« IIW2005: Attention Data as Identity | Main | IIW2005: Day Two Wrap-Up »
IIW2005: Identity Rights Agreements
This afternoon there was a good sized group that got together to discuss Identity Rights Agreements.
One big problem is the legal status of such agreements. Mary Rundle was very helpful to the discussion here.
One point was that an organization (like Identity Commons) could create a “trustmark” that Web sites that take identity data could display saying they agree to abidee by IRAs. This provides some prtection under trademark law, but may not be the best way really punish violaters.
Data protection privacy commissioners want to create a regime for protecting personly identifying information. What we’re saying in the discussion of IRAs is that we can build systems that allow users to easily indicate their privacy preferences, at least for some classes of data. What’s missing is the legal framework in the middle to make such agreements legally binding.
There’s two sides to this: identity owners and identity consumers. I’ve thought of IRAs being about the identity owner side. There’s the other side of trustmarks that indicate what a site’s policies are.
We shouldn’t have a fixed set of artfully designed icons, but rather a set of choices that lead to the agreements. This is basically what Creative Commons does: make some choices, end up with a few fix choices.
Ultimately, we need to think about negotiation. What if I don’t want my credit card stored, but the site policy is to store it. I don’t want to enter a negotiation to see whether I or they are willing to compromise.
I-names and other systems creating identity records seem like a great place to start. The interface could let users select IRAs for each identity data field and then be responsible for packaging it into the standard for wrapping identity data (be that hCards, vcards, or something else).
IRAs aren’t about technological (DRM) or even legal enforcement, although ultimately legal enforcement may be possible. IRAs are about expressing preferences. If users can express their preferences, service providers can start to cater to them and advertise their willingness to cater to them.
Posted by windley on October 27, 2005 2:42 PM
Comment from the head lemur at October 27, 2005 5:14 PM
Phil,
Let me stop you right there. Anything that is an image can and will be forged, making it useless.
The only viable way to enable such a scheme is to have the identity server provide the logo with a bot of code on your page.
This is sort of like image linking from someone elses server but in a good way.
This of course falls down as soon as you create a credential on just about any windows server from NT north and redirect from there.
Comment from weaverluke at October 28, 2005 2:12 AM
Hi Phil,
Sounds to me what you talk about is very close to what we're aiming at as a first step for the Virtual Rights Initiative .
Given that VRI already has several senior legal figures behind it, perhaps it would make sense to gather behind that banner?
We've mooted the idea of combining CC-like hyperlinked badge(s) with a Pledgebank fundraising campaign to enable VRI to become an effective focus of cross-sector discussion: we probably need to bring business, NGOs, government, techies, users and lawmakers talking together in one (virtual) place if we're to evolve a workable system.