Upload
phil-wolff
View
1.116
Download
0
Embed Size (px)
DESCRIPTION
Explaining why portability policies matter, ten questions a portability policy answers, and how to get started. http://PortabilityPolicy.org.
Citation preview
A service of the DataPortability Project
Introducing the
Portability Policy
PortabilityPolicy.org
Wouldn’t you like to…
As a Person
• Have your whole online life with you everywhere you go?
• Spend less time creating and updating profiles and contact lists?
• Be secure in your relationship with websites?
As a Service
• Have new visitors come with full profiles and their friends?
• Have access to the freshest versions of their data?
• Lower customer service costs and protect your brand?
Wouldn’t it hurt if…
• Customers resented your control over their onlives?
• The friction of people keeping data portable slows your growth?
• Customers don’t understand how you empower them?
Power imbalances lead to conflict
• A clear policy
–Cuts stress
–Creates opportunity
– Simplifies interop
A new Disclosure
• Describe your portability practices
• Plain language
• Common structure
– Readable, Comparable
• Iconography
– Readable: the CC pattern
Privacy v. Portability
• Your Privacy Policy tells visitors what you can do with their data.
• Your Portability Policy tells them what they can do with their data.
Privacy
• 1995: the era of a simple relationship
• A person – A company
– Trust, simple data flow, clear borders
• Client – Server technology
Portability
• 2010: everything talks to everything
• A person spreads their life across many services
• A service is built on dozens to thousands of other services
• A complex technology map
• A more complex trust relationship
Why is the Project doing this?
• More data portability
–Conversation within organizations
–Consumer awareness
– Experimentation
–Competitive awareness within industry segments
How did we get here?
• 2008: Policy working group starts
• 2009: Peer review –Previewed to Internet Identity Workshop 9
• 2010: PortabilityPolicy.org site launched
Questions
• Interop: Managing the Relationship
• Lifecycle: Start to Finish
START
Identity and Authentication
Working with Things Stored Somewhere Else
Identity and Authentication
• Do people need to create a new identity for this product, or can they use an existing one?– Fresh Start - The person is expected to create a fresh
identity that is used on this site. This site does not trust a third party to authenticate identity.
– Existing Identity - The person can register an account using an identity authenticated by some third party. This product assumes that, by selecting a third party to authenticate their identity, the person accepts that third party as trustworthy.
– Doesn't Apply
Identity and Authentication
• Example:– EmbarrassingDiseases.org helps people cope with
diseases that would be embarrassing if they were publicly known. Because privacy is our top concern, we don't link to other internet identities and encourage people to create new identities for use here.
– SocialSharingSite wants you to connect all of your identities here. We encourage you to use your Facebook, Twitter, Google, and OpenID identities here.
• Icon (if available)
Working with Things Stored Somewhere Else • Must people import things into this product, or can the
product refer to things stored someplace else? • Can this product work with objects and information
whose "authoritative home" is another product, or can this product only work with things that it hosts directly? – Home - For this product to work with a thing, it must be
hosted directly. – Visitor - This product has the ability to access and work
with things that are hosted by third parties, assuming that the third party allows this.
– Doesn't Apply
Working with Things Stored Somewhere Else • Example
– InPlacePictureEditor enables you to edit your pictures right where they are. Do you like Facebook? Us, too! Prefer Flickr? That's also great. Wherever your pictures live, you can edit them with InPlacePictureEditor.
– In order to add our Secret Sauce, SuperHighEndEditormust extend the file format used to store your pictures. Because of this, you must upload those pictures to us, and we will host them for you. When you wish to export your final work, it will be provided in a standard format.
• Icon (if available)
SYNC
Watching for Updates
Broadcasting Changes
Watching For Updates
• Can this site watch for updates that people make on other sites? In cases where the product tracks or manages things that the person has stored on some third party product, can this product automatically keep itself up to date?– No Imports - This site does not import data – One Time Import - This product only sees the remote thing
at import time, and does not watch for changes. – Watch For Updates - This product watches the third party
for changes, and updates its own view of the remote thing to match.
– Doesn't Apply
Watching For Updates
• Examples– SuperAddressBook provides a tool to merge all of
your old address books into one. Import your old address books into SuperAddressBook and then throw the old ones away.
– MetaAddressBook watches all of your address books and provides a unified view. We watch your address books for changes, and provide a unified view with duplicates removed.
• Icon (if available)
Broadcasting Changes Made Here
• If person updates something here, is that change stored only here or can it notify another product? Does this product provide a way for others to ask for updates?
– Silent - This product does not broadcast changes.
– Chatty - Updates made here are also forwarded to a third party.
– Doesn't Apply
Broadcasting Changes Made Here
• Example
– To preserve your privacy, EmbarrassingDiseases.org will not make the information you provide publicly available, or broadcast it to any other product.
– InPlacePictureEditor uses PubSubHubbub to ensure that you can share your creations anywhere you wish.
• Icon (if available)
SHARE
Public Data
Access from other products
APIs and Data Formats
Where things are stored
Public Data
• Can the person download or remotely access information that others have provided to the product? In cases where the product allows download or remote access, can the person export or access all of the data to which they have access, or only data which they have directly created? – Provider Only - This person may only export or access data
which they have directly provided.
– Full Access - The person may export or download any data to which they have access on this product, subject to reasonable usage and abuse rules.
– Doesn't Apply
Public Data
• Example
– You can download all of the stories that you have created on CommunityStorySharing.com, but you can only download others' stories if they have been marked for public download.
• Icon (if available)
Access from Other Products
• Can the person allow other sites to use the things they've created or updated here? Does this product provide a way for third parties to authenticate a person and read or write? – No Access - The person must use this product to read or
access whatever it manages. – Other Products Can Read - The person can provide the
third party with authentication credentials, and can read data managed by this product.
– Other Products Can Write - The person can provide the third party with authentication credentials, and can write data managed by this product.
– Doesn't Apply
Access from Other Products
• Example
– Since you've already uploaded your files, SuperHighEndEditor allows you to read and update them in-place. Files are still access protected, however, and you must authenticate using OAuth 4.7 before you will be able to use the files.
• Icon (if available)
APIs and Data Formats
• Are your APIs and Data Formats Documented?
– Yes - provide a link to the documentation
– No - explain which formats are documented and which are not
– Doesn't Apply
APIs and Data Formats
• Example:
– SocialSharingSite uses both public and licensed, proprietary data formats. Our own activity streamdata is made available via Atom. However, we use VerySecureDRM for purchased, digital downloads and this format is not available for publication. See the 'File Formats' section of our support area for detailed information.
• Icon (if available)
Where Things Are Stored
• Do you disclose where my data is being kept in the real world? If Yes, where can I learn where my data is kept? Can I request to have my data stored in one jurisdiction or another?
– Yes
– No
– Doesn't Apply
Where Things Are Stored
• Example– Our primary services are in a data center in
Oaklahoma (see map) but your data may be used or kept at our alternate centers in Barcelona and Hong Kong.
– Our partner, AcmeLocale, processes your geodataon servers in Canada.
– Your profile and phonebook info may be kept on your friends’ mobile phones
• Icon (if available)
Backing Up
• Can the person download or remotely access a copy of everything they've provided to this service?
• As part of their standard use of most products, people import or create things. Does this product provide an open, DRM-free way for people to retrieve or access via third party all of the things they've created or provided? – No Download - This product does not offer the person the
ability to download the things they've provided. – Some Download - This product allows the download of a subset
of what the user has provided – Full Download - The product provides an open, DRM-free way
for people to download all of the things they've provided to the product, or remotely access it using a third party product.
– Doesn't Apply
Backing Up
• Example
– Because we know how important this information is to you, your paid subscription to YourFamilyGenealogy.com includes the ability to download a formatted copy of all the information you have provided.
• Icon (if available)
Closing An Account
• Will this site delete an account and all associated data upon a user's request? If the user creates a password or account for use with this product, does the product provide a way to cancel the account and erase all data associated with it? – Immortal Accounts - Accounts or passwords, once created, are
assumed to live for as long as the product is available. Desktop applications and other stand-alone products that do not have host services may have no way to remotely revoke accounts or passwords.
– Data Expires - If this product acts as a hub, the data it copies from other sites will expire in a set amount of time. This product must be linked to a place where it can refresh or synchronize data in order to stay current.
– Accounts Deleted Upon Request - This product has the ability to remove a person's account and all relevant data, and will do so when requested by the person or third party with appropriate legal standing.
– Doesn't Apply
Closing An Account
• Example– One of the most important services we at YourFamilyGenealogy.com provide is
the ability for future generations to find information about you. We have multiple backups at distributed locations, independent power, and periodically copy our databases to stone tablet. We will not delete your data, at any time, for any reason. Our databases are hosted on floating platforms in undisclosed oceans, and are beyond the reach of any national government. Rest assured, your data will always be available.
– SocialSharingSite retains data for 42.5 hours, at which time the fire alarms are disabled and the server room is set alight.
– Here at MetaAddressBook.com, we pride ourselves on living in the moment, without regret. We encourage you to do the same. Thus, we will delete accounts upon request, and do not attempt to verify ownership status. Any person can request that any account be deleted at any time.
• Icon (if available)
Question Recap
• Start - bringing you, your friends, and your stuff when you start your relationship– Identity and Authentication– Working with Things Stored Somewhere Else
• Sync - keeping everything fresh– Watching For Updates – Broadcasting Changes Made Here
• Share (or Access) - controlling how your data moves– Public Data– Access from Other Products– APIs and Data Formats– Where Things Are Stored
• Exit - all good things end– Backing Up– Closing An Account
The quick project plan
• Plan – Decide to do it– Find the sign off– Assemble the team– Join the Portability Policy Publisher mailing list
• Do– Workshop the Questionnaire– Scope the Policy – For one site or all sites– Write the Policy– Edit the Policy – mechanics, style, open issues– Signoffs– Register with PortabilityPolicy.org for your badge
• Deploy– Publish– Link to It– Explain to Stakeholders– Add to workflow
Four things to do on your site
• Create the Portability Policy page someplace like /portability.html
• Put your badge on the page if you answer all the questions
• Link to the page – From every page where you link to your privacy policy
• Link to your dispute resolution process
• Socialize it: tell your employees, customers, partners, suppliers
Where to learn more
• DataPortability.org
• PortabilityPolicy.org
• @DataPortability
How to get started
• Read the questions
• Try the minimal answers: T/F, multiple choice
• Discuss
Thanks
• Steve Greenberg, Portability Policy Steering Group Chair
• Elias Bizannes
• Daniela Barbosa
• Dan Brickley
• Brady Brim-DeForrest
• Steve Repetti
• Chris Saad
• Phil Wolff