November 30, 2011

Who Stewards the Personal Data Question? Org Chart

Below is a diagram showing the non-profit organizations (note: no for-profits, conferences or governmental orgs were included) that are stewarding pieces of the Personal Data Ecosystem. I wanted to show how the orgs are relating to the problem of how to remake our digital lives, through more user-driven personal data, for more equal transactions throughout our lives with companies, the online world, and our government.

The orgs have been divided into four areas: technical, market, policy and individual advocates. While all the orgs have an interest and are doing some thinking in all the areas, these divisions show the foundational mission of the orgs. If each org, through its foundation mission, succeeded, they would be heros for sure. The problem is, mission creep. This is a problem for startups as well, where companies don't focus and get their piece right to succeed, but rather think competitively and try to take too many pieces of the market, leading to failure. So too will the large number of problems, plus mission creep, cause any of these orgs to fail at their mission.

Ideally, we'll see all the orgs working together in inter-disciplinary and multi-disciplinary ways, relating each of their solutions to the others, but keeping focused and executing their piece of this vast and Byzantine puzzle to solve the Personal Data Ecosystem. In creating this "org chart" I talked with folks like Kevin Marks of Microformats and Activity Streams, Harry Halpin of the Federated Social Web, Scott David, Don Thibeau of OIX and OpenID, Drummond Reed (who has worked with OASIS extensively), Doc Searls of VRM, Craig Burton, Steve Rappetti and Phil Wolff of Data Portability project, Dazza Greenwood of ID Cubed, Judi Clark and Joe Andrieu of Information Sharing Working Group, among others.

So here is a picture of who is doing what in the Personal Data space:

An Org Chart covering who is Stewarding User-Driven Personal Data

Below is more information on these organizations.

Individual Solutions

Customer Commons -- recently formed by Doc and Joyce Searls, Renee Lloyd, Joe Andrieu, Dean Landsman, Markus Sabadello, Judi Clark, Iain Henderson, Craig Burton, and me, as well as a few others in the room that, I apologize, I'm forgetting. Customer Commons' mission is: a community of customers, funded only by customers, serving the interests and aspirations of customers.

Market Solutions

Personal Data Ecosystem Consortium -- is a trade association for startups and big companies that agree to a set of principles for user-driven personal data. 19 companies (currently) have joined, and PDEC's mission is to support market solutions to the personal data question. Kaliya Hamlin is Executive Director and I am Chair of the Board.

PDEC also has just formed a Legal Town Hall, a monthly call starting January 11, 2012, to be led by Judi Clark, to talk about what kind of policies are needed when individuals share their data.

World Economic Forum -- WEF has been working with lots of early thinkers in the Personal Data space for the past 18 months to "rethink personal data." They put out a report: Personal Data: a New Asset Class last February and continue to have monthly calls to prepare for a presentation of the working groups' efforts at Davos in January.

Project VRM -- Vendor Relationships Management, the brainchild of Doc Searls created during his fellowship at the Berkman Center, is a discussion group with a very active maillist, a movement for user-driven relationships with entities, and a steward of developers coding to bear out the group's vision.

Policy Solutions

OIX: Open Identity Exchange -- Don Thibeau is Chair of their Board, and Scott David is their counsel. OIX's mission is to build trust in the exchange of identity credentials online. They do this through the open, standardization of Trust Frameworks. They don't make trust frameworks, but rather their mission is to be the home of other's trust frameworks for the sharing of personal data, login credentials, and other types of private or controlled information. For example, the company Drummond Reed co-founded, Respect Trust Framework at OIX, who publishes it for others to point to as a public declaration of the trust framework. And, the U.S. FICAM Trust Framework was the first open identity trust framework to be listed by OIX

Information Sharing Working Group -- From the ISWG: The ISWG works with the Kantara Initiative, Identity Commons, Project VRM, the Personal Data Ecosystem Consortium, and Customer Commons. Run by co-chairs, Joe Andrieu and Iain Henderson and secretary Judi Clark, ISWG's formal mission is "to identify and document the use cases and scenarios that illustrate the various sub-sets of user driven information, the benefits therein, and specify the policy and technology enablers that should be put in place to enable this information to flow."

The Information Sharing Work Group helps individuals take control of the information we share online. The Standard Information Sharing Agreement is a contract for the use of your information, agreed to BEFORE you share it. It has two parts. A basic agreement covers all the default terms, things like “don’t redistribute my information without my permission”, which all recipients agree to. Then, for each individual instance of sharing, a data transaction agreement with just the bare essentials: who gets what data for what purpose. By moving all the complicated legalese into the basic agreement, we’ve dramatically simplified each specific transaction agreement.

Now, when you want to know what’s happening with your data, it’s presented simply and concisely in easy-to-understand terms… while the basic agreement defines how recipients must treat your data appropriately. The Sharing Agreement is designed to make it easy to understand and make informed decisions about sharing information online.

ID Cubed (ID3) -- a newly formed research and developement group affiliated with MIT and led by John Clippinger, Executive Director and CEO, (who started the Law Lab at Berkman/Harvard a couple of years ago and the Social Physics project a couple of years before that, also at Berkman) and Henrik Sandell, COO and CTO of ID3. ID3's mission is to "oversee the development of a multi-disciplinary center founded to research the role of law in facilitating cooperation and entrepreneurial innovation." Their major focus based upon the website seems to be Trust Framework development. Dazza Greenwood is also involved, as is Mike Schwartz of Gluu is doing some technical work for them.

Technical Solutions

Data Portability Project -- "Aims to consult, design, educate and advocate interoperable data portability to users, developers and vendors." They don't make standards but they help steward them to support more data portability, including protocols like OpenID, OAuth, RSS, Microformats and RDF among others. Steve Repetti is their Chair and Phil Wolff is very active as a public speaker for them. Here is some additional information about their mission.

Federated Social Web -- has recently become a working group of W3C, and is stewarded by many including Evan Prodromou and Harry Halpin. FSW is stewarding work on federated social web software and protocols, including things like PubSubHubBub, OpenID, Activity Streams, OAuth, among many protocols.

Activity Streams -- developed a protocol for how user's share personal data, using both JSON and Atom based streams of metadata. Monica Wilkinson and Kevin Marks actively steward the project. Activity Streams works on the Microformats model, proposing standards around activities already heaving in used online.

Microformats -- Microformats have been created for many pieces of data shared, such as hcard or hcalendar. Stewards of this project include Tantek Celik and Kevin Marks.

OpenID -- Created protocol for a federated login with OpenID 2.0 spec. OpenID Foundation is currently working with Microsoft, Google and Facebook on OpenID Connect, as well as on Account Chooser, an open standard for web sign-in ease switching between multiple accounts on a website. OpenID Foundation's chair is Don Thibeau.

ID Trust, OASIS -- from their website: "...promotes greater understanding and adoption of standards-based identity and trusted infrastructure technologies, policies, and practices. The group provides a neutral setting where government agencies, companies, research institutes, and individuals work together to advance the use of trusted infrastructures, including the Public Key Infrastructure (PKI)." -- responsible for the XRI / XDI standard, currently for pointing to data and creating link contracts. From their website: "XDI.ORG is an international non-profit public trust organization governing open public XRI and XDI infrastructure. XRI (Extensible Resource Identifier) and XDI (XRI Data Interchange) are open standards for digital identity addressing and trusted data sharing developed at OASIS, the leading XML e-business standards body. XRI and XDI infrastructure enables individuals and organizations to establish persistent, privacy-protected Internet identities and form long-term, trusted peer-to-peer data sharing relationships." Drummond Reed co-chaired the group with well, Gabe Wachob, of the XRI TC at OASIS and Andy Dale, Markus Sabadello, Mike Schwartz we involved in developing the standard.

W3C -- Umbrella standards body stewarding a number of standards for personal data use and control including the Do Not Track proposal. The Federated Social Web, and all their combined efforts including Activity Streams, recently landed at W3C.

ITU (International Telecommunications Unit) -- making infocommunications standards since 1865. Yes.. that's really 1865.

User Managed Access (UMA), a Kantara working group -- develops specs to allow individuals to "control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate interoperable implementations of the specs." UMA group chair is Eve Maler.

The Direct Project -- From their website: "The Direct Project specifies a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet."

IETF (Internet Engineering Task Force) -- Working on a number of standards around identity and data portability.

Claims Agent Working Group -- is working on development of standards-based, interoperable, verified claims agent implementations. Is at IDCommons and was originally proposed by Paul Trevithick, though many people are part of the group.

Open Web Foundation -- is "independent non-profit dedicated to the development and protection of open, non-proprietary specifications for web technologies" and uses an open source model similar to the Apache Foundation. Their leadership includes Tantek Celik, Chris Messina & David Recordon.

Update: I've added the following item to technical:

SWIFT -- a non-profit based in Brussels that provides messaging standards around banking wires, is proposing a new infrastructure layer called the "Digital Asset Grid." The DAG would provide the metadata for all data transactions (including personal data), not just money wires, as well as a hardened, full duplex transaction layer for security, flexible identity and certified data. (Full disclosure, I'm on the team that proposed the Digital Asset Grid to SWIFT).

If you have more information about these groups, people involved, or corrections, please leave them in the comments and I'll update the post. Thanks!

Posted by Mary Hodder at November 30, 2011 09:06 AM | TrackBack
Post a comment

Remember personal info?