Identity Rights Agreements

From IdCommons

About

This is the home of the Identity Rights Agreements project. It has been chartered as a Working Group under Identity Commons.

Process

Related Work

External Memberships

Reports

2007 Q4 Report Identity Rights

Identity Rights Matrix

Each spot in the matrix would have an icon pointing to a document that describes the sharing capabilities in detail, perhaps even including special cases for certain types of data (such as credit card numbers, etc.).

This document could be anything from XML to a Word doc (or better, an OpenOffice .odt document) as both sides simply digitally sign and date a (SHA1) hash of this document as part of their agreement to its terms.

Since these documents are stable (occasionally versioned as the Creative Commons licenses are, but old versions archived and accessible) from the signed hash one can later prove what document was agreed to.

While this proof may provide legal leverage, reputation metrics will be the key. Reputation servers will collect proofs that a service provider (RP) signed an IRA and didn't abide by its requirements, and good user agents will look up and display these reputation metrics to a person when being confronted with requests for information. So sites will have a strong incentive to behave well and earn the equivalent of a Good Housekeeping Seal of Approval.

Two proposed matrices, sans icons, follow:

First try

Seven icons are needed with this matrix, which is still seriously "under construction":

Private;
No Sharing Allowed
Accessible by
Authenticated Users of
Local and Federated Communities
Accessible by Public
Use Once
and Delete
n/a n/a
May Cache for
Duration of Session
May Cache until
Deletion Requested

The horizontal axis defines who has access; the vertical access defines for how long

There are perhaps two other axes or "mixins":

  • display which covers whether or not the data may be made public by displaying it
  • refresh which defines how often the data must be refreshed in order to continue caching it

Matrix with Refresh

The following is another attempt, this one including the refresh mixin but still lacking the display mixin:

Accessible by
Local Community
No Sharing Allowed
Accessible by
Federated Communities
Accessible by Public
Use Once
and Delete
n/a
May Cache for
Duration of Session
n/a
May Cache and
Must Refresh until
Deletion Requested
n/a
May Store Locally
until
Deletion Requested
n/a

Once the data is "accessible by the public" then is seems most data sharing contracts would not really make sense anymore. So perhaps the final column is unnecessary.

If the cache period "or refresh rate" is set to some number of minutes or zero, meaning no cache required, then the last two rows could be collapsed.

Alternatively, perhaps all the rows could be collapsed by encoding more information into the cache period ("refresh") mixin, something like:

cache < 0  : use once and delete
cache == 0 : cache for session
cache > 0  : cache for that number of minutes and then refresh

While not perfect, this might be just the thing that will allow display to appear as the vertical axis. More attempts soon...