Trust and usability are prerequisites for the development of commercial, administrative, social media and other e-services. To enable trust and usability today, secure and easy-to-use e-identification is in the users, service providers and the public interest. Identity federation is a solution that is now beginning to spread and gain in importance.

An identity federation is an association of organizations that have agreed to rely on each others’ electronic identities to facilitate user access and protect personal privacy when using electronic services.

During this workshop, participants will review practical experience in developing and establishing identity federation. Target groups for the workshop are the organizations which operate or plan to establish identity federation, email service providers, credential service providers/identity providers.

Agenda
09:00 Introduction – Presentation of participants: Kantara Initiative – The Bridge to Communities Assurance, Governance and Technical Interoperability
Joni Brennan, Executive Director of Kantara Initiative

10:00 SWAMID – Swedish Academic Identity
Leif Johansson, SUNET

10:30 Coffee

11:00 Kalmar2 and eduGAIN, international collaborations in the Federation area
Valter Nordh, SUNET / GU

11:30 Local Authorities in England (KSL)
Karin Bengtsson, Head of IT Forum (KSL), Stefan Svensson, IT Strategist, City of Stockholm, and Björn Söderlund, IT strategist Lidingö City

12:00 Case Study – Pharmacy Services Ltd
Speakers from the Pharmacy Service AB

12:30 Lunch

13:30 Swedish e-identification
Nils Fjelkegård, E-ID Board

14:00 Market – users and email service providers’ preferences
Staffan Hagnell,. SE
Summary – Is it time to add the next gear in our identity federation?
Thomas Nilsson, Certezza

14:30 Coffee

15:00 Common discussion – Identity federation for what and whom?
The discussion is led by Rolf Lysell, Innotiimi AB
- For which services and users?
- What are the opportunities for cooperation and how we continue the work?

17:00 End

Event details: http://bit.ly/nwzIC9
Complimentary Registration
Location: Finlandshuset Konferens, Snickarbacken 4, Stockholm

Catch the round up of recent updates from Kantara Initiative:

• Authorization Standards Workshop at Burton Catalyst San Diego, July 27, 12:30-2:30pm
• Merger of Kantara’s IdP Selection WG into ULX WG
• Kantara Initiative Meeting, Oct. 19-21, Paris, France hosted by Orange-FT
• Kantara Initiative announces the formation of the Federation Interoperability Work Group (FIWG)
• Kantara Initiative Announces Identity Assurance Framework 2.0
• Announcing Yasuhisa Sakamoto & Toshihiro Suzuki as Kantara Initiative’s Japan WG co-chairs
• Kantara Initiative Engages Drummond Group to Manage Global Interoperability Program
• Comparing OAuth and UMA – by Eve Maler
• Kantara speakers featured at Burton Catalyst Prague, June 21-24, 2010
• Kantara Initiative Webcast via BrightTALK: Identity Assurance Frameworks within Federated IAM Systems, May 6 - listen and view the audio of this Webcast
• Catch up on recent activities at industry events: UMA at EIC 2010, IIW X round-up
• What exactly is “open” in Open Identity?
• Industry events – contact Dervla O’Reilly regarding discounted conference rates: pii2010, August 17-19, Seattle, Hacker Halted October 9-15 Miami, WHIT 6.0 Nov. 8-10 Washington D.C., Gartner Identity & Access Management Summit November 15-16 San Diego

Written by Mike Kirkwood. Read the full article.

On behalf of Frank Villavicencio, chair of the Identity Assurance WG.  Also published at Frank Villavicencio’s blog page.

First off, I would like to would like to express my sympathy to those affected by the terrible earthquake that hit Chile this past weekend.

Envio mi palabra de aliento y de optimismo al pueblo Chileno. Tengo muy buenos amigos Chilenos y a todos les deseo lo mejor en vista de estas circunstancias, a sus familias y a todos los afectados… Las cosas de Dios son sin duda alguna indescrifrables.

In this blog post, I would like to share with you some recent developments in the world of identity assurance, which as you know from my recent blog posts: “Identity Assurance, an everyday life issue” part 1 and part 2, is a top of mind issue for me and for us here at Identropy. Quite frankly, I could not hope for better timing for these blogs to come about.

On Friday February 26th, 2010 the US Federal Government’s Identity, Credential, and Access Management (ICAM) Trust Framework Evaluation Team (TFET) reviewed Kantara Initiative‘s latest submission and granted it Provisional Approval as a Trust Framework Provider at Levels 1, 2 & non-crypto Level 3 under the Open Identity Solutions for Open Government program.  The removal of the provisional status will hinge on the release by TFET of additional guidance for assessors concerning privacy and Kantara’s adoption of this guidance.

This is for me an extraordinary milestone, not only in my role of Chair of the Identity Assurance Work Group, but as an identity assurance activist altogether.  Kantara submitted its application for the US Federal Government adoption of the Identity Assurance Framework (IAF) in November of 2009. Prior to that date, the IAWG has been working very hard, collaborating with Kantara and the Assurance Review Board (who oversees the Kantara Initiative Identity Assurance Certification Program) to achieve this important goal (albeit still under provisional status).

The significance of this milestone is that it represents an important step towards fostering the adoption of identity-enabled Government services at known levels of assurance, relying on identity credentials issued and managed by non-Government parties (referred to as Credential Service Providers in the IAF). It will create the right conditions for the certification program to be adopted in real-life scenarios and for the industry to benefit from a proven, best-of-breed certification program that effectively enables interoperability and trust. This means that the IAF will not be just a “paper” standard, incarnated in a compendium of documents, but an actual technology-agnostic program that organizations can certify against.

With the adoption of risk-based models, identity federation can achieve Internet scale, and facilitate public access to online information at specific levels of assurance.  With adoption will also come economies of scale and further collaboration and interoperability across industries and Governments.

As someone who has been involved in identity management and identity assurance for quite some time, I cannot help but feel excited about the times I live in, and optimistic about what is to come.

I do anticipate and hope for more endorsements of the IAF in the near future by other organizations, and more importantly, the start of a paradigm shift in the way we all think about identity, both within the Enterprise and in a federated environment.  Ultimately, this path will allow the identerati to focus on the real end goal: delivering identity-enabled solutions and services with the level of trust and confidence that is appropriate for the transactions being performed.

But this is just a first step…

Frank

In Jose Manuel Barroso’s recent reshuffle of the European Commission, there were a couple of moves which bear some further inspection, from a privacy/identity perspective.

The former Commissioner for Information Society, Viviane Reding, is promoted to one of the Vice Presidents of the Commission, and given a new portfolio as Commissioner for Justice, Fundamental Rights and Citizenship. She has also been given the task of overhauling the Data Protection Directive (now 15 years old…).

Her former role passes to Neelie Kroes, who was previously Competition Commissioner (and oversaw, for instance, some of the Commission’s fiercest battles with Microsoft – on media player bundling, IE/Windows bundling, publication of technical interoperability documentation, Microsoft Office “Open” XML, and so on, and so forth…).

She has a reputation for being able to dive into the detailed technicalities of a brief, and for being extremely tenacious in pushing towards her intended goal.

There’s no doubt in my mind that, had the task of reviewing and revising the Data Protection Directive been left on the Commissioner’s desk at DG InfoSoc, Dr Kroes could have taken it on with competence and determination… which leads me to wonder what the implications are of Commissioner Reding taking it with her to her new role.

With the background of her four years heading DG InfoSoc, Commissioner Reding should have all the subject-matter expertise needed to make a proficient job of revising the Directive. However, what is perhaps more significant is the departmental context in which she will now undertake that work.

Instead of doing it from within DG InfoSoc, she will now do it in the same DG as is responsible for programmes such as this; the development of a framework for a European society based on notions of fundamental rights and rights derived from EU citizenship.

That suggests to me that, if anything, the revised DP Directive will be founded on even stronger links to notions of fundamental human rights and the social/citizenship context.

I foresee some lively discussions of principle between the EU and its partners, particularly where those partners either take a different view of what are fundamental rights, or of how great a role they should play in determining policy on the processing of personal data.

If Commissioner Reding wished to live in interesting times, I think her wish may have been granted.

Yesterday The Identity Theft Prevention and Identity Management Standards Panel (IDSP) released a workshop report calling for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft. This is work Kantara Initiative supports and looks forward to continue our engagement with as this standards effort progresses to the next level. I serve on the Steering Committee of IDSP and I’d like to commend Jim McCabe, Graham Whitehead and the other contributors for their excellent work.

I’m writing this post from Washington, D.C. where I’m speaking at the Smart Card Alliance’s 8th Annual Smart Cards in Government conference. Yesterday I was on a panel here with Dan Combs, Brian Zimmer, and Tom Lockwood where we had the opportunity to highlight this important milestone in the standards-setting process for identity vetting & proofing. This is an important standard that will improve the efficacy of Kantara’s own Identity Assurance Framework since our Service Assessment Criteria for identity proofing is dependent on source documents (aka “breeder documents”). This new standard that will be developed based on the impetus of yesterday’s ANSI Report will improve the reliability of breeder documents.

Perhaps the most far-reaching benefit of this report’s recommendations will be on the stability of the consumer identity ecosystem that all “online” Americans find themselves in today. In order for electronic credentials like username & password, or more secure credentials like OTP devices or Smart Cards, to trusted at the highest levels of assurance, they must be properly bound to the identity of the user. Our Identity Assurance Framework standardizes a way of doing this but is largely dependent on the validity of the source credentials used during the enrollment process. This is why we support the IDSP efforts to improve the validity of all source credentials issued in the United States, and will support this work moving forward as the foundation for an international standard in this area.

I recently attended a very engaging lecture at the London School of Economics (LSE) by Prof David Lyon – who spoke about “Identity as Surveillance – Security, Surveillance and Citizenship”.

I do hope he subsequently saw this article from the BBC, on the opening day of the Labour Party Conference: “Lord Mandelson denied entry to conference“, because I’m sure it would give him a good laugh.

Apparently, the Noble Lord, First Secretary of State, Secretary of State for Business, Innovation and Skills, President of the Board of Trade and Lord President of the Council could not, initially, get into the conference because there was a problem with his pass. Maybe they couldn’t fit his title onto it. The press were naturally quick to savour the irony that Peter Mandelson, the man perhaps most identified with New Labour, should be unable to identify himself to the satisfaction of the party’s gatekeepers.

What this has to do with Prof Lyon’s talk is this: one of his themes was the way in which identity systems (particularly national ones) permit, enable and encourage judgements to be made about individuals on the basis of “actuarial criteria”, even if other methods would be more reliable (and more respectful of personal privacy).

An example Prof Lyon gave was this: research work by John Taylor and Miriam Lips (full text of paper available online here) investigated the use of online identity data by the DVLA ([UK] Driver and Vehicle Licensing Agency) when someone applies online for a driving licence. The researchers noted that the DVLA submits the applicant’s details to the credit reference company Experian, which attempts to corroborate the applicant’s identity assertions by matching them against databases of Credit Applications and Addresses. Experian then applies a weighting which assigns a ‘trust score’ to the applicant’s assertions, based on the apparent quality of the applicant’s digital footprint (as revealed by the database enquiries). These actuarial measurements are then used by the DVLA to govern the subsequent processing of the application transaction.

Prof Lyon’s point was that this ‘trust score’ mechanism goes beyond a simple assessment of whether or not the applicant’s address can be corroborated. The score is enhanced more, for instance, if the applicant’s records indicate that they have had a lot of interactions with clearing banks, than if the indication is that the applicant has had a lot of interactions with mail-order companies.

The implication of this is that subsequent processing of the DVLA application is determined not just by past records, but by inferences based on supposed future behaviours of the applicant – whether or not those inferences are in fact accurate.

Basically, this is what starts to happen, the more you architect systems on the basis of actuarial criteria in support of the categorisation of individuals, and the more you remove notions of human judgement and discretion from the process. Admittedly, that’s not always a bad thing – after all, humans are fallible too. But if you design humans into the process rather than out of it, you get fewer embarassing incidents such as the sight of Labour’s “eminence grise” being locked out of his own conference…

Applications in the global identity, eCommerce, eGovernment, social networking and telecom sectors win Identity Deployment of the Year Awards

Las Vegas, NV – September 15, 2009 — Kantara Initiative, a global identity community working to solve harmonization and interoperability challenges among identity-enabled enterprise, Web 2.0 and Cloud applications and services, today announced that six applications have won a 2009 IDDY (Identity Deployment of the Year) Award. The IDDY Deployment award winners include Google and Plaxo; Signicat; and the U.S. Department of Defense.  The winning IDDY Proof of Concept (POC) awards include fun communications; Gemalto and Vodafone; and NRI, NTT and Oracle. The IDDYs were presented today at CSO magazine’s Digital ID World 2009 in Las Vegas, NV. 

“Winners of the 2009 IDDY Award reflect the evolving identity landscape, where applications are leveraging a wide range of protocols and collaboration is key to moving the global identity industry forward,” said Brett McDowell, executive director, Kantara Initiative. “With more joint submissions than any other year and nominations spanning industries and regions, we congratulate the six winning applications from ten different organizations for demonstrating some of the most innovative and diverse identity solutions in the marketplace today.”

Now in its fourth year, the IDDY program has grown within Kantara Initiative to recognize the individuals and organizations developing identity-enabled applications built using any open identity technology. Judges evaluate nominations based on criteria that include the benefits applications deliver to communities, businesses, governments and people; the ROI the application demonstrates; and how the solution may successfully address identity issues such as reducing identity theft, meeting regulatory requirements, and providing users with increased security and privacy protection.

Winners in the Deployment Category:

Google and Plaxo – Google and Plaxo have won an IDDY Deployment award for their collaborative work in the development of a “hybrid onboarding” solution designed to increase the success rate of users finishing the registration process with a social network. The solution uses a combination of open technologies referred to as the “OpenStack,” which includes OAuth, OpenID, Portable Contacts and XRDS. Because the implementation uses open technologies, the solution can be easily replicated by others to optimize onboarding between any OpenID Provider (OP) and Relying Party (RP) pairing.  With a success rate of 92 percent, the application enhances the user experience while providing increased security and privacy protections. The service was deployed by Google and Plaxo in early 2009 and is currently available to hundreds of millions of Google users. A presentation reviewing the application is available at http://tinyurl.com/ok8u9x

Signicat – Signicat has won an IDDY Deployment award for the development of an online hosted Identity Provider that is offered as a managed service to private and public sector enterprises and organizations in the Nordic Region (Norway, Sweden, Denmark and Finland). The service acts as an intermediary to provide organizations with easy and secure access to the region’s eID (electronic ID) infrastructure. The solution supports SAML for strong authentication and SAML and OpenID for Web Single Sign On, as well as eSignature for workflow and long-time archiving of signed documents. The Identity Provider went live in October 2005, and is currently used by approximately thirty organizations giving access to over 12 million pre-authenticated identities. More information is available at www.signicat.com.

U.S. Department of Defense – The U.S. Department of Defense (DoD) has won an IDDY Deployment Award for SPOT (Synchronized Pre-Deployment and Operational Tracker), a Web-based enterprise networking solution used by the DoD for precise tracking and management of assets supporting US forces deployed overseas. The contractor cross-credentialing with SPOT has been developed and launched in collaboration between the U.S. Department of Defense and the Federation for Identity and Cross-Credentialing Systems, Inc. (FiXs). The system recognizes identity credentials issued by various government entities as well as compatible, standards-based, certified identity credentials issued by industry to support identity-based transactions between the U.S. Government, various international coalition governments, and supporting industry contractors and suppliers. SPOT provides visibility into contingency contracts accounting for 10,439 companies and 3,783 active contracts, with the system currently supporting more than 12,650 end users. More information is available by visiting http://www.bta.mil/products/spot.html and http://fixs.org/.

Winners in the Proof of Concept Category:

fun communications – fun communications has won an IDDY in the POC category for the development of its WebCard Loyalty solution, a public portal that can be used worldwide. WebCard Loyalty let’s anyone create their own customer loyalty system for the Internet using “virtual loyalty cards” and is based on Information Card Technology. The application combines user-centric identity management and customer loyalty programs such as bonus points, coupon promotions and discounts on partner websites, into a single application. Retailers and portal operators can issue their own virtual loyalty cards that can serve as a reliable means of authentication and authorization. The portal can be adapted to meet individual requirements, and is suitable for issuing all types of virtual identification cards such as student ID cards, library cards and discount cards. More information is available by visiting http://www.fun.de and http://www.webcard-loyalty.com.

Gemalto and Vodafone – Gemalto and Vodafone Group R&D have won an IDDY in the POC category for the development of a solution that adds strong authentication capabilities to OpenID using a Universal Integrated Circuit Card (UICC, typically a SIM card) inserted in a handset or inside a USB token, and is using either public key infrastructure (PKI) or a one-time password (OTP) as the underlying authentication technology. The application allows the use of distinct devices to access the service and to authenticate. The UICC (SIM) is used as a networked cryptographic computer exposing authentication services accessible via IP protocols. This provides users with new and convenient options for securely accessing OpenID-enabled sites from devices such as a PC, handset or game station.  Mobile network operators could offer a service to allow end users to leverage UICC-based OpenID single-sign-on to secure access to Web applications. More information is available by visiting http://www.betavine.net.

NRI, NTT and Oracle – NRI, NTT and Oracle have won an IDDY in the POC category for an application that demonstrates the possibility and practicality of achieving policy interoperability between OpenID and SAML. Both technologies include mechanisms designed to carry identity assurance information; OpenID uses the Provider Authentication Policy Extension (PAPE), while SAML uses its Authentication Context. While the two mechanisms are logically similar, until this proof of concept, they had not been demonstrated to be compatible. The application demonstrates how the number of services where an existing OpenID or SAML credential might be used could be effectively increased. A presentation reviewing the application is available at http://tinyurl.com/q5egag

This year’s winners join the growing list of IDDY Award recipients who have been at the forefront of successfully addressing some of the most challenging technology and policy issues in the global identity sector, with each winner delivering unique benefits to organizations and users. Previous winners of the IDDY include Aetna, Citi, Deutsche Telekom AG (a two-time winner), eBIZ.mobility, EduTech, NTT Labs, UNINETT, the New Zealand Government, Rearden Commerce and the UK Government Authentication Gateway. Kantara Initiative will issue the call for nominations for the 2010 IDDY Awards during 2Q 2010.

About the Kantara Initiative 2009 IDDY Award Judging Panel

The following individuals served on the 2009 Judging Panel: J. Trent Adams, trust & identity outreach specialist, Internet Society and chair of the Kantara Initiative Leadership Council; Mike Beach, CISSP, chief security designer, information security, The Boeing Company; Bob Bragdon, Publisher, CSO magazine; John Fontana, senior editor, Network World; Gerry Gebel, VP & service director, identity and privacy strategies, Burton Group; Paul Madsen, chair of the Kantara Initiative ID-WSF Evolution Work Group and identity standards researcher, NTT; RL Bob Morgan, senior technology architect, University of Washington; Nat Sakimura, senior researcher, Nomura Research Institute (NRI); Toby Stevens, director, Enterprise Privacy Group; Roger Sullivan, president of the Kantara Initiative Board of Trustees, president of Liberty Alliance and vice president Oracle Identity Management; and Phil Windley, founder and chief technology officer, Kynetx. Panelists recused themselves from judging in categories where their organization had submitted a nomination. More information about the IDDY Award’s is available at http://tinyurl.com/ldteb2

###

The Kantara Initiative yesterday announced the formation of the Identity Assurance Review Board (ARB).  This is a tangible example of the Kantara Initiative delivering on the non-technology related, identity meta-issues that I alluded to in my last Kantara Initiative blog.  

I think in a few years we will look back to this and see it as a key step toward making the Internet a more useful and safe place for conducting commerce.  And when I say commerce I don’t mean just buying and selling stuff on the Internet. I mean using the Internet to provide the underlying wiring for cross-organizational ecosystems – supply chains, distribution partnerships, outsourcing – all needing to operate in real-time and without organizational boundaries getting in the way. 

That is a place where I believe tremendous economic value is currently trapped – between organizations.  I believe this inter-organizational friction holds back billions of dollars in potential value.  Organizations certainly do interoperate today using the Internet as the communication network, but it is currently way too hard, expensive, and slow to make this happen for large value release.  The force of friction won’t let this ball really start rolling.

Why is this type of commerce hard?  In part it is due to the existence of non-standard technologies and APIs on both sides which are tricky to integrate.  But this issue is fading with standards and APIs which often leverage XML.  So in many ways the technology hurdles for interoperation on the Internet have been addressed. 

What hasn’t been sufficiently addressed is trust and the establishment of trust.  If you are with an organization that would like to interoperate in real-time with your 100 distribution partners, a key problem is how you establish and enforce trust across this particular ecosystem?  And it needs set it up in days, not years. 

Today we don’t even have a common way of communicating certain facts which can lead to the establishment of trust, let alone the fast establishment of trust itself.  If we solve this in a widely deployable way, the tremendous economic value I mentioned can be released.  More grease will be applied to this friction problem through the establishment of the ARB.

Check out Matthew’s blog at  http://tinyurl.com/ner8cf

http://informationanswers.com/?p=386

I’ve been doing some thinking in advance of getting stuck into the development of open standards for User Driven and Volunteered Personal Information. That work is being done here if you are interested in joining in. I’ve been thinking mainly about how best to explain what happens to buying processes and sales processes when volunteered personal information is added to the mix (underpinned by the personal data store/ My Data as set out here).

Here’s my stab at that explanation. I need firstly to set out a view of how things currently work – that’s in the first diagram below with individuals/ high level buying processes on the left, and organisations/ high level selling processes on the right. In short, at present, buyers and sellers largely do their own thing/ practice non-automated selective disclosure prior to engaging in an actual customer/ supplier relationship. That is structurally the best option for a buyer, certainly in terms of reducing complexity and protecting negotiating positions for more expensive/ complex purchases – but it does lead to a lot of guesswork; the buyer typically evaluates multiple options before deciding on one – that’s part of the guesswork referred to in the diagram below. This ‘one step removed’ approach is not the best option for the seller – which is why they try a wide range to tricks to have the potential customer engage with them. That would appear a sensible practice, but in reality it tends to fill up the ’sales funnel’ with many potential customers who actually have no right nor reason being there – and why direct marketing conversions from prospect campaigns are often well below 1%. That’s the the other part of the guesswork in the diagram. At the relevant point in the process, the customer chooses one of the supply options and decides to commence the customer-supplier relationship; the other suppliers fall by the way side/ wonder what’s happened. But those who lost out, because they don’t have the information to do otherwise, keep on turning the marketing handle – lot’s of waste comes from that area.

Moving through the process, commencing the supply relationship in the current mode means interacting on a supplier run platform, and signing up to supplier generated terms and conditions (or going elsewhere to another supplier silo/ get the same result). What that then does is put the organisation unilaterally in charge of processes and process improvement around relationship management. As a historical note, in my view this is where CRM ‘went wrong’ in the widest sense – at least in part because many deployments occurred during the economic downturn in the early 2000’s. It moved from a having been brought in as a platform for driving improvements in the customer experience, to being run as a platform for cost cutting and for risk managment; e.g. the drive to automated processes such as web based customer self-service, offshoring contact centres. Sometimes this automation worked for customers (e.g. online banking), in many cases all it did was move the waste/ inefficiency onto to the customer. Of course what then happened was that customers took their business elsewhere, where they had that choice/ a better option, or stayed but with reduced levels of satisfaction – crazy in that customer retention and satisfaction improvements were almost certainly key drivers for the original CRM business case.

So, the current process does not work that well; the sales process cannot be optimised much further within the current tool-set . But options for improving upon this are now emerging – and not through pedalling faster within the organisation/ the selling process; it comes from building capability on the buyer side/ enhancing the buying process. (note the clear parallel with how selling professionalised in the B2B world when professional procurement and its processes emerged, and also that in the B2B world deals are often concluded and managed on the customer side systems).

The first thing to note in the updated diagram below is what the individual brings to the party (via their personal data store/ user driven and volunteered personal information. They bring the context for all subsequent components of the buying process (and high grade fuel for the selling process if it can be trained to listen rather than shout). By ‘context’, I mean the combination of a wide range attributes that describe the individual and their specific buying situation. This would typically include their needs, their current understanding of how their needs relate to products/ services, their location, their existing supply relationships, their preferences (brand, colour), their role in the decision-making process, their timescales, how much they wish to/ are able to spend, when they wish to buy. In other words, the individual’s context bundle is what much of the early part of the sales process is actually trying to figure out – but can’t get access to as the individual has no current incentive to release it in full. The best an organisation can do at present is strategic segmentation of their market (differentiating products or services based on aggregated customer requirements), and tactical segmentation of their messaging content, communications channels, sales outlets or pricing. Then it’s over into guesswork mode – can we put our messages out in the right places to attract our potential customers and suck them into our sales process…..

The other adds to this second diagram are the ten numbered boxes, reflecting that the improvements we make to the buying process through user driven and volunteered personal information will impact differently at different points of the buying/ selling process. These ten areas are substantive enough to each require a post of their own, so for now i’ll list them out at the high level below the diagram and come back to them in more detail as the standards work unfolds.

User Driven and Volunteered Personal Information Enabled Improvements

1. Search/ Target (sometimes referred to as the Personal RFI, i.e. Request for Information) – through the individual bringing much richer context data to the table, suppliers prepared to engage with these new buying support tools will find that their targeting becomes much more precise, better enabling them to find potential customers whose needs closely match the unique selling propositions in the organisations product/ service offering. In turn, individuals will find that the options made available to them have been pre-qualified to fit their context (to whatever level of detail they have shared). Note – at this stage my assumption is that individuals will be engaging anonymously/ pseudonymously as there should be no need to share personal data in this part of the process. It is likely that new inter/ infomediaries will emerge in this space, acting as the individuals buying agent (4th party/ user driven services).
2. Find (engage)/ Enquiry Management (sometimes referred to as the Personal RFP, i.e. Request for Proposals)  – through having brought richer data to the table in the preceding phase the individual will now be talking to pre-qualified suppliers (and vice versa), with the qualifying data from both parties available for use in the interaction. Typically this interaction will be about having a more refined/ detailed discussion about a need/ requirement/ solution axis – potentially involving either or both parties asking for more detail, including possibly verification of data asserted in the search/ target phase. It is likely that new inter/ infomediaries will also emerge in this space, quite possibly spanning the Search and Find requirement for individuals and done from the perspective of enabling the individual to buy solutions to their needs rather than the components which they subsequently stitch together themselves.
3. Negotiate – In this stage the individual is talking to one preferred solution option and getting down to the actual proposed ‘deal’ and the terms and conditions around that – provided by either party. Improvements in this area are likely around improved transparency of terms and conditions, initiated by the individual being much clearer about their requirements, and having access to comparison tools earlier in the process. ‘Reputation’ management tools will also come into operation as the individual shares what they find out about suppliers.
4. Transact – I would expect payment intermediaries/ financial services providers to find creative ways to engage with/ be driven by VPI enabled services; there is certainly much potential for reduction in credit card fraud and card related identity theft from using the much higher levels of identity assurance that will become the norm in a VPI enabled data-set.
5. Welcome – This ‘relationship set up’ phase is typically about both parties getting to know each other, i.e. getting products/ services bought set up and configured, ensuring any ongoing account management/ billing is up and running smoothly. In the VPI enabled world this phase won’t change too much in the short term as it will still run mainly on supplier systems – but in the mid and long term i’d expect it to shift to a genuine user-centric architecture which will see the individual ‘welcome’ the new supplying organisation to their personal supply network/ federation.
6. Relationship Servicing – This is what would typically be called customer service, i.e. fixing basic operational/ service delivery problems and dealing with ad hoc issues that come up such as change of address/ change of contact details/ change of payment details. As VPI enabled tools increasingly emerge, i’d expect this whole ‘change of’ to migrate to the ‘my suppliers follow me’ approach rather than the individual have to run around updating silos as per the current model.
7. Relationship Development – This typically includes the ‘cross-sell/ up-sell’ much beloved in the CRM business case. This stage will change in the VPI enabled world, much for the better. Customer service will be provided within the context of the individuals existing solution set rather than that little snapshot of it that the supplier currently sees/ is interested in. In turn that will mean that cross-sell and up-sell will be not only be much more informed, but it will also be much more welcome from the individuals perspective – because it is now laser sharp, and running within a more equitable customer/ supplier relationship (partnership).
8. Manage Problems – This stage is only reached if a significant problem emerges in the customer/ supplier relationship; typically this involves escalation beyond tier 1 customer service (and an increasingly frustrated/ angry/ upset customer). I don’t expect the VPI approach to have a high impact in this area, although improvements further up the process might have a knock on effect rendering this stage less painful if/ when it occurs.
9. Manage Exits – Exits can and will happen, either permanently or for a period of time. They may be caused by significant problems that emerged, or by a change in the customer need, or in their circumstances (their context has changed). Less frequently, a supplier will wish to leave a market or terminate a product/ service line and thus exit those relationships affected. In the VPI world, i’d expect there to be more information around impending exits and reasons for them – some of which will enable creative supplier responses. Along with relationship development, i’d expect improved customer retention to be one of the major wins for the supply side in the VPI world – but the plumbing and mechanics for that have stilled to be worked out.
10. Re-engagement – This stage might be known as ‘win-back’ in CRM speak, and involves the lost customer being targeted with appropriate offers to return. For the individual this return to the fold might be as a result in a time-driven change of context, or that the ‘grass was not greener on the other side’ – as is often the case in utility service swaps away from an incumbent that has retained quasi-monopoly advantages. In any case, the point being made here is that in the volunteered personal information scenario, the individual would be in position to retain and share the knowledge of the prior relationship – which many current CRM architectures fail to deliver on.

So there we have it. Time to get back to working on that VPI plumbing!!!