Identity Rights Agreements

About
This is the home of the Identity Rights Agreements project. It has been chartered as a Working Group under Identity Commons.

Process

 * Identity Rights Agreements Charter - an Identity Commons Working Group
 * Identity Rights Agreements Mailing List
 * http://identityrights.org - no content yet

Related Work

 * Phil Windley's Identity Rights Agreements and Provider Reputation
 * Mary Ruddle's Creative Commons-like icons (PDF; see page 8)
 * Link Contracts (wikipedia)
 * The OpenPrivacy User Content License - an early stab
 * What a contract may look like to the user (May 2004)

External Memberships

 * Participation in "Dynamic Coalition on Privacy" announced: http://cyber.law.harvard.edu/home/newsroom/11.02.06

Reports
2007 Q4 Report Identity Rights

Identity Rights Matrix
Each spot in the matrix would have an icon pointing to a document that describes the sharing capabilities in detail, perhaps even including special cases for certain types of data (such as credit card numbers, etc.).

This document could be anything from XML to a Word doc (or better, an OpenOffice .odt document) as both sides simply digitally sign and date a (SHA1) hash of this document as part of their agreement to its terms.

Since these documents are stable (occasionally versioned as the Creative Commons licenses are, but old versions archived and accessible) from the signed hash one can later prove what document was agreed to.

While this proof may provide legal leverage, reputation metrics will be the key. Reputation servers will collect proofs that a service provider (RP) signed an IRA and didn't abide by its requirements, and good user agents will look up and display these reputation metrics to a person when being confronted with requests for information. So sites will have a strong incentive to behave well and earn the equivalent of a Good Housekeeping Seal of Approval.

Two proposed matrices, sans icons, follow:

First try
Seven icons are needed with this matrix, which is still seriously "under construction":

The horizontal axis defines who has access; the vertical access defines for how long

There are perhaps two other axes or "mixins":
 * display which covers whether or not the data may be made public by displaying it
 * refresh which defines how often the data must be refreshed in order to continue caching it

Matrix with Refresh
The following is another attempt, this one including the refresh mixin but still lacking the display mixin:

Once the data is "accessible by the public" then is seems most data sharing contracts would not really make sense anymore. So perhaps the final column is unnecessary.

If the cache period "or refresh rate" is set to some number of minutes or zero, meaning no cache required, then the last two rows could be collapsed.

Alternatively, perhaps all the rows could be collapsed by encoding more information into the cache period ("refresh") mixin, something like:

cache < 0 : use once and delete cache == 0 : cache for session cache > 0 : cache for that number of minutes and then refresh

While not perfect, this might be just the thing that will allow display to appear as the vertical axis. More attempts soon...