VPISIG20090108

Jump to: navigation, search

VPI SIG Teleconference
January 8th, 2009
Author: Joni Brennan

1. Legal Review Discussion

Iain discussed the possibility of some volunteer lawyers reviewing the VPI use cases and offering their opinion on the practical deployment of VPI from the legal perspective.

Q. Is there any barrier to an individual granting themselves a digital identity? No – no legal barrier exists.

Q: How similar does the question regarding control of digital identifiers need to be to the real world? To work in the real work market there needs to be a bit of concreteness to it.

Q: How would it be if a user created their own master identity which they could append to different types? No problem (uptake/ use by supply side is the issue)

Q: If the issue is VPI is there any barrier to the individual or the agent formalizing under contract? No – no barrier

Legal Ownership of Databases: Basically - If you build a database there’s a part of law that says that the fact that you put the time and effort in to building it – basically it’s yours. So time and effort = your value = ownership of the database. Even if someone gives you the tools to build the database, it’s still yours because of the time and effort you put in to it. This is known as ‘Database Rights’.

5 contract types were discussed, although whether that becomes 1 contract with 5 clauses, or something different is up for research and debate.

5 Contract Types

  1. Anonymous
  2. Known – filling out some forms etc
  3. Relationship start up – bulk of relationship data is put in place
  4. Relationship maintenance – updates to Relationship information
  5. Mutual Benefit through shared information

Product Development

  • Companies either rely on no data or small bits of data
  • What we’re talking about has potential to be very helpful to the company and the consumer by having information available and earlier

Q: Has anyone tried to explore the concept of aggregate or anonomize in this discussion? The lack of clear definition of aggregate may keep people from sharing their information.

Anonomize – have a degree of anonymity on an on-going basis.

EU laws are moving toward the understanding that IP address is PII (Personally Identifiable Information).

Suggestion: Identify single set of Terms of Service that are in the benefit of the individual and work to standardize that as a universal commercial code of sorts.

7 Building Blocks Needed for Traction for VPI

  1. A value exchange aimed at creating a win-win scenario, i.e. the individual, the supply organization, and potentially an intermediary all benefit from the exchange.
  2. One or more open technology standards or platforms that enable end to end generation, management, sharing and acceptance of volunteered personal information between an individual and an existing or potential supplier organization.
  3. A series of binding contracts setting out the terms and conditions under which volunteered personal information may be shared
  4. A series of machine readable/ discoverable icons associated with each contract type.
  5. A compliance programme through which organizational adherence to signed contracts is monitored.
  6. An audit mechanism enabling compliance monitoring to directly assess organizational adherence to the terms and conditions of volunteered personal information contracts.
  7. A good practice seal allowing organizations to publicly assert their compliance to the terms and conditions of volunteered personal information contracts.

All 7 need to be seen and developed as a single programme of work, at the end of which we would expect a VPI ‘data class’ to be in place with the necessary definitions, technology standards and legal contracts in place. This would apply globally, although deployment may work best on a country specific basis. There are many analogies with the Creative Commons process/ deployment.

Review what the SIG can complete.

Deliverable: ‘Building of Contracts’ – need a Liberty EG to work with to publish this. Perhaps IAEG or Policy

Discussion of various law firms of interest or who have expressed interest to review.

2. Charter for 2009

Point to note: Expert Group charters are more specific than SIG charters. VPI can start to think about changes they’d like to include in a charter revision.

3. Deliverables

White papers discussed things that need to be in place to form Trust agreement.

Action: Brett to fwd Liberty released trust agreement based whitepaper to the vpi sig list.

Q: How does a non technical person get their mind around CARML, SAML etc? Case studies are good example of ‘what’s been done’.

POSSIBLE VPI DELIVERABLE: CARML explanation or primer

CARML is not final yet and still needs work – contact there is Phil Hunt (Oracle). Additionally, there are discussion lists on openliberty.org dedicated to the discussion of IGF and related components (CARML).

4. Other Business

Q: Is it possible to schedule a working session for VPI? Group agreed that a Santa Clara F2F would be a beneficial location. Also, Identity Assurance will be meeting in Washington week prior to Santa Clara. Both dates are approaching quickly. No confirmation of session.

Adjourn

Retrieved from "http://wiki.projectliberty.org/index.php/VPISIG20090108"
Personal tools