#Portability4TrustPersonal Data Portability

for Trust Frameworks

Phil WolffThe DataPortability Project

IIW Spring 2011

#portability4trust

A new Disclosure

• Describe your portability practices• Plain language• Common structure– Readable, Comparable

• Iconography– Readable: the CC pattern

2010

#portability4trust

Privacy v. Portability

• Your Privacy Policy tells visitors what you can do with their data.

• Your Portability Policy tells them what they can do with their data.

#portability4trust

4 Stages of Relationship

• Backing Up• Closing An Account

• Watching For Updates • Broadcasting Changes

Made Here

• Public Data• Access from Other Products• APIs and Data Formats• Where Things Are Stored

• Identity and Authentication• Working with Things Stored

Elsewhere

Start

Sync Share/Access

Exit

#portability4trust

The DataPortability Project Is Revving Our Portability Policy In Two Threads• Portability Policy Summit– Feedback from large adopters

• Portability4Trust– Tools for • trust framework authorities • trust framework providers

#portability4trust

The OAuth Triangle

People

Relying Party

Identity Provider

#portability4trust

The OAuth Triangle

People

Relying Party

Identity Provider

#portability4trust

The Trust TriangleTrust Frameworks• Culture• Contracts• Verification

People

Relying Party

Identity Provider

trust(Portability)

#portability4trust

7 Portability4Trust Deliverables

1. A portability principles manifesto2. A portability policy pledge 3. A portability policy template 4. A portability policy minimum disclosure 5. A portability policy minimum practice 6. A portability policy recommended practice 7. A portability glossary

#portability4trust

1. Personal Data Portability Principles Manifesto

List the principles of data portability and why they matter

#portability4trust

2. Policy Pledge

A short, direct promise to support the data portability principles

#portability4trust

3. Policy Template

Like the questions at PortabilityPolicy.org, a structure to assure all data portability principles are addressed and disclosed, supported or not

#portability4trust

4. Policy Minimum Disclosure

Describe the least amount of disclosure required by a trust framework

#portability4trust

5. Policy Minimum Practice

Describe required data portability practices. This is prescriptive.

#portability4trust

6. Policy Recommended Practice

Describe portability practices above and beyond the required.• Recommended practices may

become Required • with trust community support

#portability4trust

7. Data Portability Glossary

Defining terms

#portability4trust

#portability4trust

• DataPortability.org• p4t Google Group• Wednesday calls

1

5

234

6

#portability4trust

2011q2 Roadmap

•Write, Test, Revise, Release• Listen, Repeat

#portability4trust

Next steps

• Working here at IIW• Online, weekly conference calls• At other events– 10-13 May. European Identity Conference. Munich – 11-13 May. Telco 2 and Personal Data 5. London – 19-21 May. PII 2011 and PrivacyCamp – Silicon

Valley

#portability4trust

What we need

• 5 volunteers to work on the documents

• One firm to volunteer legal counsel for two hours of early advice

• Contributions to DPP 501[c]3 to fund travel and meetings

#portability4trust

#portability4trust

• DataPortability.org• p4t Google Group• Wednesday calls

@evanwolfskype:evanwolfpwolff@dijest.com+1-510-343-5664