Dropsafe

by Alec Muffett

Take control of and share your own data, your personal data, with VRM

A little project that I am helping out with in my spare time, creating a new way for people to share information with companies, vendors and friends but shorn of all the federated-knowledge-based-identity-crypto-bullshit.

Power to the Persons redux

Technical outline: the feeds-based VRM concept is for you to be able to manage, manipulate and share information – e.g. hotels you have visited, flights you have taken, wines you have enjoyed – using a pluggable web-based software platform similar to WordPress or Movable Type; however unlike those tools which deal with free-form blog posts, instead your data is be stored as objects (encoded in pertinent open-standards formats) which are then “shared” via secure, self-referential, closed and authenticated ATOM or RSS feeds that can be read, aggregated or further processed by “subscribers” whom you authorize via your “friends list”.

The effect is: your data is held in one place and is authoritative.

Your subscribers can see it. When you change it, your subscribers will see the changes.

No longer will you need to tell people when you change your address. They’ll already know.

See also the beta white paper on Google Docs.

Comments

4 responses to “Take control of and share your own data, your personal data, with VRM”

  1. Darren

    At issue isn’t who you directly share your data with but who those whom you share it with forward it on to and so on.

    For example, often credit card data is shared by the credit card owner plus “business partners”. Who are they – exactly? To get a real handle on the situation in the USA, there are very few credit card issuers – Amerian Express and one or two others for VISA/Mastercard. A lot of banks simply sell credit cards owned by some other company. So the company that really owns your credit card spending information *isn’t* your local bank but some other entity.

    So if I authorise some small company to see my data but they in turn are owned by some bigger fish, etc, the end result is not really under my control at all.

    Reply
  2. alecm

    >So if I authorise some small company to see my data but they in turn are owned by some bigger fish, etc, the end result is not really under my control at all.

    Granted, but one of the nasty truths of information security is that once a bit of information has been exposed to eyeballs, there is nothing – no DRM, no Cryptography – which will get it back under wraps.

    The point of Feeds-based VRM is that you can centralise your information storage under your control, delegate authority to access that data to third parties, and revoke further access to that data at will – bearing in mind that a lot of the perceived value of VRM is for the third parties to have /ongoing/ access to your feeds of information.

    That which they have already accessed, for the most part, will become dated and less useful.

    And, as you say, there’s little to prevent data, once accessed, from being reshared beyond the means of control of the owner.

    But that’s a problem we already have, will never solve (regardless of what some will try to have you believe) and currently address by means of reputation, trust and litigation.

    So, in short: no loss, and a net win for VRM.

    Reply
  3. Dave Walker

    It’s surprising how many elements of VRM can be addressed by a .vcf on a server, as you have written.

    I’m still getting my head around some of the more subtle elements of the feeds-based stuff, particularly the wrapping, but from what I’ve understood so far, the approach definitely has potential.

    As spotted on the Schneierblog, you might find it interesting to have a squint at http://www.credentica.com . Granted this doesn’t solve the issue of data transferrability between organisations in a conglomerate; but as you comment, I don’t think any technology can cover that eventuality.

    Also, do you know another Dave and Charlotte, or have I just been immortalised as being less fussy about data compartmentalisation than my car? 😉

    Reply
  4. Jackie Danicki » Identity and Federation: Who needs ‘em?

    […] and I talked a lot about security, VRM, and identity over our meal – all fascinating stuff. So I was thrilled to see that he’s put […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts