFORMATION, as opposed to 'data' in that you provide context when you share it, and thus INFORM the recipient how to deal with it - as opposed to leaving their systems and analytical processes to figure that out from the raw material. The only way this information will begin to flow is when we put some structure and standards around it, provide the user-driven terms and conditions for access and show both individuals and organisations the benefits that will flow from engaging in this way. On 16 Apr 2009, at 20:56, Eve Maler wrote: > Reviewing the draft charters, I'm finding that I'm a little > reluctant to leave "VPI" behind (having argued, when the term was > invented, that "Premium Personal Information" would be my preferred > choice!). Here's my best shot at making the argument. > > Any information created by a person, about a person, related to a > person, under the control of a person when it comes to distribution > rights, etc. could be described as "personal" without any serious > loss of precision. Also, having gotten used to "volunteered" (and > even done some public promotion around it), I'd hate to leave it > behind. Finally, information isn't "driven" -- processes are > driven. Information *sharing* could be user-driven, but I believe > this effort is trying to leave the technical/architectural > implications of sharing *mechanisms* out of scope. (That is, "user- > driven information sharing" is awfully broad and doesn't get at > what's unique about this effort.) > > Eve > > On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: > >> yes, as we move from discussion group to working group we'll need >> to improve our documentation - starting with a description of User >> Driven Information and how (if) that differs from VPI. >> >> Ultimately, I think the shift is the right thing to do, but I agree >> we lose a little bit of the pure focus that VPI gave us - let's see >> if we can find a way to do both, because I certainly see the VPI >> aspect being the key area of new value creation. >> >> Cheers >> >> Iain >> >> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >> >>> Thanks Joni, >>> >>> The context wiki and the name change does make a great deal of >>> sense. Personal information does immediately seem restrictive for >>> the broader stake-holders which we will want to get involved. >>> Perhaps in writing up a full description of what UDI is we can >>> create a category of information for Volunteered Personal >>> Information? >>> >>> - Mark >>> >>> >>> >>> >>> >>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>> >>>> Hi Mark, >>>> >>>> This may not be exactly what you're looking for but perhaps the >>>> VPI SIG charter will be helpful as one reference: >>>> >>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>>> >>>> Cheers, >>>> >>>> Joni >>>> >>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>> wrote: >>>> >>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>>> >>>> You will also notice that we're proposing to change the name from >>>> Volunteered Personal Information to User Driven Information. This >>>> is because when digging into the detail of 'VPI', we realised >>>> that not all of the information shareable by the individual is >>>> strictly personal, so we felt it better to look for a more >>>> inclusive option.....so UDI it is, and writing up a full >>>> description of that is one of the proposed work packages. >>>> >>>> Although I can see the sense in broadening the scope of VPI to >>>> UDI, I do think we loose something quite powerful in that >>>> personal information falls under privacy and has a lot of force >>>> when applied in customer relationships as well as in terms of >>>> compliance. I can see that this isnt necessarily a salient >>>> point in that the data we are discussing will be enforced in >>>> contract and subscribed to regardless. >>>> >>>> Is there is a list somewhere or notes from a previous discussion >>>> that details what data doesn't fall under VPI? > > > Eve Maler eve.maler @ sun.com > Emerging Technologies Director cell +1 425 345 6756 > Sun Microsystems Identity Software www.xmlgrrl.com/blog > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From iain.henderson at mydex.org Tue Apr 21 01:55:08 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Tue, 21 Apr 2009 09:55:08 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <49ED7EBA.3080407@andrieu.net> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <39B0DAC9-0E8C-4BA0-A361-25AE8B351180@mydex.org> <49ED7EBA.3080407@andrieu.net> Message-ID: <4B830DE8-3D70-4EA5-BEEE-ABCD262434F8@mydex.org> Neither UDI nor VPI is sufficient on it's own for the reasons I explained, so unless anyone has a major objection (before the end of the call tomorrow) lets move on to the substance rather than the name - we can re-visit that at the mid May workshops as we are not locked in. Iain On 21 Apr 2009, at 09:07, Joe Andrieu wrote: > I would rather we go with VPI or UDI rather than the hybrid. Things > are confusing enough without "UDVPI" being added to the mix. > > Here's a question for Eve & Mark (and others not knee deep in the > ProjectVRM work): > > Some of the discussion that has gone in the VRM organizational > effort has been looking at the VPI initiative as possibly the > primary working interface between the new VRM organization and > Kantara. The thinking was that Kantara seems to be better suited > for standards and technical development, so let's promote working > through the VPI group as the de facto standardization route of choice. > > In particular, I think a lot of what we want to do in the VRM world > is at the service specification level, which seemed to make the VPI > WG a good fit for things like Personal RFPs, the ListenLog, user > driven Search, etc. > > Does that alignment work for you guys or does it seem to introduce > more complexity? > > I ask is, in part, because of something Eve said: "especially since > "user-driven" is starting to be associated with VRM as a whole and > even "user-centricity" more broadly" > > "User driven" /is/ becoming a term of use in the VRM community to > describe a larger category, of which VRM is one example. > > Is that a bad thing? > > Similarly, is associating the VPI working group with the new VRM > organization a bad thing? Is there a need or desire to have a > clearer distinction in terminology? If so, let's take care of that. > > -j > > On 4/20/2009 1:14 PM, Iain Henderson wrote: > > Thanks Eve, Joe and Mark for your input on naming the work groups > - i've > > pondered on them and propose a compromise that I think meets the > needs > > of the group yet does not throw away the specific value in the > focus/ > > discussion enabled by Volunteered Personal Information. > > > > I think we should name the work group(s) as below: > > > > 1) User Driven & Volunteered Personal Information (Technical) > > > > 2) User Driven & Volunteered Personal Information (Policy and > Commerce) > > > > That might seem like a fudge, but I think there is sense in it; > here's > > my logic: > > > > Volunteered Personal Information has always been a powerful > concept real > > new value to be accessed through enabling it to flow. /An example > of how > > I have explained my interpretation of the term to Doc (who was > > expressing hotel related preferences) is at the bottom of this e- > mail/. > > But it is slightly too narrow in that an individual can generate > real > > value by voluntarily sharing information that is not strictly > personal > > (in the legal sense, looking through the lens of Euro privacy > > legislation). Examples of this non-personal value add would > include 'I > > think this product is great', or I used outlet X for my shopping > because > > of Y (where 'I' is anonymous or pseudonymous). So we'd be missing > some > > value if we stuck to Volunteered Personal Information, and still not > > addressing the fact that some of our audience don't like the term > > Volunteered or assume a definition different to that intended. > > > > In parallel, (albeit not yet fully in the public domain) - there is > > likely to be a VRM.org announced before too much longer that will > have > > 'user driven services' at its' core (as a build out from VRM), > with some > > very detailed and sound explanatory text and principles running > > alongside. Knowing that this was coming down the track led to my > > suggesting User Driven Information (UDI). Here's how i'd explain > User > > Driven Information. UDI relates to a wider data set than VPI, i.e. > UDI > > is not necessarily personal (it would include things like > organisation > > identity, product identity etc when the flow is initiated by the > > individual); the defining characteristic would be that the > individual > > (user) would be the architect of the generation, management and > use (inc > > sharing) of the information in question. > > > > Breaking that down: > > > > - User, is not a great word in this specific scenario because the > term > > 'individual' (which is the one rooted in privacy legislation) is > lost; > > but Individual Driven Information is pretty clumsy. In naming the > > VRM.org we have been round this loop many times and have yet to > better > > the term 'user' in our particular context. > > > > - Driven, is a good word in that it broadens the scope to cover > > information that the individual takes action to move around or use > as > > required (although I take Eve's point about driven referring to > > processes, I think I use driven more in terms of a car....a static > thing > > until someone proactively takes control of it. > > > > - Information, certainly the right in the context of the verb 'to > > inform' as opposed to being the fancy word for data which is how the > > term is often hijacked. > > > > So, given the benefits to be had from both terms, I propose to > scrunch > > them together. In reviewing the arguments, I also realised that we > need > > to operate at a more detailed level in our definitions, specifically > > around how we define 'personal information' for example (inc > ownership, > > shared access etc). I think we need to tackle this as an early > > deliverable from the new Policy and Commerce Work Group.....I can > feel a > > venn diagram coming on.... > > > > And when push comes to shove, if this new name needs to be changed > as > > time goes on then we're free to do so - as and when we come up > with a > > better option. > > > > Hope that makes sense. I suggest we sign this off on the call on > Wednesday. > > > > Cheers > > > > Iain > > > > > > *VPI USE CASE EXAMPLE (Hotel Preferences)* > > > > /Hi Doc,/ > > / > > / > > /Your hotel example provides a great illustration and use case for > the > > work being done on Volunteered Personal Information./ > > / > > / > > /It is genuinely VOLUNTEERED, i.e. offered because you want to, not > > because someone makes you (in fact no-one is even asking you for > this at > > present, and no current CRM system would be able to interpret it)./ > > / > > / > > /Clearly, it is PERSONAL, because those preferences and implied > future > > intentions are yours and only yours (that does not mean that there > won't > > be others with the same or similar ones, which is what will drive > uptake > > and ultimately your ability to easily get what you want)./ > > / > > / > > /You offer INFORMATION, as opposed to 'data' in that you provide > context > > when you share it, and thus INFORM the recipient how to deal with > it - > > as opposed to leaving their systems and analytical processes to > figure > > that out from the raw material./ > > / > > / > > /The only way this information will begin to flow is when we put > some > > structure and standards around it, provide the user-driven terms and > > conditions for access and show both individuals and organisations > the > > benefits that will flow from engaging in this way./ > > > > > > > > On 16 Apr 2009, at 20:56, Eve Maler wrote: > > > >> Reviewing the draft charters, I'm finding that I'm a little > reluctant > >> to leave "VPI" behind (having argued, when the term was invented, > that > >> "Premium Personal Information" would be my preferred choice!). > Here's > >> my best shot at making the argument. > >> > >> Any information created by a person, about a person, related to a > >> person, under the control of a person when it comes to distribution > >> rights, etc. could be described as "personal" without any serious > loss > >> of precision. Also, having gotten used to "volunteered" (and even > done > >> some public promotion around it), I'd hate to leave it behind. > >> Finally, information isn't "driven" -- processes are driven. > >> Information *sharing* could be user-driven, but I believe this > effort > >> is trying to leave the technical/architectural implications of > sharing > >> *mechanisms* out of scope. (That is, "user-driven information > sharing" > >> is awfully broad and doesn't get at what's unique about this > effort.) > >> > >> Eve > >> > >> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: > >> > >>> yes, as we move from discussion group to working group we'll > need to > >>> improve our documentation - starting with a description of User > >>> Driven Information and how (if) that differs from VPI. > >>> > >>> Ultimately, I think the shift is the right thing to do, but I > agree > >>> we lose a little bit of the pure focus that VPI gave us - let's > see > >>> if we can find a way to do both, because I certainly see the VPI > >>> aspect being the key area of new value creation. > >>> > >>> Cheers > >>> > >>> Iain > >>> > >>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: > >>> > >>>> Thanks Joni, > >>>> > >>>> The context wiki and the name change does make a great deal of > >>>> sense. Personal information does immediately seem restrictive for > >>>> the broader stake-holders which we will want to get involved. > >>>> Perhaps in writing up a full description of what UDI is we can > >>>> create a category of information for Volunteered Personal > Information? > >>>> > >>>> - Mark > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: > >>>> > >>>>> Hi Mark, > >>>>> > >>>>> This may not be exactly what you're looking for but perhaps > the VPI > >>>>> SIG charter will be helpful as one reference: > >>>>> > >>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter > >>>>> > >>>>> Cheers, > >>>>> > >>>>> Joni > >>>>> > >>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>>> > wrote: > >>>>> > >>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: > >>>>> > >>>>> You will also notice that we're proposing to change the name > from > >>>>> Volunteered Personal Information to User Driven Information. > This > >>>>> is because when digging into the detail of 'VPI', we realised > that > >>>>> not all of the information shareable by the individual is > strictly > >>>>> personal, so we felt it better to look for a more inclusive > >>>>> option.....so UDI it is, and writing up a full description of > that > >>>>> is one of the proposed work packages. > >>>>> > >>>>> Although I can see the sense in broadening the scope of VPI to > UDI, > >>>>> I do think we loose something quite powerful in that personal > >>>>> information falls under privacy and has a lot of force when > applied > >>>>> in customer relationships as well as in terms of compliance. I > can > >>>>> see that this isnt necessarily a salient point in that the > data we > >>>>> are discussing will be enforced in contract and subscribed to > >>>>> regardless. > >>>>> > >>>>> Is there is a list somewhere or notes from a previous discussion > >>>>> that details what data doesn't fall under VPI? > >> > >> > >> Eve Maler eve.maler @ sun.com > >> Emerging Technologies Director cell +1 425 345 6756 > >> Sun Microsystems Identity Software www.xmlgrrl.com/blog > >> > >> > > > > Iain Henderson > > iain.henderson at mydex.org > > > > This email and any attachment contains information which is > private and > > confidential and is intended for the addressee only. If you are > not an > > addressee, you are not authorised to read, copy or use the e-mail > or any > > attachment. If you have received this e-mail in error, please > notify the > > sender by return e-mail and then destroy it. > > > > > > > > Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From Eve.Maler at Sun.COM Tue Apr 21 08:28:11 2009 From: Eve.Maler at Sun.COM (Eve Maler) Date: Tue, 21 Apr 2009 08:28:11 -0700 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <49ED7EBA.3080407@andrieu.net> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <39B0DAC9-0E8C-4BA0-A361-25AE8B351180@mydex.org> <49ED7EBA.3080407@andrieu.net> Message-ID: <963D1692-A4C3-48EC-BFD8-5FC1CA64C9D9@Sun.COM> (This is one of those "I didn't have time to make it shorter" messages. :-) I haven't given full thought to Iain's writeup; I'm not crazy about the hybrid name aesthetically but maybe I'll be convinced as I read. While Kantara is set up to incubate technical solutions, it can (I know you know this) also incubate the development of non-technical artifacts of various sorts. Joe, the other org you've been putting together has a constraint around membership that Kantara could never satisfy, so this is why I see the need for multiple orgs. There is value in making the WGs Iain has proposed very focused, with very precise deliverables, and I worry a bit that seeing them as the only "basket" of Kantara-sourced VRM innovation (vs. creating more WGs and DGs as appropriate for other specific goals) is simultaneously too limiting for VRM and increasing these WGs' scope too much. Regarding "user-driven", I really do think it's very broad in its application now. Just as an example, in discussions with folks at the RSA conference yesterday about ProtectServe, someone spontaneously described it as providing "user-driven compliance" (compliance in the GRC sense; believe it or not, that's a legitimate use case as far as I'm concerned!). I have no problem with the popularity of "user- driven", but do we want all of it in the WG scope Iain is going for? Eve On Apr 21, 2009, at 1:07 AM, Joe Andrieu wrote: > I would rather we go with VPI or UDI rather than the hybrid. Things > are confusing enough without "UDVPI" being added to the mix. > > Here's a question for Eve & Mark (and others not knee deep in the > ProjectVRM work): > > Some of the discussion that has gone in the VRM organizational > effort has been looking at the VPI initiative as possibly the > primary working interface between the new VRM organization and > Kantara. The thinking was that Kantara seems to be better suited > for standards and technical development, so let's promote working > through the VPI group as the de facto standardization route of choice. > > In particular, I think a lot of what we want to do in the VRM world > is at the service specification level, which seemed to make the VPI > WG a good fit for things like Personal RFPs, the ListenLog, user > driven Search, etc. > > Does that alignment work for you guys or does it seem to introduce > more complexity? > > I ask is, in part, because of something Eve said: "especially since > "user-driven" is starting to be associated with VRM as a whole and > even "user-centricity" more broadly" > > "User driven" /is/ becoming a term of use in the VRM community to > describe a larger category, of which VRM is one example. > > Is that a bad thing? > > Similarly, is associating the VPI working group with the new VRM > organization a bad thing? Is there a need or desire to have a > clearer distinction in terminology? If so, let's take care of that. > > -j > > On 4/20/2009 1:14 PM, Iain Henderson wrote: > > Thanks Eve, Joe and Mark for your input on naming the work groups > - i've > > pondered on them and propose a compromise that I think meets the > needs > > of the group yet does not throw away the specific value in the > focus/ > > discussion enabled by Volunteered Personal Information. > > > > I think we should name the work group(s) as below: > > > > 1) User Driven & Volunteered Personal Information (Technical) > > > > 2) User Driven & Volunteered Personal Information (Policy and > Commerce) > > > > That might seem like a fudge, but I think there is sense in it; > here's > > my logic: > > > > Volunteered Personal Information has always been a powerful > concept real > > new value to be accessed through enabling it to flow. /An example > of how > > I have explained my interpretation of the term to Doc (who was > > expressing hotel related preferences) is at the bottom of this e- > mail/. > > But it is slightly too narrow in that an individual can generate > real > > value by voluntarily sharing information that is not strictly > personal > > (in the legal sense, looking through the lens of Euro privacy > > legislation). Examples of this non-personal value add would > include 'I > > think this product is great', or I used outlet X for my shopping > because > > of Y (where 'I' is anonymous or pseudonymous). So we'd be missing > some > > value if we stuck to Volunteered Personal Information, and still not > > addressing the fact that some of our audience don't like the term > > Volunteered or assume a definition different to that intended. > > > > In parallel, (albeit not yet fully in the public domain) - there is > > likely to be a VRM.org announced before too much longer that will > have > > 'user driven services' at its' core (as a build out from VRM), > with some > > very detailed and sound explanatory text and principles running > > alongside. Knowing that this was coming down the track led to my > > suggesting User Driven Information (UDI). Here's how i'd explain > User > > Driven Information. UDI relates to a wider data set than VPI, i.e. > UDI > > is not necessarily personal (it would include things like > organisation > > identity, product identity etc when the flow is initiated by the > > individual); the defining characteristic would be that the > individual > > (user) would be the architect of the generation, management and > use (inc > > sharing) of the information in question. > > > > Breaking that down: > > > > - User, is not a great word in this specific scenario because the > term > > 'individual' (which is the one rooted in privacy legislation) is > lost; > > but Individual Driven Information is pretty clumsy. In naming the > > VRM.org we have been round this loop many times and have yet to > better > > the term 'user' in our particular context. > > > > - Driven, is a good word in that it broadens the scope to cover > > information that the individual takes action to move around or use > as > > required (although I take Eve's point about driven referring to > > processes, I think I use driven more in terms of a car....a static > thing > > until someone proactively takes control of it. > > > > - Information, certainly the right in the context of the verb 'to > > inform' as opposed to being the fancy word for data which is how the > > term is often hijacked. > > > > So, given the benefits to be had from both terms, I propose to > scrunch > > them together. In reviewing the arguments, I also realised that we > need > > to operate at a more detailed level in our definitions, specifically > > around how we define 'personal information' for example (inc > ownership, > > shared access etc). I think we need to tackle this as an early > > deliverable from the new Policy and Commerce Work Group.....I can > feel a > > venn diagram coming on.... > > > > And when push comes to shove, if this new name needs to be changed > as > > time goes on then we're free to do so - as and when we come up > with a > > better option. > > > > Hope that makes sense. I suggest we sign this off on the call on > Wednesday. > > > > Cheers > > > > Iain > > > > > > *VPI USE CASE EXAMPLE (Hotel Preferences)* > > > > /Hi Doc,/ > > / > > / > > /Your hotel example provides a great illustration and use case for > the > > work being done on Volunteered Personal Information./ > > / > > / > > /It is genuinely VOLUNTEERED, i.e. offered because you want to, not > > because someone makes you (in fact no-one is even asking you for > this at > > present, and no current CRM system would be able to interpret it)./ > > / > > / > > /Clearly, it is PERSONAL, because those preferences and implied > future > > intentions are yours and only yours (that does not mean that there > won't > > be others with the same or similar ones, which is what will drive > uptake > > and ultimately your ability to easily get what you want)./ > > / > > / > > /You offer INFORMATION, as opposed to 'data' in that you provide > context > > when you share it, and thus INFORM the recipient how to deal with > it - > > as opposed to leaving their systems and analytical processes to > figure > > that out from the raw material./ > > / > > / > > /The only way this information will begin to flow is when we put > some > > structure and standards around it, provide the user-driven terms and > > conditions for access and show both individuals and organisations > the > > benefits that will flow from engaging in this way./ > > > > > > > > On 16 Apr 2009, at 20:56, Eve Maler wrote: > > > >> Reviewing the draft charters, I'm finding that I'm a little > reluctant > >> to leave "VPI" behind (having argued, when the term was invented, > that > >> "Premium Personal Information" would be my preferred choice!). > Here's > >> my best shot at making the argument. > >> > >> Any information created by a person, about a person, related to a > >> person, under the control of a person when it comes to distribution > >> rights, etc. could be described as "personal" without any serious > loss > >> of precision. Also, having gotten used to "volunteered" (and even > done > >> some public promotion around it), I'd hate to leave it behind. > >> Finally, information isn't "driven" -- processes are driven. > >> Information *sharing* could be user-driven, but I believe this > effort > >> is trying to leave the technical/architectural implications of > sharing > >> *mechanisms* out of scope. (That is, "user-driven information > sharing" > >> is awfully broad and doesn't get at what's unique about this > effort.) > >> > >> Eve > >> > >> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: > >> > >>> yes, as we move from discussion group to working group we'll > need to > >>> improve our documentation - starting with a description of User > >>> Driven Information and how (if) that differs from VPI. > >>> > >>> Ultimately, I think the shift is the right thing to do, but I > agree > >>> we lose a little bit of the pure focus that VPI gave us - let's > see > >>> if we can find a way to do both, because I certainly see the VPI > >>> aspect being the key area of new value creation. > >>> > >>> Cheers > >>> > >>> Iain > >>> > >>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: > >>> > >>>> Thanks Joni, > >>>> > >>>> The context wiki and the name change does make a great deal of > >>>> sense. Personal information does immediately seem restrictive for > >>>> the broader stake-holders which we will want to get involved. > >>>> Perhaps in writing up a full description of what UDI is we can > >>>> create a category of information for Volunteered Personal > Information? > >>>> > >>>> - Mark > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: > >>>> > >>>>> Hi Mark, > >>>>> > >>>>> This may not be exactly what you're looking for but perhaps > the VPI > >>>>> SIG charter will be helpful as one reference: > >>>>> > >>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter > >>>>> > >>>>> Cheers, > >>>>> > >>>>> Joni > >>>>> > >>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>>> > wrote: > >>>>> > >>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: > >>>>> > >>>>> You will also notice that we're proposing to change the name > from > >>>>> Volunteered Personal Information to User Driven Information. > This > >>>>> is because when digging into the detail of 'VPI', we realised > that > >>>>> not all of the information shareable by the individual is > strictly > >>>>> personal, so we felt it better to look for a more inclusive > >>>>> option.....so UDI it is, and writing up a full description of > that > >>>>> is one of the proposed work packages. > >>>>> > >>>>> Although I can see the sense in broadening the scope of VPI to > UDI, > >>>>> I do think we loose something quite powerful in that personal > >>>>> information falls under privacy and has a lot of force when > applied > >>>>> in customer relationships as well as in terms of compliance. I > can > >>>>> see that this isnt necessarily a salient point in that the > data we > >>>>> are discussing will be enforced in contract and subscribed to > >>>>> regardless. > >>>>> > >>>>> Is there is a list somewhere or notes from a previous discussion > >>>>> that details what data doesn't fall under VPI? > >> > >> > >> Eve Maler eve.maler @ sun.com > >> Emerging Technologies Director cell +1 425 345 6756 > >> Sun Microsystems Identity Software www.xmlgrrl.com/blog > >> > >> > > > > Iain Henderson > > iain.henderson at mydex.org > > > > This email and any attachment contains information which is > private and > > confidential and is intended for the addressee only. If you are > not an > > addressee, you are not authorised to read, copy or use the e-mail > or any > > attachment. If you have received this e-mail in error, please > notify the > > sender by return e-mail and then destroy it. > > > > > > > > Eve Maler eve.maler @ sun.com Emerging Technologies Director cell +1 425 345 6756 Sun Microsystems Identity Software www.xmlgrrl.com/blog From joe at andrieu.net Tue Apr 21 01:07:22 2009 From: joe at andrieu.net (Joe Andrieu) Date: Tue, 21 Apr 2009 01:07:22 -0700 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <39B0DAC9-0E8C-4BA0-A361-25AE8B351180@mydex.org> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <39B0DAC9-0E8C-4BA0-A361-25AE8B351180@mydex.org> Message-ID: <49ED7EBA.3080407@andrieu.net> I would rather we go with VPI or UDI rather than the hybrid. Things are confusing enough without "UDVPI" being added to the mix. Here's a question for Eve & Mark (and others not knee deep in the ProjectVRM work): Some of the discussion that has gone in the VRM organizational effort has been looking at the VPI initiative as possibly the primary working interface between the new VRM organization and Kantara. The thinking was that Kantara seems to be better suited for standards and technical development, so let's promote working through the VPI group as the de facto standardization route of choice. In particular, I think a lot of what we want to do in the VRM world is at the service specification level, which seemed to make the VPI WG a good fit for things like Personal RFPs, the ListenLog, user driven Search, etc. Does that alignment work for you guys or does it seem to introduce more complexity? I ask is, in part, because of something Eve said: "especially since "user-driven" is starting to be associated with VRM as a whole and even "user-centricity" more broadly" "User driven" /is/ becoming a term of use in the VRM community to describe a larger category, of which VRM is one example. Is that a bad thing? Similarly, is associating the VPI working group with the new VRM organization a bad thing? Is there a need or desire to have a clearer distinction in terminology? If so, let's take care of that. -j On 4/20/2009 1:14 PM, Iain Henderson wrote: > Thanks Eve, Joe and Mark for your input on naming the work groups - i've > pondered on them and propose a compromise that I think meets the needs > of the group yet does not throw away the specific value in the focus/ > discussion enabled by Volunteered Personal Information. > > I think we should name the work group(s) as below: > > 1) User Driven & Volunteered Personal Information (Technical) > > 2) User Driven & Volunteered Personal Information (Policy and Commerce) > > That might seem like a fudge, but I think there is sense in it; here's > my logic: > > Volunteered Personal Information has always been a powerful concept real > new value to be accessed through enabling it to flow. /An example of how > I have explained my interpretation of the term to Doc (who was > expressing hotel related preferences) is at the bottom of this e-mail/. > But it is slightly too narrow in that an individual can generate real > value by voluntarily sharing information that is not strictly personal > (in the legal sense, looking through the lens of Euro privacy > legislation). Examples of this non-personal value add would include 'I > think this product is great', or I used outlet X for my shopping because > of Y (where 'I' is anonymous or pseudonymous). So we'd be missing some > value if we stuck to Volunteered Personal Information, and still not > addressing the fact that some of our audience don't like the term > Volunteered or assume a definition different to that intended. > > In parallel, (albeit not yet fully in the public domain) - there is > likely to be a VRM.org announced before too much longer that will have > 'user driven services' at its' core (as a build out from VRM), with some > very detailed and sound explanatory text and principles running > alongside. Knowing that this was coming down the track led to my > suggesting User Driven Information (UDI). Here's how i'd explain User > Driven Information. UDI relates to a wider data set than VPI, i.e. UDI > is not necessarily personal (it would include things like organisation > identity, product identity etc when the flow is initiated by the > individual); the defining characteristic would be that the individual > (user) would be the architect of the generation, management and use (inc > sharing) of the information in question. > > Breaking that down: > > - User, is not a great word in this specific scenario because the term > 'individual' (which is the one rooted in privacy legislation) is lost; > but Individual Driven Information is pretty clumsy. In naming the > VRM.org we have been round this loop many times and have yet to better > the term 'user' in our particular context. > > - Driven, is a good word in that it broadens the scope to cover > information that the individual takes action to move around or use as > required (although I take Eve's point about driven referring to > processes, I think I use driven more in terms of a car....a static thing > until someone proactively takes control of it. > > - Information, certainly the right in the context of the verb 'to > inform' as opposed to being the fancy word for data which is how the > term is often hijacked. > > So, given the benefits to be had from both terms, I propose to scrunch > them together. In reviewing the arguments, I also realised that we need > to operate at a more detailed level in our definitions, specifically > around how we define 'personal information' for example (inc ownership, > shared access etc). I think we need to tackle this as an early > deliverable from the new Policy and Commerce Work Group.....I can feel a > venn diagram coming on.... > > And when push comes to shove, if this new name needs to be changed as > time goes on then we're free to do so - as and when we come up with a > better option. > > Hope that makes sense. I suggest we sign this off on the call on Wednesday. > > Cheers > > Iain > > > *VPI USE CASE EXAMPLE (Hotel Preferences)* > > /Hi Doc,/ > / > / > /Your hotel example provides a great illustration and use case for the > work being done on Volunteered Personal Information./ > / > / > /It is genuinely VOLUNTEERED, i.e. offered because you want to, not > because someone makes you (in fact no-one is even asking you for this at > present, and no current CRM system would be able to interpret it)./ > / > / > /Clearly, it is PERSONAL, because those preferences and implied future > intentions are yours and only yours (that does not mean that there won't > be others with the same or similar ones, which is what will drive uptake > and ultimately your ability to easily get what you want)./ > / > / > /You offer INFORMATION, as opposed to 'data' in that you provide context > when you share it, and thus INFORM the recipient how to deal with it - > as opposed to leaving their systems and analytical processes to figure > that out from the raw material./ > / > / > /The only way this information will begin to flow is when we put some > structure and standards around it, provide the user-driven terms and > conditions for access and show both individuals and organisations the > benefits that will flow from engaging in this way./ > > > > On 16 Apr 2009, at 20:56, Eve Maler wrote: > >> Reviewing the draft charters, I'm finding that I'm a little reluctant >> to leave "VPI" behind (having argued, when the term was invented, that >> "Premium Personal Information" would be my preferred choice!). Here's >> my best shot at making the argument. >> >> Any information created by a person, about a person, related to a >> person, under the control of a person when it comes to distribution >> rights, etc. could be described as "personal" without any serious loss >> of precision. Also, having gotten used to "volunteered" (and even done >> some public promotion around it), I'd hate to leave it behind. >> Finally, information isn't "driven" -- processes are driven. >> Information *sharing* could be user-driven, but I believe this effort >> is trying to leave the technical/architectural implications of sharing >> *mechanisms* out of scope. (That is, "user-driven information sharing" >> is awfully broad and doesn't get at what's unique about this effort.) >> >> Eve >> >> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: >> >>> yes, as we move from discussion group to working group we'll need to >>> improve our documentation - starting with a description of User >>> Driven Information and how (if) that differs from VPI. >>> >>> Ultimately, I think the shift is the right thing to do, but I agree >>> we lose a little bit of the pure focus that VPI gave us - let's see >>> if we can find a way to do both, because I certainly see the VPI >>> aspect being the key area of new value creation. >>> >>> Cheers >>> >>> Iain >>> >>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >>> >>>> Thanks Joni, >>>> >>>> The context wiki and the name change does make a great deal of >>>> sense. Personal information does immediately seem restrictive for >>>> the broader stake-holders which we will want to get involved. >>>> Perhaps in writing up a full description of what UDI is we can >>>> create a category of information for Volunteered Personal Information? >>>> >>>> - Mark >>>> >>>> >>>> >>>> >>>> >>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>>> >>>>> Hi Mark, >>>>> >>>>> This may not be exactly what you're looking for but perhaps the VPI >>>>> SIG charter will be helpful as one reference: >>>>> >>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>>>> >>>>> Cheers, >>>>> >>>>> Joni >>>>> >>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >>>> > wrote: >>>>> >>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>>>> >>>>> You will also notice that we're proposing to change the name from >>>>> Volunteered Personal Information to User Driven Information. This >>>>> is because when digging into the detail of 'VPI', we realised that >>>>> not all of the information shareable by the individual is strictly >>>>> personal, so we felt it better to look for a more inclusive >>>>> option.....so UDI it is, and writing up a full description of that >>>>> is one of the proposed work packages. >>>>> >>>>> Although I can see the sense in broadening the scope of VPI to UDI, >>>>> I do think we loose something quite powerful in that personal >>>>> information falls under privacy and has a lot of force when applied >>>>> in customer relationships as well as in terms of compliance. I can >>>>> see that this isnt necessarily a salient point in that the data we >>>>> are discussing will be enforced in contract and subscribed to >>>>> regardless. >>>>> >>>>> Is there is a list somewhere or notes from a previous discussion >>>>> that details what data doesn't fall under VPI? >> >> >> Eve Maler eve.maler @ sun.com >> Emerging Technologies Director cell +1 425 345 6756 >> Sun Microsystems Identity Software www.xmlgrrl.com/blog >> >> > > Iain Henderson > iain.henderson at mydex.org > > This email and any attachment contains information which is private and > confidential and is intended for the addressee only. If you are not an > addressee, you are not authorised to read, copy or use the e-mail or any > attachment. If you have received this e-mail in error, please notify the > sender by return e-mail and then destroy it. > > > > From iain.henderson at mydex.org Tue Apr 21 10:53:05 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Tue, 21 Apr 2009 18:53:05 +0100 Subject: [Sig-vpi] Agenda for User Driven and Volunteered Personal Information Call Tomorrow (Wed 22nd April) Message-ID: <852FD67D-CFCB-4CE1-964F-1DA752267DE9@mydex.org> Folks, We have a call tomorrow, details below: http://wiki.projectliberty.org/index.php/VolunteeredPersonalInformationSIG Time: 11-12 PDT, 2-3 EDT, 7-8 UK time Dial in: USA toll free, 866-469-3239 USA toll, 650-429-3300 Access Code: 78701111# As an agenda, I suggest we don't dwell too long on naming the groups, but get into the proposed scopes of work for the two updated work groups and put some thought into timing, methodologies and resource requirements. I have copied the existing draft scopes of work from the updated charter documents below. If anyone wishes to get involved in the work activity but can't join the call then just e-mail me direct and we can arrange to talk. Cheers Iain Workgroup 1 - USER DRIVEN AND VOLUNTEERED PERSONAL INFORMATION (Technical) (3) SCOPE: Explain the scope and definition of the planned work. The founding Work Group participants recognize that deployers are working in an ever-evolving heterogeneous environment that requires interoperability of identity services (i.e. identity- and SOA-enabled applications), both internal and external to the enterprise. In order to advance the identity-enabled marketplace -- specifically application domains that rely upon identity-based web services -- this Work Group is chartered to: ? Become an active public discussion forum for the collection, development, and analysis of use cases/ scenarios that are met by the emerging concept of User Driven Information. ? Develop a detailed public roadmap that provides recommended next actions to make the concept of User Driven Information a reality within 12 months. ? Foster awareness of and participation in this effort from the broadest stakeholder cross-section possible, both the near-term use case phase taking place in this working group, the mid-term specification and practical framework build phase, and the long-term adoption of the newly emerged User Driven Information. (4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership. Develop clear list of deliverables: Draft Technical Specifications or Source Code Proposed ? Personal data store ? an illustrative technical specification (in that we feel it is impossible to be definitive in this area) ? Technical specifications for User Driven Information sharing mechanism(s) ? Definition of Service Interface Specs (SIS) for each identified type of User Driven Information (e.g. Buying Intentions) Workgroup 2 - USER DRIVEN AND VOLUNTEERED PERSONAL INFORMATION (Policy and Commerce) (5) OTHER DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot. Develop clear list of deliverables: White Papers, Technical Reports, Guidelines etc?Note: These recommendation are likely to be delivered via a separate/ related working group as the intellectual property requirements of the above differ from the technical specification work. A clear description and definition of User Driven Information Use cases illustrating deployment of User Driven Information across a wide range of scenario?s A standardized approach to a data sharing agreement as driven from the individual perspective Deployment guidelines Trust-marks, Audit and Compliance mechanisms Qualitative and quantitative market research amongst individuals on the factors that will dictate uptake of VPI sharing (subject to funding) Qualitative and quantitative market research amongst organisations on the factors that will dictate uptake of VPI sharing (beginning with NewOrg member base) Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at andrieu.net Tue Apr 21 11:26:29 2009 From: joe at andrieu.net (Joe andrieu) Date: Tue, 21 Apr 2009 11:26:29 -0700 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <963D1692-A4C3-48EC-BFD8-5FC1CA64C9D9@Sun.COM> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <39B0DAC9-0E8C-4BA0-A361-25AE8B351180@mydex.org> <49ED7EBA.3080407@andrieu.net> <963D1692-A4C3-48EC-BFD8-5FC1CA64C9D9@Sun.COM> Message-ID: <49EE0FD5.4060808@andrieu.net> Eve, Good points. I'm still feeling my way through the Liberty/Kantara approach. I guess you're suggesting that perhaps things like the ListenLog and Search Maps should be separate working groups from UDVPI? I will admit, I don't have a good sense of the sweet spot for scoping with Kantara. Perhaps Brett, or Eve, could you provide some examples of similar projects and the expected scope? I've been thinking of UDVPI as a vehicle for standardizing approaches to acquiring, using, propogating, and deleting user provided information. And, given the core role the Personal Datastore has in VRM approaches, that covers almost everything VRM we've talked about, including r-button, paychoice, personal rfps, one night stands, etc. Perhaps because I don't understand how the rest of the liberty/kantara works, I'm not sure how these might best fit into additional WGs, except to understand that each WG has its own setup and maintenance overhead--and hence I'd rather not create any more than we need. Perhaps if we explicitly list things we want in UDVPI and things we think might better fit in additional WGs... -j On 4/21/2009 8:28 AM, Eve Maler wrote: > (This is one of those "I didn't have time to make it shorter" > messages. :-) > > I haven't given full thought to Iain's writeup; I'm not crazy about > the hybrid name aesthetically but maybe I'll be convinced as I read. > > While Kantara is set up to incubate technical solutions, it can (I > know you know this) also incubate the development of non-technical > artifacts of various sorts. Joe, the other org you've been putting > together has a constraint around membership that Kantara could never > satisfy, so this is why I see the need for multiple orgs. There is > value in making the WGs Iain has proposed very focused, with very > precise deliverables, and I worry a bit that seeing them as the only > "basket" of Kantara-sourced VRM innovation (vs. creating more WGs and > DGs as appropriate for other specific goals) is simultaneously too > limiting for VRM and increasing these WGs' scope too much. > > Regarding "user-driven", I really do think it's very broad in its > application now. Just as an example, in discussions with folks at the > RSA conference yesterday about ProtectServe, someone spontaneously > described it as providing "user-driven compliance" (compliance in the > GRC sense; believe it or not, that's a legitimate use case as far as > I'm concerned!). I have no problem with the popularity of > "user-driven", but do we want all of it in the WG scope Iain is going > for? > > Eve > > On Apr 21, 2009, at 1:07 AM, Joe Andrieu wrote: > >> I would rather we go with VPI or UDI rather than the hybrid. Things >> are confusing enough without "UDVPI" being added to the mix. >> >> Here's a question for Eve & Mark (and others not knee deep in the >> ProjectVRM work): >> >> Some of the discussion that has gone in the VRM organizational effort >> has been looking at the VPI initiative as possibly the primary >> working interface between the new VRM organization and Kantara. The >> thinking was that Kantara seems to be better suited for standards and >> technical development, so let's promote working through the VPI group >> as the de facto standardization route of choice. >> >> In particular, I think a lot of what we want to do in the VRM world >> is at the service specification level, which seemed to make the VPI >> WG a good fit for things like Personal RFPs, the ListenLog, user >> driven Search, etc. >> >> Does that alignment work for you guys or does it seem to introduce >> more complexity? >> >> I ask is, in part, because of something Eve said: "especially since >> "user-driven" is starting to be associated with VRM as a whole and >> even "user-centricity" more broadly" >> >> "User driven" /is/ becoming a term of use in the VRM community to >> describe a larger category, of which VRM is one example. >> >> Is that a bad thing? >> >> Similarly, is associating the VPI working group with the new VRM >> organization a bad thing? Is there a need or desire to have a clearer >> distinction in terminology? If so, let's take care of that. >> >> -j >> >> On 4/20/2009 1:14 PM, Iain Henderson wrote: >> > Thanks Eve, Joe and Mark for your input on naming the work groups - >> i've >> > pondered on them and propose a compromise that I think meets the needs >> > of the group yet does not throw away the specific value in the focus/ >> > discussion enabled by Volunteered Personal Information. >> > >> > I think we should name the work group(s) as below: >> > >> > 1) User Driven & Volunteered Personal Information (Technical) >> > >> > 2) User Driven & Volunteered Personal Information (Policy and >> Commerce) >> > >> > That might seem like a fudge, but I think there is sense in it; here's >> > my logic: >> > >> > Volunteered Personal Information has always been a powerful concept >> real >> > new value to be accessed through enabling it to flow. /An example >> of how >> > I have explained my interpretation of the term to Doc (who was >> > expressing hotel related preferences) is at the bottom of this >> e-mail/. >> > But it is slightly too narrow in that an individual can generate real >> > value by voluntarily sharing information that is not strictly personal >> > (in the legal sense, looking through the lens of Euro privacy >> > legislation). Examples of this non-personal value add would include 'I >> > think this product is great', or I used outlet X for my shopping >> because >> > of Y (where 'I' is anonymous or pseudonymous). So we'd be missing some >> > value if we stuck to Volunteered Personal Information, and still not >> > addressing the fact that some of our audience don't like the term >> > Volunteered or assume a definition different to that intended. >> > >> > In parallel, (albeit not yet fully in the public domain) - there is >> > likely to be a VRM.org announced before too much longer that will have >> > 'user driven services' at its' core (as a build out from VRM), with >> some >> > very detailed and sound explanatory text and principles running >> > alongside. Knowing that this was coming down the track led to my >> > suggesting User Driven Information (UDI). Here's how i'd explain User >> > Driven Information. UDI relates to a wider data set than VPI, i.e. UDI >> > is not necessarily personal (it would include things like organisation >> > identity, product identity etc when the flow is initiated by the >> > individual); the defining characteristic would be that the individual >> > (user) would be the architect of the generation, management and use >> (inc >> > sharing) of the information in question. >> > >> > Breaking that down: >> > >> > - User, is not a great word in this specific scenario because the term >> > 'individual' (which is the one rooted in privacy legislation) is lost; >> > but Individual Driven Information is pretty clumsy. In naming the >> > VRM.org we have been round this loop many times and have yet to better >> > the term 'user' in our particular context. >> > >> > - Driven, is a good word in that it broadens the scope to cover >> > information that the individual takes action to move around or use as >> > required (although I take Eve's point about driven referring to >> > processes, I think I use driven more in terms of a car....a static >> thing >> > until someone proactively takes control of it. >> > >> > - Information, certainly the right in the context of the verb 'to >> > inform' as opposed to being the fancy word for data which is how the >> > term is often hijacked. >> > >> > So, given the benefits to be had from both terms, I propose to scrunch >> > them together. In reviewing the arguments, I also realised that we >> need >> > to operate at a more detailed level in our definitions, specifically >> > around how we define 'personal information' for example (inc >> ownership, >> > shared access etc). I think we need to tackle this as an early >> > deliverable from the new Policy and Commerce Work Group.....I can >> feel a >> > venn diagram coming on.... >> > >> > And when push comes to shove, if this new name needs to be changed as >> > time goes on then we're free to do so - as and when we come up with a >> > better option. >> > >> > Hope that makes sense. I suggest we sign this off on the call on >> Wednesday. >> > >> > Cheers >> > >> > Iain >> > >> > >> > *VPI USE CASE EXAMPLE (Hotel Preferences)* >> > >> > /Hi Doc,/ >> > / >> > / >> > /Your hotel example provides a great illustration and use case for the >> > work being done on Volunteered Personal Information./ >> > / >> > / >> > /It is genuinely VOLUNTEERED, i.e. offered because you want to, not >> > because someone makes you (in fact no-one is even asking you for >> this at >> > present, and no current CRM system would be able to interpret it)./ >> > / >> > / >> > /Clearly, it is PERSONAL, because those preferences and implied future >> > intentions are yours and only yours (that does not mean that there >> won't >> > be others with the same or similar ones, which is what will drive >> uptake >> > and ultimately your ability to easily get what you want)./ >> > / >> > / >> > /You offer INFORMATION, as opposed to 'data' in that you provide >> context >> > when you share it, and thus INFORM the recipient how to deal with it - >> > as opposed to leaving their systems and analytical processes to figure >> > that out from the raw material./ >> > / >> > / >> > /The only way this information will begin to flow is when we put some >> > structure and standards around it, provide the user-driven terms and >> > conditions for access and show both individuals and organisations the >> > benefits that will flow from engaging in this way./ >> > >> > >> > >> > On 16 Apr 2009, at 20:56, Eve Maler wrote: >> > >> >> Reviewing the draft charters, I'm finding that I'm a little reluctant >> >> to leave "VPI" behind (having argued, when the term was invented, >> that >> >> "Premium Personal Information" would be my preferred choice!). Here's >> >> my best shot at making the argument. >> >> >> >> Any information created by a person, about a person, related to a >> >> person, under the control of a person when it comes to distribution >> >> rights, etc. could be described as "personal" without any serious >> loss >> >> of precision. Also, having gotten used to "volunteered" (and even >> done >> >> some public promotion around it), I'd hate to leave it behind. >> >> Finally, information isn't "driven" -- processes are driven. >> >> Information *sharing* could be user-driven, but I believe this effort >> >> is trying to leave the technical/architectural implications of >> sharing >> >> *mechanisms* out of scope. (That is, "user-driven information >> sharing" >> >> is awfully broad and doesn't get at what's unique about this effort.) >> >> >> >> Eve >> >> >> >> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: >> >> >> >>> yes, as we move from discussion group to working group we'll need to >> >>> improve our documentation - starting with a description of User >> >>> Driven Information and how (if) that differs from VPI. >> >>> >> >>> Ultimately, I think the shift is the right thing to do, but I agree >> >>> we lose a little bit of the pure focus that VPI gave us - let's see >> >>> if we can find a way to do both, because I certainly see the VPI >> >>> aspect being the key area of new value creation. >> >>> >> >>> Cheers >> >>> >> >>> Iain >> >>> >> >>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >> >>> >> >>>> Thanks Joni, >> >>>> >> >>>> The context wiki and the name change does make a great deal of >> >>>> sense. Personal information does immediately seem restrictive for >> >>>> the broader stake-holders which we will want to get involved. >> >>>> Perhaps in writing up a full description of what UDI is we can >> >>>> create a category of information for Volunteered Personal >> Information? >> >>>> >> >>>> - Mark >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >> >>>> >> >>>>> Hi Mark, >> >>>>> >> >>>>> This may not be exactly what you're looking for but perhaps the >> VPI >> >>>>> SIG charter will be helpful as one reference: >> >>>>> >> >>>>> >> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >> >> >>>>> >> >>>>> Cheers, >> >>>>> >> >>>>> Joni >> >>>>> >> >>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar > >>>>> > wrote: >> >>>>> >> >>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >> >>>>> >> >>>>> You will also notice that we're proposing to change the name from >> >>>>> Volunteered Personal Information to User Driven Information. This >> >>>>> is because when digging into the detail of 'VPI', we realised that >> >>>>> not all of the information shareable by the individual is strictly >> >>>>> personal, so we felt it better to look for a more inclusive >> >>>>> option.....so UDI it is, and writing up a full description of that >> >>>>> is one of the proposed work packages. >> >>>>> >> >>>>> Although I can see the sense in broadening the scope of VPI to >> UDI, >> >>>>> I do think we loose something quite powerful in that personal >> >>>>> information falls under privacy and has a lot of force when >> applied >> >>>>> in customer relationships as well as in terms of compliance. I can >> >>>>> see that this isnt necessarily a salient point in that the data we >> >>>>> are discussing will be enforced in contract and subscribed to >> >>>>> regardless. >> >>>>> >> >>>>> Is there is a list somewhere or notes from a previous discussion >> >>>>> that details what data doesn't fall under VPI? >> >> >> >> >> >> Eve Maler eve.maler @ sun.com >> >> Emerging Technologies Director cell +1 425 345 6756 >> >> Sun Microsystems Identity Software www.xmlgrrl.com/blog >> >> >> >> >> > >> > Iain Henderson >> > iain.henderson at mydex.org >> > >> > This email and any attachment contains information which is private >> and >> > confidential and is intended for the addressee only. If you are not an >> > addressee, you are not authorised to read, copy or use the e-mail >> or any >> > attachment. If you have received this e-mail in error, please >> notify the >> > sender by return e-mail and then destroy it. >> > >> > >> > >> > > > > Eve Maler eve.maler @ sun.com > Emerging Technologies Director cell +1 425 345 6756 > Sun Microsystems Identity Software www.xmlgrrl.com/blog > > > -- Joe Andrieu joe at andrieu.net +1 (805) 705-8651 From iain.henderson at mydex.org Tue Apr 21 11:39:35 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Tue, 21 Apr 2009 19:39:35 +0100 Subject: [Sig-vpi] Proposed Charters and Work Packages for 'VPI' in NewOrg In-Reply-To: <49EE0FD5.4060808@andrieu.net> References: <91647BB4-1B2D-49B4-99ED-060F68E0B7D1@smartspecies.com> <947ea3330904150957j2b1f28fnbb76c3a0f188e669@mail.gmail.com> <7E84B207-2588-46DC-96E1-8E318BE472D5@smartspecies.com> <1175E42F-4BD2-479D-A5E6-18D75D218D74@mydex.org> <4A30A185-8E2F-4DD9-874C-C4F79FDF0E03@sun.com> <39B0DAC9-0E8C-4BA0-A361-25AE8B351180@mydex.org> <49ED7EBA.3080407@andrieu.net> <963D1692-A4C3-48EC-BFD8-5FC1CA64C9D9@Sun.COM> <49EE0FD5.4060808@andrieu.net> Message-ID: <5EE33DD8-DF78-4B02-82B6-9E479251C442@mydex.org> In my view, there are three pivotal aspects of the work that started in VPI SIG and which is migrating onward to Kantera: 1) producing a spec a personal data store that can go forward as a draft standard; this will not be THE personal data store, but will be at worst a reference point for other attempts. 2) VPI itself, is the real 'win win'/ generator of new value (VPI in turn has many sub-types, i'd say search map is one such sub-type). 3) the standardised agreement that allows an individual to release this value The other proposed work areas are important, but if we end up short in resource get dragged in too many directions i'd chose to focus as above. As an aside, so probable rather than definite - it already looks like we will work to share our proposed research activity with the emerging Privacy working group. My sense is that Kantera will be better at cross-fertilisation of activities over work groups. Hope that helps. Iain On 21 Apr 2009, at 19:26, Joe andrieu wrote: > Eve, > > Good points. I'm still feeling my way through the Liberty/Kantara > approach. I guess you're suggesting that perhaps things like the > ListenLog and Search Maps should be separate working groups from > UDVPI? > > I will admit, I don't have a good sense of the sweet spot for > scoping with Kantara. Perhaps Brett, or Eve, could you provide some > examples of similar projects and the expected scope? > > I've been thinking of UDVPI as a vehicle for standardizing > approaches to acquiring, using, propogating, and deleting user > provided information. And, given the core role the Personal > Datastore has in VRM approaches, that covers almost everything VRM > we've talked about, including r-button, paychoice, personal rfps, > one night stands, etc. Perhaps because I don't understand how the > rest of the liberty/kantara works, I'm not sure how these might best > fit into additional WGs, except to understand that each WG has its > own setup and maintenance overhead--and hence I'd rather not create > any more than we need. > > Perhaps if we explicitly list things we want in UDVPI and things we > think might better fit in additional WGs... > > -j > > On 4/21/2009 8:28 AM, Eve Maler wrote: >> (This is one of those "I didn't have time to make it shorter" >> messages. :-) >> >> I haven't given full thought to Iain's writeup; I'm not crazy about >> the hybrid name aesthetically but maybe I'll be convinced as I read. >> >> While Kantara is set up to incubate technical solutions, it can (I >> know you know this) also incubate the development of non-technical >> artifacts of various sorts. Joe, the other org you've been putting >> together has a constraint around membership that Kantara could >> never satisfy, so this is why I see the need for multiple orgs. >> There is value in making the WGs Iain has proposed very focused, >> with very precise deliverables, and I worry a bit that seeing them >> as the only "basket" of Kantara-sourced VRM innovation (vs. >> creating more WGs and DGs as appropriate for other specific goals) >> is simultaneously too limiting for VRM and increasing these WGs' >> scope too much. >> >> Regarding "user-driven", I really do think it's very broad in its >> application now. Just as an example, in discussions with folks at >> the RSA conference yesterday about ProtectServe, someone >> spontaneously described it as providing "user-driven >> compliance" (compliance in the GRC sense; believe it or not, that's >> a legitimate use case as far as I'm concerned!). I have no problem >> with the popularity of "user-driven", but do we want all of it in >> the WG scope Iain is going for? >> >> Eve >> >> On Apr 21, 2009, at 1:07 AM, Joe Andrieu wrote: >> >>> I would rather we go with VPI or UDI rather than the hybrid. >>> Things are confusing enough without "UDVPI" being added to the mix. >>> >>> Here's a question for Eve & Mark (and others not knee deep in the >>> ProjectVRM work): >>> >>> Some of the discussion that has gone in the VRM organizational >>> effort has been looking at the VPI initiative as possibly the >>> primary working interface between the new VRM organization and >>> Kantara. The thinking was that Kantara seems to be better suited >>> for standards and technical development, so let's promote working >>> through the VPI group as the de facto standardization route of >>> choice. >>> >>> In particular, I think a lot of what we want to do in the VRM >>> world is at the service specification level, which seemed to make >>> the VPI WG a good fit for things like Personal RFPs, the >>> ListenLog, user driven Search, etc. >>> >>> Does that alignment work for you guys or does it seem to introduce >>> more complexity? >>> >>> I ask is, in part, because of something Eve said: "especially >>> since "user-driven" is starting to be associated with VRM as a >>> whole and even "user-centricity" more broadly" >>> >>> "User driven" /is/ becoming a term of use in the VRM community to >>> describe a larger category, of which VRM is one example. >>> >>> Is that a bad thing? >>> >>> Similarly, is associating the VPI working group with the new VRM >>> organization a bad thing? Is there a need or desire to have a >>> clearer distinction in terminology? If so, let's take care of that. >>> >>> -j >>> >>> On 4/20/2009 1:14 PM, Iain Henderson wrote: >>> > Thanks Eve, Joe and Mark for your input on naming the work >>> groups - i've >>> > pondered on them and propose a compromise that I think meets the >>> needs >>> > of the group yet does not throw away the specific value in the >>> focus/ >>> > discussion enabled by Volunteered Personal Information. >>> > >>> > I think we should name the work group(s) as below: >>> > >>> > 1) User Driven & Volunteered Personal Information (Technical) >>> > >>> > 2) User Driven & Volunteered Personal Information (Policy and >>> Commerce) >>> > >>> > That might seem like a fudge, but I think there is sense in it; >>> here's >>> > my logic: >>> > >>> > Volunteered Personal Information has always been a powerful >>> concept real >>> > new value to be accessed through enabling it to flow. /An >>> example of how >>> > I have explained my interpretation of the term to Doc (who was >>> > expressing hotel related preferences) is at the bottom of this e- >>> mail/. >>> > But it is slightly too narrow in that an individual can generate >>> real >>> > value by voluntarily sharing information that is not strictly >>> personal >>> > (in the legal sense, looking through the lens of Euro privacy >>> > legislation). Examples of this non-personal value add would >>> include 'I >>> > think this product is great', or I used outlet X for my shopping >>> because >>> > of Y (where 'I' is anonymous or pseudonymous). So we'd be >>> missing some >>> > value if we stuck to Volunteered Personal Information, and still >>> not >>> > addressing the fact that some of our audience don't like the term >>> > Volunteered or assume a definition different to that intended. >>> > >>> > In parallel, (albeit not yet fully in the public domain) - there >>> is >>> > likely to be a VRM.org announced before too much longer that >>> will have >>> > 'user driven services' at its' core (as a build out from VRM), >>> with some >>> > very detailed and sound explanatory text and principles running >>> > alongside. Knowing that this was coming down the track led to my >>> > suggesting User Driven Information (UDI). Here's how i'd explain >>> User >>> > Driven Information. UDI relates to a wider data set than VPI, >>> i.e. UDI >>> > is not necessarily personal (it would include things like >>> organisation >>> > identity, product identity etc when the flow is initiated by the >>> > individual); the defining characteristic would be that the >>> individual >>> > (user) would be the architect of the generation, management and >>> use (inc >>> > sharing) of the information in question. >>> > >>> > Breaking that down: >>> > >>> > - User, is not a great word in this specific scenario because >>> the term >>> > 'individual' (which is the one rooted in privacy legislation) is >>> lost; >>> > but Individual Driven Information is pretty clumsy. In naming the >>> > VRM.org we have been round this loop many times and have yet to >>> better >>> > the term 'user' in our particular context. >>> > >>> > - Driven, is a good word in that it broadens the scope to cover >>> > information that the individual takes action to move around or >>> use as >>> > required (although I take Eve's point about driven referring to >>> > processes, I think I use driven more in terms of a car....a >>> static thing >>> > until someone proactively takes control of it. >>> > >>> > - Information, certainly the right in the context of the verb 'to >>> > inform' as opposed to being the fancy word for data which is how >>> the >>> > term is often hijacked. >>> > >>> > So, given the benefits to be had from both terms, I propose to >>> scrunch >>> > them together. In reviewing the arguments, I also realised that >>> we need >>> > to operate at a more detailed level in our definitions, >>> specifically >>> > around how we define 'personal information' for example (inc >>> ownership, >>> > shared access etc). I think we need to tackle this as an early >>> > deliverable from the new Policy and Commerce Work Group.....I >>> can feel a >>> > venn diagram coming on.... >>> > >>> > And when push comes to shove, if this new name needs to be >>> changed as >>> > time goes on then we're free to do so - as and when we come up >>> with a >>> > better option. >>> > >>> > Hope that makes sense. I suggest we sign this off on the call on >>> Wednesday. >>> > >>> > Cheers >>> > >>> > Iain >>> > >>> > >>> > *VPI USE CASE EXAMPLE (Hotel Preferences)* >>> > >>> > /Hi Doc,/ >>> > / >>> > / >>> > /Your hotel example provides a great illustration and use case >>> for the >>> > work being done on Volunteered Personal Information./ >>> > / >>> > / >>> > /It is genuinely VOLUNTEERED, i.e. offered because you want to, >>> not >>> > because someone makes you (in fact no-one is even asking you for >>> this at >>> > present, and no current CRM system would be able to interpret >>> it)./ >>> > / >>> > / >>> > /Clearly, it is PERSONAL, because those preferences and implied >>> future >>> > intentions are yours and only yours (that does not mean that >>> there won't >>> > be others with the same or similar ones, which is what will >>> drive uptake >>> > and ultimately your ability to easily get what you want)./ >>> > / >>> > / >>> > /You offer INFORMATION, as opposed to 'data' in that you provide >>> context >>> > when you share it, and thus INFORM the recipient how to deal >>> with it - >>> > as opposed to leaving their systems and analytical processes to >>> figure >>> > that out from the raw material./ >>> > / >>> > / >>> > /The only way this information will begin to flow is when we put >>> some >>> > structure and standards around it, provide the user-driven terms >>> and >>> > conditions for access and show both individuals and >>> organisations the >>> > benefits that will flow from engaging in this way./ >>> > >>> > >>> > >>> > On 16 Apr 2009, at 20:56, Eve Maler wrote: >>> > >>> >> Reviewing the draft charters, I'm finding that I'm a little >>> reluctant >>> >> to leave "VPI" behind (having argued, when the term was >>> invented, that >>> >> "Premium Personal Information" would be my preferred choice!). >>> Here's >>> >> my best shot at making the argument. >>> >> >>> >> Any information created by a person, about a person, related to a >>> >> person, under the control of a person when it comes to >>> distribution >>> >> rights, etc. could be described as "personal" without any >>> serious loss >>> >> of precision. Also, having gotten used to "volunteered" (and >>> even done >>> >> some public promotion around it), I'd hate to leave it behind. >>> >> Finally, information isn't "driven" -- processes are driven. >>> >> Information *sharing* could be user-driven, but I believe this >>> effort >>> >> is trying to leave the technical/architectural implications of >>> sharing >>> >> *mechanisms* out of scope. (That is, "user-driven information >>> sharing" >>> >> is awfully broad and doesn't get at what's unique about this >>> effort.) >>> >> >>> >> Eve >>> >> >>> >> On Apr 15, 2009, at 12:21 PM, Iain Henderson wrote: >>> >> >>> >>> yes, as we move from discussion group to working group we'll >>> need to >>> >>> improve our documentation - starting with a description of User >>> >>> Driven Information and how (if) that differs from VPI. >>> >>> >>> >>> Ultimately, I think the shift is the right thing to do, but I >>> agree >>> >>> we lose a little bit of the pure focus that VPI gave us - >>> let's see >>> >>> if we can find a way to do both, because I certainly see the VPI >>> >>> aspect being the key area of new value creation. >>> >>> >>> >>> Cheers >>> >>> >>> >>> Iain >>> >>> >>> >>> On 15 Apr 2009, at 18:22, Mark Lizar wrote: >>> >>> >>> >>>> Thanks Joni, >>> >>>> >>> >>>> The context wiki and the name change does make a great deal of >>> >>>> sense. Personal information does immediately seem restrictive >>> for >>> >>>> the broader stake-holders which we will want to get involved. >>> >>>> Perhaps in writing up a full description of what UDI is we can >>> >>>> create a category of information for Volunteered Personal >>> Information? >>> >>>> >>> >>>> - Mark >>> >>>> >>> >>>> >>> >>>> >>> >>>> >>> >>>> >>> >>>> On 15 Apr 2009, at 17:57, Joni Brennan wrote: >>> >>>> >>> >>>>> Hi Mark, >>> >>>>> >>> >>>>> This may not be exactly what you're looking for but perhaps >>> the VPI >>> >>>>> SIG charter will be helpful as one reference: >>> >>>>> >>> >>>>> http://wiki.projectliberty.org/index.php/Liberty_Volunteered_Personal_Information_SIG_Charter >>> >>>>> >>> >>>>> Cheers, >>> >>>>> >>> >>>>> Joni >>> >>>>> >>> >>>>> On Wed, Apr 15, 2009 at 9:36 AM, Mark Lizar >> >>>>> > wrote: >>> >>>>> >>> >>>>> On 15 Apr 2009, at 08:40, Iain Henderson wrote: >>> >>>>> >>> >>>>> You will also notice that we're proposing to change the name >>> from >>> >>>>> Volunteered Personal Information to User Driven Information. >>> This >>> >>>>> is because when digging into the detail of 'VPI', we >>> realised that >>> >>>>> not all of the information shareable by the individual is >>> strictly >>> >>>>> personal, so we felt it better to look for a more inclusive >>> >>>>> option.....so UDI it is, and writing up a full description >>> of that >>> >>>>> is one of the proposed work packages. >>> >>>>> >>> >>>>> Although I can see the sense in broadening the scope of VPI >>> to UDI, >>> >>>>> I do think we loose something quite powerful in that personal >>> >>>>> information falls under privacy and has a lot of force when >>> applied >>> >>>>> in customer relationships as well as in terms of compliance. >>> I can >>> >>>>> see that this isnt necessarily a salient point in that the >>> data we >>> >>>>> are discussing will be enforced in contract and subscribed to >>> >>>>> regardless. >>> >>>>> >>> >>>>> Is there is a list somewhere or notes from a previous >>> discussion >>> >>>>> that details what data doesn't fall under VPI? >>> >> >>> >> >>> >> Eve Maler eve.maler @ sun.com >>> >> Emerging Technologies Director cell +1 425 345 6756 >>> >> Sun Microsystems Identity Software www.xmlgrrl.com/blog >>> >> >>> >> >>> > >>> > Iain Henderson >>> > iain.henderson at mydex.org >>> > >>> > This email and any attachment contains information which is >>> private and >>> > confidential and is intended for the addressee only. If you are >>> not an >>> > addressee, you are not authorised to read, copy or use the e- >>> mail or any >>> > attachment. If you have received this e-mail in error, please >>> notify the >>> > sender by return e-mail and then destroy it. >>> > >>> > >>> > >>> > >> >> >> Eve Maler eve.maler @ >> sun.com >> Emerging Technologies Director cell +1 425 345 >> 6756 >> Sun Microsystems Identity Software www.xmlgrrl.com/ >> blog >> >> >> > > -- > Joe Andrieu > joe at andrieu.net > +1 (805) 705-8651 > > > _______________________________________________ > Sig-vpi mailing list > Sig-vpi at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-vpi_lists.projectliberty.org Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. From iain.henderson at mydex.org Thu Apr 23 06:27:49 2009 From: iain.henderson at mydex.org (Iain Henderson) Date: Thu, 23 Apr 2009 14:27:49 +0100 Subject: [Sig-vpi] Notes from Call on 22nd April 09 Message-ID: <821FFB55-C580-4C3D-8C80-3A4C7ECA610D@mydex.org> Folks, here are the notes I made on the call yesterday. Feel free to come back with amends/ queries on bits I should build out. As we move to the wiki, i'd intend to move the call notes over there. Thanks Iain Notes from Call on 22nd April 09 1) Joni briefed us on the Kantara Initiative launch update (soft launch) earlier this week which has gone to plan. 2) Second phase launch, includes press release and detail of members and workgroups; timing tbc 3) Kantara web site = http://kantarainitiative.org/ (marketing face) Groups covered in pull down menu - pulls up second site (working site/ confluence) 4) When we formally re-charter (hopefully prior to 15th May) each group member will go through a sign up process to enable us to put the IPR policy in place; likely to be a manual process at first going automated for new members over time. 5) Our Wiki under Kantara - confluence based - we will probably just start again and Iain/ Joni will migrate relevant content over 6) We shoud sign up to the Kantara mailing List - community@, general questions, discussions, working through issues 7) Process for cross-group discussion are being put in place. 8) Face to face kick off for the scopes of work will take place during the un-conference sessions at the VRM workshop (15th, 16th June in Palo Alto), sign up details are below: http://cyber.law.harvard.edu/projectvrm/VRM_West_Coast_Workshop_2009 It is likely that we will continue working face to face for those present at IIW, or on the Sunday in between VRM and IIW (17th). 9) We agreed to run with User Driven and Volunteered Personal Information as the name for the groups and review as we get into the detail; Joni to amend the kantara web site. In the second half of the call we reviewed the existing draft scope of work across both working groups, notes in red reflect points discussed over and above the scope text from the draft charter documents. Workgroup 1 - USER DRIVEN AND VOLUNTEERED PERSONAL INFORMATION (Technical) (3) SCOPE: Explain the scope and definition of the planned work. The founding Work Group participants recognize that deployers are working in an ever-evolving heterogeneous environment that requires interoperability of identity services (i.e. identity- and SOA-enabled applications), both internal and external to the enterprise. In order to advance the identity-enabled marketplace -- specifically application domains that rely upon identity-based web services -- this Work Group is chartered to: ? Become an active public discussion forum for the collection, development, and analysis of use cases/ scenarios that are met by the emerging concept of User Driven Information. (we agreed that this be in policy group only for IPR reasons) ? Develop a detailed public roadmap that provides recommended next actions to make the concept of User Driven Information a reality within 12 months. (we agreed that this be in policy group only for IPR reasons) ? Foster awareness of and participation in this effort from the broadest stakeholder cross-section possible, both the near-term use case phase taking place in this working group, the mid-term specification and practical framework build phase, and the long-term adoption of the newly emerged User Driven Information. (we agreed that this be in policy group only for IPR reasons) (4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership. Develop clear list of deliverables: Draft Technical Specifications or Source Code Proposed ? Personal data store ? an illustrative technical specification (in that we feel it is impossible to be definitive in this area) ? Technical specifications for User Driven Information sharing mechanism(s) ? Definition of Service Interface Specs (SIS) for each identified type of User Driven Information (e.g. Buying Intentions) We discussed OASIS as a potential standards body for our outputs and agreed to wait for feedback from Drummond Reed before committing to this. - sub-groups - timetable - resources Joe queried whether other working groups were looking at user experience; Joni believed so but will confirm and also aadvised to talk to Eve about UI work being done in Concordia. Eve on Concordia Workgroup 2 - USER DRIVEN AND VOLUNTEERED PERSONAL INFORMATION (Policy and Commerce) (5) OTHER DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot. Develop clear list of deliverables: White Papers, Technical Reports, Guidelines etc?Note: These recommendation are likely to be delivered via a separate/ related working group as the intellectual property requirements of the above differ from the technical specification work. ? A clear description and definition of User Driven Information ? Use cases illustrating deployment of User Driven Information across a wide range of scenario?s ? A standardized approach to a data sharing agreement as driven from the individual perspective ? Deployment guidelines ? Trust-marks, Audit and Compliance mechanisms ? Qualitative and quantitative market research amongst individuals on the factors that will dictate uptake of VPI sharing (subject to funding) ? Qualitative and quantitative market research amongst organisations on the factors that will dictate uptake of VPI sharing (beginning with NewOrg member base) At the face to face sessions we will attempt to map out timeline of outputs for internal review. Next call 6th May. Iain Henderson iain.henderson at mydex.org This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e- mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. -------------- next part -------------- An HTML attachment was scrubbed... URL: