Requirement NumberRequirement (Illustrative use case = complex/ relatively complex scenario's such as buying a car, planning a vacation)Underpinning logicImpact of UD & VPI on Buying a Car Scenario (high level, buyer perspective)Impact of UD & VPI on Buying a Car Scenario (high level, seller perspective)Requirement for Identity Assurance (in Buying a Car Scenario)Likely Relevant Technologies for Investigation (part complete)Points of ContactSpecific Queries
1Establish a persistent Digital Identity that I can use as my point of integration with the electronic realmUntil such time as an individual has access to a non-vendor controlled digital identifer then they will to some extent or other be dependent on that vendor for the management and use of the individual's personal information assets. At present, this capability is limited to advanced tech users (e.g. self issued/ managed open ID). It is possible for organisations to provide an individual with such a capability, but to be genuinely user-driven the principles of Data Portability would also have to be enshrined in the offer.Having this capability in place provides the PLATFORM for the car buyer to bring all of their relevant historic and current data to the table - this is 'plumbing level'.Open ID, XRI/ I-name, ID WSF Personal Profile Manager, SAML 2.0, HigginsOpen ID (David Recordon), XRI (Drummond Reed), ID WSF (Paul Madsen), SAML 2.0 (Eve Maler), Higgins (Paul Trevithick)Open ID for low value, Open ID
2Append persona to this identity to reflect different facets of / situations in my life (including anonymity/ psuedonymity)An individual only has one body/ brain, but multiple persona (facets of life, e.g. Husband, Father, Director, Citizen) which typically carry separate needs, wants and obligations, and which can have differing degrees of robustness, disclosure and longevity. To enable an individual in the digital world, we must deploy an architecture that supports this degree of complexity.The individual may be buying the car as an individual, a business owner, an employee with related discounts/ benefits. These persona may also be relevant across the related components of the entire car solution - which might include financing, insurance, parking permits, breakdown coverage, accessories and regulatory updates (vehicle ownership).All claims over and above a straightforward individual buyer may well require higer levels of identity assurance (level 1/ level 2 in UK parlance, level 2/ level 3 in USA). Precise impact likely to be a function of financial benefit of the assertion being made.XRI/ I-name, Database Management Systems (e.g. postgres, My SQL), HigginsXRI/ XDI (Drummond Reed), Higgins (Paul Trevithick), DBMS (?)
3Append/ link to data pertaining to me to my Digital Identity/ persona in ways that enable manipulation, aggregation & onward sharingAn individual typically does not have 'all of their eggs in one basket', either due to the different persona issued noted above, or because they wish/ need to to spread their supply relationships across multiple organisations. As such, by default the individual needs to draw on/ link to data in more than one silo in order to do the things they wish to/ need to do.In buying a car and the related solution components, an individual will have to draw on data (which may or may not be in digital form) from multiple aspects of life/ existing supply solutions - all provide the context for the car buying scenario. Relevant data would include home location, existing vehicle (if any), its ownership status, its value, new vehicle requirements (size, type, rough cost etc), brand preferences, colour preferences, pertinents dates/ timing requirements, available finance, cash flow and other purchases being processed in parallel. And, of course, there may be multiple parties involved in the purchase decision (e.g. husband and wife) with some differing preferences to be taken into account.Database Management Systems, RSS, XML, Screen Scrapers, XDI, Search maps (looking for right now, don't want to see), plug in for IE, tiddlywikiXRI/ XDI (Drummond Reed), DBMS (?), RSS (?), XML (Eve Maler?), Screen Scrapers (?)
4Enhance this data by adding context (derived variables, meta data, statistical info, inc enabling selective/ minimal disclosure)Data needs context and enhancement in order to become information. This meta data (data about data) can often enable the avoidance of disclosing or sharing the underlying data itself (e.g. I'm over 18 and I can prove it is a lesser disclosure than a full date of birth).When the above data is combined within the personal data store(s), it becomes a buying information bank for the individual for use throughout and beyond this specific sourcing exercise. This buying information bank might well include both structured and un-structured data. In terms of data enhancement added at this stage, it may include for example...that 'my current insurance provider is X and I rate them overall 5 out of 10', or 'i've bought my last 5 cars from Dealer X and i've always had great deals - but the servicing is very expensive'. This modus operandi is likely to include the individual being able to prove their buying intent without sharing their personal/ contact details - and thus begin the negotiation process from a stronger stand point than is available at present.Database Management Systems, RSS, XML, Screen Scrapers, U-Prove, XDI, Search mapsXRI/ XDI (Drummond Reed), DBMS (?), RSS (?), XML (Eve Maler?), Screen Scrapers (?), U-Prove (Stefan Brands)
5Enhance this data by adding second or third party verification, reputation, recognition at data attribute levelSome data attributes need to be verifiable in order to be most usable (e.g. licence to drive, age, credit limit). This is achieved by bringing data (with tamper-proof seal/ date & time stamp) in from/ linking to the legally authoritative source for the attribute in question.It will be useful in various stages of the buying process to use external data to smooth interactions and transactions. For example, the individua might wish to offer proof of their employment status, their income, their credit rating, or that they have specific funds in place for the car buying scenario. The supply side (manufacturer, dealer or other intermediary) might wish to offer verification of their own, their vehicle or the related solutions 'green' credentials, of of vehicle performance. This external data can be 'pinged' for a one time, tactical use, or copied to the indivduals personal data store for ongoing use (with time/ date/ source stamp).Database Management Systems, RSS, XML, Screen Scrapers, ID WSF, Higgins, XDIXRI/ XDI (Drummond Reed), DBMS (?), RSS (?), XML (Eve Maler?), Screen Scrapers (?)
6Enable, normalize, standardize my data to be aggregated with that of others (on my terms)Aggregation of data can bring useful benefits (e.g. aggregation of demand to improve a negotiating position) to the individual and to the recipient of the aggregate view.The above information and buying process support offers good value to the individual, but without standardisation of data is could be left as an island/ personal silo. When some/ all of the data within the buying support tool is standardised, it can then be opened up to the many possibilities offered by the open web.Database Management Systems, RSS, XML, Screen Scrapers, Higgins, XDIXRI/ XDI (Drummond Reed), DBMS (?), RSS (?), XML (Eve Maler?), Screen Scrapers (?), Higgins (Paul Trevithick)
7Find/ discover/ contact (through automated processes) suppliers able/ willing to accept VPI; screen out, filter, ignore suppliers unable to comply with/ respond to my terms and conditions. Find, categorise, validation (multiple validation)An individual should be able to 'raise a flag' to have an expression of demand or a desire for interaction noticed (discovered) by existing and potential suppliers. This discovery process should work on a 'computer to computer basis', and only respondents able/ willing to provide the sought service or interaction should be found.In the current modus operandi, car manufacturers and dealers target individuals with above and below the line (push) marketing to build awareness and solicit responses. In the UD & VPI enabled world, these messages will be 'pulled' by the individual only when relevant - leading to much less waste for all parties. Screening and tools may be used by the individual to filter out irrelevant messages from suppliers continuing with push marketing.ID WSF, XDI, HigginsXRI/ XDI (Drummond Reed), ID WSF (Paul Madsen), Higgins (Paul Trevithick)
8Initiate, establish a VPI sharing relationship, including contract signing; sharing can be a one off, time-limited, or ongoing basisA VPI sharing relationship can be instigated within an existing supply relationship as an amend/ extension, or at the beginning of a new supply relationship. This is likely to involve the signing of a contract by the organisation, either directly with the individual or via an agent working on behalf of the individual. Current assumption is that there will be a small number of contract options in order to increase usability, and that they be machine-readable in order to enable machine to machine communication. Creative Commons is an example of this approach. The contractual aspect is likely to mean that identity assurance is a requirement that technology must enable/ support in this area.In the UD & VPI enabled world, many more interactions and transactions will be 'machine to machine', with identity and other data attributes verified by those involved or by external parties as necessary. In the car buying scenario, most of the search/ filter/ negotiate/ transact cycle can be automated - but only when the organisation is able to engage contractually with the user driven or volunteered personal information. The rich, valuable data involved would not otherewise be released to the car manufacturers and dealers because in the current modus operandi this data would be used against the buyer in the selling process.ID WSF, XDI, Higgins, Database Management SystemsXRI/ XDI (Drummond Reed), ID WSF (Paul Madsen), Higgins (Paul Trevithick), DBMS (?)
9Assert conditions/ exceptions of use at the data attribute levelCurrent approaches to privacy legislation fail by operating at too high a level…at the level of principle rather than specific practice. This is not an acceptable level of protection for VPI to flow (as evidenced by the fact that it does not flow freely at present); VPI requires contracted terms of use at the individual data attribute level (although these can be grouped where helpful).An individual might, for example, allow their contact details to be used for the purpose of a specific car buying scenario, but mandate that it then be removed from marketing databases and not used for further communications.ID WSF, XDI, Higgins, Database Management Systems, CARML, AristotleXRI/ XDI (Drummond Reed), ID WSF (Paul Madsen), Higgins (Paul Trevithick), DBMS (?), CARML/ Aristotle (Phil Hunt)
10Build and maintain my list of VPI contracted relationships; monitor reputations of entities on my list of relationshipsThe individual must have access to a largely self-managing list of VPI contracts in place. A sub-set of this issue is the data management task of accessing and managing the oft-changing list of supply organisations.The individuals UD & VPI audit file would build a record of what volunteered information had been shared under which conditions with which organisation.XDI, Higgins, Database Management SystemsXRI/ XDI (Drummond Reed), Higgins (Paul Trevithick), DBMS (?)
11Undertake VPI sharing activity, including acknowledgement of receipt, maintaining updated history and an audit trailUnder established contracts, VPI should flow through technologies which recognise the value of the asset - including acknowlledging issue and reciept at all appropriate points. A full, detailed audit trail with date and time stamps on each attribute shared (including what it can be used for, how long it can be kept and under contractual terms).User driven and volunteered information would flow, often on a machine to machine basis - according to the preferences of the individual…………... Zero click ordering!!!!!!Information Cards, Cardspace, XDI, HigginsInformation Cards (charles Andres), Cardspace (?),XRI/ XDI (Drummond Reed), Higgins (Paul Trevithick), DBMS (?)
12Receive payment (financial, loyalty offers or otherwise) for VPI sharingAs per other asset transfers, VPI sharing can and will be accompanied by payment from recipient to give (governed by the aforemention contracts). In some cases cash payment may not be required (payment in kind will be an option - e.g. improved service, premum access to services etc). Micropayments may be required for low value transactions, and management of VPI accounts a core capability.Car dealers regularly pay over £500 per converted vehicle sale in the current model. In the UD & VPI model, this might reduce to £400 (for example), with £375 of that flowing to the buyer (as cash payment or discount), and the remainder made available to intermediaries and market makers.Transaction processing engines, CRM systems, account management systemsTransaction processing engines (?), CRM systems (Iain Henderson), account management systems (?)
13Implement Audit schedule to determine whether VPI contractual commitments have been/ continue to be met by recipient (including use at data attribute level)VPI contracts must be enforceable and this will require an audit and compliance programme; this will be technology enabled (supported by the logging of all VPI sharing at detailed levels).The ability to audit suppliers for contractual compliance would be a contractual requirement; it is likely that outsourced services would emerge to enable this.Information Cards, Cardspace, XDI, Higgins, ID WSFInformation Cards (charles Andres), Cardspace (?),XRI/ XDI (Drummond Reed), Higgins (Paul Trevithick), ID WSF (Paul Madsen)
14Terminate, suspend, penalize a non-compliant or no longer relevant data sharing relationshipMost supply relationships come to a logical end, some because the supply organisation does not meet contracted requirements (inc VPI contracts). In this situation, VPI contracts will be terminated, this should be supported by VPI technology standards and protocols.An individual would have sole control over functions that would terminate a UD & VPI sharing relationship at any point in time. What this means for historic data created would be part of the contractual terms and conditions.Information Cards, Cardspace, XDI, Higgins, ID WSFInformation Cards (charles Andres), Cardspace (?),XRI/ XDI (Drummond Reed), Higgins (Paul Trevithick), ID WSF (Paul Madsen)
Kantara Initiative - User Driven and Volunteered Personal Information Working Group 2009