Beruflich Dokumente
Kultur Dokumente
In this issue: Everyday identity in Beijing look like Facebooks real names vision. Your feelings for cash in The Attitude Economy. Windley asks where your cloud operating system should run. The Personal Data Ecosystem Catalyst Workshop reports from London. News: Europes Digital Agenda Assemblys workshop on data called for standards to promote interop and protect individuals; Kaliya was elected to an NSTIC oce; and you still cant see your own pacemaker medical data. Standards: A format for telling your location privacy preferences; new working groups for W3C Private User Agent and OpenID data federation; Mozilla Personas Beta; OpenID Connect Interop OC4 tests results, and a new UMA draft. Tips to phil@pde.cc. Contents 1. Deep..........................................................................................3 Beijing: Identity and Security in Everyday Life ...........................4 The Attitude Economy: Who owns your emotions? .................6 Where Does the CloudOS Run? ..................................................10 Rough Notes from the September Catalyst Workshop ........14 2. Wide ........................................................................................26 News ..................................................................................................27 Standards .........................................................................................33 Startup News ...................................................................................44 3. Actionable ..............................................................................52 Book Reviews ..................................................................................53 Calendar ...........................................................................................55 PDEC Directory ...............................................................................62 4. Aftermatter ............................................................................64
Table of Contents
Deep
Diving into rich ideas, experiences, and models.
This month we bring you reports from Beijing, California, Utah, and London. Kaliyas observations on everyday identity in Beijing look like Facebooks real names worldview: China ties all Internet use to your national identity or mobile account. Phil Wol shows how your emotional metadata is becoming a commercial product in The Attitude Economy, challenging individuals, startups, enterprises, and governments. Phil Windley asks where your cloud operating should run, diagramming your technology architectural choices and their business eects. Phil reports on his experience building cloud products. Participants in the Personal Data Ecosystem Catalyst Workshops, Tony Fishs monthly London implementers unconference, again reported on progress and issues as XRI and other personal data eorts intensify in the UK.
Table of Contents
Table of Contents
TL;DR
Everyday ID in Beijing for a foreigner is a lot like in many Western democracies except for Internet access tied to your mobile phone account.
Table of Contents
Sentiment analysis turns your feelings into data. Someone else owns that data. Lets look a bit at why this is important. The web rewards passion with attention. The fth Sentiment Analysis Symposium got me thinking about this intimate technology. As we express ourselves, lexicographers, computer scientists, cognitive
Table of Contents
scientists, and engineers are building services to analyze our words, our faces and bodies, and our voices. They score what we feel, our intentions, and anything else inferable. The object: improved insight into people. Personally, I'd love this for introspection and relationships. I'd like to better understand myself, to reveal patterns in my thoughts, feelings, and behavior. Perhaps I could become a better man through heightened self awareness, turning my everyday activity into a path toward enlightenment. I'd also use sentimental tools to better present myself, communicate more eectively, be more persuasive when it counts, establish rapport and get things done with others. This capacity for sentiment analysis, to understand and interpret ows of meaning and emotional subtext, is worth a great deal to industry and government. Sales depends on emotion. Advertising, customer service, investor relations, media relations, channel marketing, and word of mouth marketing all improve with sentiment insight. Fraud detection, signals intelligence, recruiting employees, uncovering traitors, and timing stock trades all benet too. The promise is huge yet sentiment analysis is still an infant. As I see it, the path forward looks something like this. Today, we're making better snapshots of sentiment. Soon we'll have better temporal models. Then better social and interactive models. Finally, better manipulation, inuence and self control. More specically, over the next ten years we'll see: Scale. If you thought the Twitter Firehose was big today, in ten years... Ubiquity. "Sentiment Analysis as a Service" will make it easy and, eventually, cheap to build SA features into nearly every application, device, and digital experience.
Table of Contents
More complete proles of individuals. There will be more data about you under one index, perhaps even under your personal control, like a Personal Health Cloud. This suggests more input for SA engines, less concern about data sparsity. Longitudinal analysis. Where are the cycles and patterns in sentiment? How does Phil's attitude change during the day, year? Root cause analysis. What activities or people aect Phil and how? If we can see what Phil reads, where he goes, who he talks to, how much he moves, music he hears, what he eats, can we identify likely triggers for sentiment and aect changes? Realtime scoring. At scale, limited only by latency. Scoring reect new models of cognition. Neuroscience and cogsci will inform what and how we measure, analyze and report. How likely is it that new social gestures will amplify patterns discovered through brain imaging? Analysis of non-textual inputs. Facial microexpressions captured in Skype chats, body language in YouTube videos, gestures in Google Glass, typing speed/ interval/error patterns in Bing search, stress analysis in voice calls, clickstreams in Chrome, check-ins in FourSquare, physiology from Quantied Self loggers all will complement text analysis. Micropublic reporting. How are the people attending this meeting in two hours feeling now? This is aggregating sentiment for smaller, dened groups. Predictive sentiment analysis. How will they feel when the meeting starts in two hours? What are likely causes of drift? Sentiment streaming. Sentiment as realtime presence. Phil's mobile emits a stream of Phil's happiness, engagement, focus when he's awake.
Table of Contents
Ownership. Lots of companies and government agencies will infer your attitudes and emotions and compile sentiment dossiers on you. You will struggle for control over your personal and social sentiment data. EU will extend privacy rights and personal data rights to sentiment data inferred by third-parties. Liability. Death, job loss, misdiagnosis, or another horrible outcome will produce law suits and establish nancial accountability for errors and misuse of SA results. So however eective sentiment analysis is today, it's going to be high-, pervasive and weaponized tomorrow. SA will aect society. For good. For evil. And we don't have tools to temper the evil. US law doesn't treat personal data as a right or an asset. EU law doesnt treat data derived from observations as the subjects data. What goals would you want to promote with laws about derived sentiment data? What protections would you want for innovators? What constraints and obligations should come with use of sentiment data by people (vs. organizations?) For SA subjects? If I dont see you at this months Internet Identity Workshop to talk about this, lets talk online.
Table of Contents
A while back, I published this diagram to describe the dierent levels in the implementation of the CloudOS and show the relationship between the construction of a traditional OS and the CloudOS. This is more than an analogy; there is real parallelism.
Table of Contents
Two open source projects, KRE and XDI, make up the kernel. Anyone can run them. (Note: for now, its probably easier to just sign up for a free account on the service hosted by Kynetx. At this point the open source projects are not easy to set upbut it is possible. Were actively working on xing this with more than one partner.) We are building out the required services and some basic applications. They are not yet available; the alpha version should be online by November. Ill be blogging about the services as we go. The preceding diagram led to a question from a friend: Where does the kernel run? The ippant answer is in the cloud. But thats a mighty big place. For example, does every personal cloud implement this entire stack from top to bottom? Is there an instance of the kernel for every personal cloud? Or is the kernel running centrally somewhere (say Kynetx) and everyone just uses that. The answer is that neither of these two scenarios is correct. The real architecture is somewhere in the middle. The confusion comes from conating the idea of a personal cloud with its implementation. A personal cloud is an extremely lightweight virtual machine. So lightweight that we can aord trillions of themand in my plans well need trillions because well want every person, place, or thing to have one. Not just one personal cloud for each type of thing, but for each instance. Each person will control dozens, maybe hundreds. A large business might have control of many thousands and relationships with millions of personal clouds. Because theyre lightweight, virtual machines, there is a hosting level, where the infrastructure to run them lives and also a virtual level, that we think of as the personal clouds. The following diagram shows this:
Table of Contents
In the hosting space are computers that run the softwarethe kernelthat implements the personal clouds for a hosting company, other institutions like banks and telcos, and even a self-hosted instance. Any given instance of the kernel can support many, many personal clouds. Institutions in the diagram are oering personal clouds to their customers. They may oer custom services or applications that make their distro of the CloudOS unique, just as dierent Linux distros are unique and t dierent needs even as they sit on a common kernel. In the cloud space are the personal clouds that run on each host. A person might control personal clouds from many dierent providers, just like we have Websites in dierent places today. The fact that personal clouds are hosted in dierent places doesnt aect their ability to link to each other.
Table of Contents
Note that the relationships ow between personal clouds and not the hosts. Suppose you and your friend want to link your personal clouds. Theres no need to your bank and your friends hosting company to cooperate for that to happen. As I envision them, personal clouds mirror exactly the architecture of the Web on which theyre based. They are decentralized and independent. Even so, they are linkable through an open standard. This idea is critical because it gets us out of the world that Web 2.0 built, where customers are given great functionality, but in Webhosted applications that are very unlike the Web. Web 2.0 applications cannot be linked by users and dont generally work together. APIs arent enough, as companies like IFTTT have found out in dealing with Twitter. For now, Kynetx is hosting an instance of the kernel upon which personal clouds can be hosted and the CloudOS can be run. We are working with two partners on getting other instances of the multi-homed kernel running. The hearty can host their own. And each of the clouds hosted on these various instances will be completely able to work with each other. The deployment strategy for personal clouds, aligns with the architecture of the Web: decentralized and open.
Table of Contents
Table of Contents
How can we promote this to the government to make it a priority? People dont understand Trusted Paths and why they are needed? How do you prove that you are interacting with a website, would an independent path to verify help? People are generally lazy and enter websites without knowledge of problems? RSA site for user authentication Bogus websites have pixel identical frames OTP (one time password) using multi-level authentication, was considered by some as too onerous Dont put the reliance completely on the user There should be a best practice for all relying parties ie ISP, Email client, browser and device Where does the liability lie? Consumer or Government? There are technical solutions Phishing agents quickly adapt to changes in anti-virus protection Are there usability guidelines? What are the user experiences? How do users alleviate fraudulent use? Students are seen as arrogant, that they can tell the dierence between a fraudulent website and the original. British Retail Consortium stated that online fraud accounted for 200million in the previous year. Statistics are 2 weeks old. All loses are eventually passed onto the consumer. Should usability be sacriced in order to achieve greater security? What are we trying to achieve ie drive down fraud or save on costs? Alpha Projects were suggested post workshop.
Table of Contents
Who owns the customer ID? Will customers pay for ID?
Notes: Rob Laurence Who owns the customer? In the context of the discussion the customer was described as The person whose identity was assured by the IdP to a benchmark level (1,2,3 etc) A claimant of the RP (eg DWP) A payee to the RP (eg HMRC) The customer would be subject to the T&Cs of one or more IdPs and one or more RPs on a one-to-one basis. Within an end-to-end business process (from a customer enquiring about a service from an RP to engaging in that service) the customer would enter or be part of more than one legal relationship, each covered by its own T&Cs. In the context of the IdP/customer and the RP/customer relationships there would need to be a clearly-dened hand-o point between the IdP and the RP (with the hub as the intermediary) that is transparent and understandable to the customer. The underlying issue behind the question would seem to revolve around the legal positions of the IdP and RP, the liability model and where risk lies. This appeared to workshop attendees to be unclear and certainly untested, with anecdotal comments surrounding the DWP procurement process of concern.
Table of Contents
What about data attribute providers? Who owns the data about me? HMG, supplier, employer, but not me at present. Will customers pay for an identity provider service? General views expressed. There will never be a one-size-ts-all service. Age and socio-demographic segmentation of the population will identify dierent needs across dierent groupings. Should customers be forced to pay for an IdP service in the same way as they would have been forced to buy an ID card? View was categorically no unacceptable/unworkable. Customer (some) condence may be higher if they paid for a service. Would customers see a value and pay for the convenience or control around having a single credential that could be used with many organisations? The market will nd its own level. Dierent business models will emerge and some will become established (just as with the iPhone and Android App market free with ads, pay without). IdP service companies will oer additional services tailored to their market segments. Some service providers could sell your data and pay you a cut or oer points. Could employers become IdPs, allowing employees to use their company-issued credentials?
Table of Contents
Overall This session of OIX was marked by a shift in emphasis towards services enabled by identity and a focus on consumer value and control. Services Sessions on trusted services for social care (Microsoft) and greater consumer Inclusion (CHYP) demonstrated how identity assurance could enable access to nancial services for those who have been excluded economically, digitally or through age and/or disability. There was also an increasing emphasis on Relying Parties, and the key enablers required for building a vibrant commercial eco-system around core Identity Assurance services such as credentialing and authentication. Adding new services such as Document Signature is demonstrably easier once the core building blocks of IDA are in place. Consumer Value and Control As well as the focus on accessibility (perhaps relevant to the 6th Law of Identity (Human Integration)), there were sessions on consumer relationships with IDPs, AtPs and Relying Parties including new ideas of oering consumers the ability to authenticate suppliers were also discussed. This suggests that there is scope for further balance within the eco-system by increasing the power of the consumer to control services and manage relationships with Vendors or Suppliers by, creating individual trust networks which bind users into groups and dene their roles within those groups, as well as their relationships with Relying Parties. Several lovely usecases for these emerging mini-trust-frameworks were supplied by trusted-services in social care, online age verication and the up-coming requirements to support businesses for HMRC Identity Assurance.
Table of Contents
Social Care services from informal sector (family, friends, 4th Sector) focusing on use cases in the Deployment of Assisted Living Services at Scale (DALLAS) HomePay, a service designed for the nancially excluded enabling them to make use of a TV interface in order to manage their money and have access to a wider range of banking and billing services Both projects had a focus on developing a trust model with levels of delegation of authority to a uid network of real-world actors outside formal supplier networks. The alignment with COs trial on Lasting Power of Attorney was noted. Next Steps Considering a combined pilot which would enable users to access a range of services (including fun stu) and include further relying parties Follow up with connections to other relying parties Session hosts to send wish-list to OIX Session hosts to try and provide a demo at next OIX
Work on AV was commissioned 18 months ago Combating cyber bullying Highly emotive subject They are focused on the payment transactions
Table of Contents
Very specific issue can we enable online age verification for digital content PEGI enforceable across Europe Low cost age verification solution to address those issues Practical, usable - what are the integration costs (need to be low) Brought this into OIX Access to government attributes?? Lengthy investigations into new data ( turned up blanks ) Response from the banks is that the task is too big (databases not in shape to be used)
ALPHA project - Cabinet office met recently Feb 2013 - want to go live with an existing e-tailer Time bound If there is a successful outcome
Limited number of participants will be involved Minors (age restricted to 15) and parental consent
The BRC said they have a number of etailers who are interested being involved in the pilot Mix of online and bricks and mortar
Table of Contents
BRC said tick boxes are not enough so there needs to be another system BRC asked the question "is what we trying to do achievable?" Timescales
No longer than 6 months September - Definition of solution design October - look to establish participants Feb go live
Retailer, payments company, research agency, trading standards, BDRO are the stakeholders who will be involved. And from John Harrison: re proof of age. The gist was that with the support of two or three others [notably John Skipper from PA, and Mark King from EADS (I think) ] I pointed out that (i) there was a risk in regarding proof-of-age as a standalone application, rather than as just one application of a general purpose infrastructure for attribute exchange; and that (ii) it would better to recognise the general nature of the problem, and then run two or more pilots of the generic infrastructure, each focused on a different app / target set of customers, e.g. proof of age for minors, and proof of student status / qualifications for students. This suggestion didnt go down too well with Rachel OC she wants to press ahead regardless, and get a proof-of-age pilot running by Feb next year, using Cabinet Office alpha-funding. I am to resend an email that I wrote to her before the summer, and try to set up a longer discussion.
Table of Contents
Table of Contents
communication redress process - ombudsman billing - how will this work? Plan is to be transparent in how these are run - open to all (governance between idSP and DWP) - but not so as to slow up the process How does OIX play in this? a forum/meeting place to bring conversations together international; wishing to avoid IP barriers; private sector led Q: Harmonization across the players: how does this work without creating a lot of silos? A: We have a well-designed technical architecture, but work is required around the commercial model. It has to work for Universal Credits in one year's time. Q:Why have The Netherlands project taken two years? A: Chicken-and-egg situation, but now getting on to the right of the "hockey stick". We can't take two years, so we have to work together i.e. credentials have to be in customers hands before they go the DWP for Universal Credits. There are several departments who want to follow through. Q: How are schemes adapted to do different things e.g. supply different attributes A: Not sure yet whether there will be variations on a single scheme with different rule sets, or several schemes. E.g. need to enable
Table of Contents
counter transactions i.e. not just online. Trying to keep "trust frameworks" separate from "schemes" e.g. Visa scheme, different trust frameworks in different countries. Q: Consumers don't understand levels of assurance - front office process needs to be really simple. A: Back office process deals with attributes such as how many children, etc. We should be able to commoditize the identity "who you are" part.
Q: Is there going to be a single SAML spec for all idA? A: Hopefully. Want government to be an intelligent buyer and needs to understand how to tie SAML to different levels of assurance.
Table of Contents
The IDA does not currently support digital signatures for signing on-line forms as part of the core architecture. Are agencies willing to move to on-line signing of forms? Do/will we need digital signatures to do this? Can this form an ROI case to encourage joining IDA?
Table of Contents
Wide
Surveying the environment for trends and context.
Jean Russell.
In news, Europes Digital Agenda Assemblys workshop on data called for standards to promote interop and protect individuals; Kaliya was elected to an NSTIC oce; and you still cant see your own pacemaker medical data. In standards, tell your location privacy prefs;; new W3C and OpenID working groups; Mozilla Personas Beta goes live; we show results from the OpenID Connect Interop OC4 tests, and UMA released a new draft.
Table of Contents
News
Digital Agenda Assemblys Workshop on Data Calls for Standards
Markus Sabadello, Project Danube From June 21st to 22nd, the EUs second Digital Agenda Assembly took place in Brussels. The Digital Agenda has a broad scope and is the EUs overall instrument for delivering sustainable economic and social benets from a digital single market based on Internet and interoperable applications. It is considered one of seven agship initiatives for the long-term Europe 2020 Strategy. It is headed by the EU Commissions Directorate-General for Information Society and Media (DG CONNECT) and by its Commissioner Neelie Kroes.
The Assembly is the culmination of a permanent process which among other mechanisms features an online engagement platforms, where stakeholders can discuss issues and provide feedback. On the rst day of the Assembly, eight workshops on various topics ranging from cloud computing to social media were held. On the second day, a plenary session was convened, which presented workshop reports, keynote speeches, panels and awards.
Table of Contents
Most of the workshops had a clear focus on economic issues and asked how digital technologies can help create jobs and growth. The workshop on data explored the potential of open data as well as personal data, some of the most promising economic and business aspects involved, and discussed how policy for data and investment can better address the challenges of businesses and the public sector and further support innovative business development. The consensus at this workshop was for data to unfold its potential, it must be open and based on common standards on the semantic level. One participant went as far as proposing an Open Data Authority at the EU level. At the plenary session on the second day, one member of PDECs Startup Circle Personal was mentioned: During a keynote speech of Ushahidi Executive Director Juliana Rotich, she talked about how personal data was everywhere and that it can be used for mining and inference, and for doing good for society. She said that it can create new economic and social opportunities if the data is allowed to ow rather than be locked in, and that regulation must not lose sight of this potential. However, she also pointed out that we live in a time of rising privacy concerns and mentioned Personal, explaining that this company is rethinking the question of ownership of personal data and believes that you own your personal data. Reports, pictures and recordings of the Assembly, as well as materials from the individual workshops are available online.
Table of Contents
http://www.politico.com/news/stories/0912/81661.html
Table of Contents
Kaliya ran and was elected to the Identity Ecosystem Steering Group management council that was created by and for the National Strategy for Trusted Identities in Cyberspace (NSTIC). She ran to be the Consumer Advocate Delegate and did so with her long time aliation with PDEC member Planetwork.The strategy coordinates and inspires a new generation of identity services. It is unclear how far the Identity Ecosystem will extend beyond identity login to personal data sharing. It could be quite signicant.Heres the text of a stump speech she recorded for her campaign. Hi my name is Kaliya. Im known online as the Identity Woman and Im running for oce. I said Im running for Mayor but, its a little bit more complicated than that. Its all about Identity. Theres a management counsel for the steering committee for the National Strategy for Trusted Identity and Cyberspace [NSTIC] and theyre having a big election on August 15th. The good news is that any of you can sign up and register to vote and Id like you to sign up and register and vote for me. Why? Because I think this is an issue that has potential but only if strong citizen voices and strong citizen participation is really driven forward in the process. So, Ill tell you a bit more about this whole thing, NSTIC, this election, my qualications. But let me get to the point. Please go to kaliyaformayor.org and nd out how you can register to vote in this vital important election on August 11th. So NSTIC in 30 Seconds.
Table of Contents
It [NSTIC] was written and released by the White House in April of 2011 and it did an amazing job of painting a comprehensive picture of how identities could work on the internet if there was interoperability across the whole diverse range of systems. It also proposed that there be private sector leadership in making this happen. That being everybody but government so academic institution, non-prots, citizen advocates, privacy advocates, and just regular people. Thats why you guys can sign up and vote. And anyone can join this steering committee and Id really like you to join and vote for me. So endorse my campaign at kaliyaformayor.org, register, and vote with NSTIC. Vote on August 15th. So what are my qualications to be in this management council? First, I have a deep and abiding commitment to user-centricity and a record of accomplishment for building internet skills support for people in our daily experience. You can read all about my work in this eld at identitywoman.net. Ive been working on this proactively for almost ten years. My blogs have been going since 2005. I founded the Internet Identity Workshop in that same year and weve been going for eight years, really focused on how people can get control of their identities online and the technical tools and standards to do that. This far were gonna be having our 15th one. Secondly, my roots are in the not-for-prot sector so I speak their language and hold their values. Ive been aliated with Planetwork since 2002 and their paper, The Augmented Social Network: Building Identity and Trust into the Next Generation Internet. And if you want, you can go and check that out at ASN.planetwork.net to read more about it because it really reects the kind of identity systems that I think we need to make sure get built. And thirdly, Im a woman. I think that how identity is expressed online has a greater impact in womens lives to have more complex representations of self, more dierent contacts in which
Table of Contents
they need to present themselves and its really vital that we make sure that womens voices are on this council. I founded ShesGeeky about six years ago, a womens online technology conference. Ive presented in womens forums about issues on identity and Im really passionate about making sure that both women and people from a range of dierent backgrounds have their voices represented in this development of the identity ecosystem. So with that, please swing by kaliyaformayor.org and learn all about how to vote for me. Get involved and Go NSTIC! I appreciate your support and I approve this message. Thanks. Bye.
Table of Contents
Standards
This issue: Standards for Web Applications on Mobile: current and roadmap Document Format for Expressing Location Info Privacy Preferences Statement arming "OpenStand" principles Content Security Policy 1.0 review for Candidate Recommendation Content Security Policy: Draft User Interface Safety Directives Sender Policy Framework Authorizing Domains in Email v1 Owner Authorization Grant Type Prole for OAuth 2.0 A problem statement on trust in IETF protocols W3C Web Crypto WG issues Web Crypto API Letter on "DNT impasse" to FTC's Leibowitz Best practices and requirements for delivering Long Tail personalized content delivery over CDN Interconnections Updated Microdata to RDF Working Draft W3C launches Private User Agent Community Group RFC 6721 adds item deletion mechanism to Atom Publishing Protocol IETF draft "Special-Purpose Address Registries" for IPv4, IPv6 XACML 3.0 60 day review until December 7 New OpenID data federation working group First Beta Release of Mozilla Persona OpenID Connect Interop OC4 partial results W3C Web App Sec WG issues First Public Working Draft of User Interface Safety Directives for Content Security JSON Predicates Draft 00 UMA Core Protocol Draft 05 RDFa Lite 2 RDF Extractor
Table of Contents
Multiplexing Extension for WebSockets Group addresses allowed in From:, Sender: headers W3C launches Places Community Group First Public Working Draft of Push API for Web Apps HTTP Origin-Bound Authentication (HOBA) draft 02 Draft 06: User Interface Safety Directives for Content Security Policy
Table of Contents
Table of Contents
Table of Contents
Best practices and requirements for delivering Long Tail personalized content delivery over CDN Interconnections
September 15 2012 Content Delivery Networks (CDNs) work best for caching popular data. But what do you do in a personal cloud world? This draft proposes methods for quickly delivering personalized content using CDNs.
http://tools.ietf.org/html/draft-krishnan-cdni-long-tail-02
Table of Contents
ngerprinting and to improve the control the user has over information shared over the Web and to improve the security of the User Agent in these regards. The group seeks to standardize the designs necessary to achieve these goals, to develop extensions designed for privacy to mitigate inevitable losses of functionality, to foster consideration of privacy in the design of other Web standards, and to discuss and develop implementations and test suits. Mechanisms for expressing user privacy preferences to servers and content providers are outside the scope of this group."
http://www.w3.org/community/pua/
Table of Contents
Table of Contents
http://osis.idcommons.net/wiki/OC4:Cross_Solution_RP_x_OP_Results
W3C Web App Sec WG issues First Public Working Draft of User Interface Safety Directives for Content Security Policy
28 September 2012 The deadline for comments on this version is October 1.
http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.html
Table of Contents
Table of Contents
Table of Contents
Draft 06: User Interface Safety Directives for Content Security Policy
September 28 2012 The W3C Web Application Security Working Group issued an Editors Draft of User Interface Safety Directives for Content Security Policy. Please send comments to publicwebappsec@w3.org
http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.html
Table of Contents
Startup News
New members
Four new members this month: MyMindshare, KBC, MMINNDD, and OwnYourInfo. You can see the complete list in the PDEC directory at end of the Journal. MyMindshare. CEO: Jim Bursch.http://mymindshare.com As a general rule, I hate advertising. In 2004 I realized that the problem with advertising was ad-supported media and I set out to solve the problem of advertising by developing a system that disintermediates advertising and put advertisers in direct relationship with consumers. MyMindshare does this by combining a bidding and rating system with a surveying and targeting system. Knowledge Based Opportunities CIC.CEO: John Beer. http://kbocic.co.uk/ As an advisor to the European Commission on ICT matters, there is a requirement to research and develop new technologies for enabling Knowledge Extraction and content monetization platforms In the UK there is a need to create and encourage sustainable changes to the skills and research landscape in the research and business area of Knowledge Extraction, Information retrieval, Digital Librarianship and Information Science. The Centre for Advanced Knowledge Engineering (CfAKE) /Knowledge Based Opportunities (CIC) Ltd will focus with global universities on
Table of Contents
creating a global Centre of excellence based in the UK and intern change the regional aspirations levels, skills and future employment opportunities of students. KBO is a not-for-prot Community Interest Company. MMINDD:CEO: Estee Solemon Gray. http://mmindd.com A value proposition hypothesis was born. Tools for multi-minding. Helping people visualize and attend to their intentionally complicated beautiful lives. Learning from the behavior in the wild of generations of women. Responding to almost desperate calls to incorporate mindfulness practices and energy management in workplaces and work/lifestyles before the Millennials do lasting damage to themselves. Nine months of ideation, user exploration, and co-creation later (including multi-day Advances that drew Advance Team members from across the country layering Mmindd onto their day jobs), a vision, a pitch, a core team of 5, and the bones of a creation space are emerging. OwnYourInfo: Functional Lead: William McCusker.http://ownyourinfo.com OwnYourInfo is an information storage and sharing application built to make managing private and frequently accessed personal information more ecient and more secure. OwnYourInfo launched on September 12, 2011 after a year and a half of research and development. OwnYourInfo is based in Las Vegas, Nevada.
Table of Contents
Table of Contents
Table of Contents
We just got back from a fantastic weekend in the Chicago, where we partnered with Braintree to throw a weekend-long App Challenge. As we continue to recover from the 28-hour marathon of hacking and fun, we thought wed share some thoughts with the world. Head over to the post How the Windy City won our hearts to check out the list of startups they were keen on. The winner for best use of Singly was Twizzl.io which turns your social media connections into a competitive sport. Your social media savvy is tested as you predict which of your own friends, favorite celebrities, and preferred brands will rise in online popularity across Facebook and Twitter. How to have Social Apps via Singly in 5 Min: Register with Singly to get API keys Download the Singly Android SDK from Github Use the Singly API explorer Use the Singly Android SDK in your app
Post: http://blog.singly.com/2012/09/28/5-minutes-to-social-android-apps-with-singly/
Table of Contents
...that followed this white paper from earlier 2012 by Phil and Drummond...
From Personal Computers to Personal Clouds: The Advent of the Cloud OS.
Table of Contents
The following represents a roadmap of what needs to be done to get from having a functioning kernel to a real cloud operating system that includes the necessary user-space tools and utilities. Note that the roadmap does not necessarily indicate priority or order. Kernel-Space Enhancements; User-Space Applications and Utilities; and Base Personal Cloud OS Applications.
Give your Azigo email address to merchants; Azigo organizes mail from vendors by brand, topic, and visualized Pinterest-style. Azigo is now taking signups. http://azigoinc.com/azigo-launches-beta-september-10-2012/
Table of Contents
If, like us, you think midata is a good idea its well worth responding to the consultation. There are those generally companies who make a business of trading in your personal data without you knowing much about it who are resisting this idea. But their reasons for doing so are less about benet to the individual and more about a short-sighted view of their own interests.
Table of Contents
Actionable
Tools and resources for driving forward.
Check your Big Data Ethics. Put these events on your calendar: London Catalyst Workshops monthly. W3C Federated Social Web Summit and IIW15 in October in San Francisco Bay Area. Identity Next in The Hague, NL, in November. Privacy Engineering Meetups in November, December. PDEC directory of members updated with four new members in time for IIW15.
Table of Contents
Book Reviews
Ethics of Big Data: Balancing Risk and Innovation
by Kord Davis with Doug Patterson ISBN: 9781449311797. September 2012, OReilly Media, 82 pages. I love it when philosophers become management consultants. We get short books like this, with discipline and logical thinking about a complex subject. Fortunately Davis and Patterson make it quick, readable and organized. For example, from the introduction: For both individuals and organizations, four common elements dene what can be considered a framework for big data ethics: Identity. What is the relationship between our oine identity and our online identity? Privacy. Who should control access to data? Ownership. Who owns data, can rights to it be transferred, and what are the obligations of people who generate and use that data? Reputation. How can we determine what data is trustworthy? Whether about ourselves, others, or anything else, big data exponentially increases the amount of information and ways we
Table of Contents
can interact with it. This phenomenon increases the complexity of managing how we are perceived and judged. The horrible thing about this book is it asks you to take responsibility for the consequences of your part in the big data explosion. You and your organization may have to actually respond to big datas forcing function with new policies and behavior. What Is Big Data Forcing? Society, government, and the legal system have not yet adapted to the coming age of big-data impacts such as transparency, correlation, and aggregation. So, adapt to these challenges. Now. Davis spends the rest of the book telling how. Their method involves a continuous loop of inquiry, analysis, articulation, and action. It starts by clarifying and articulating your values; then triggering work leading to practices aligned with your values. Its clear Davis writes from experience. He even includes tools like this worksheet, below, for workshopping policy-creation using Value Personas to make these abstractions more human and personal. Bottom line: Ethics of Big Data should be on your bookshelf along with 2011s Privacy and Big Data. Buy it. Phil Wol
Table of Contents
Table of Contents
Calendar
Where will you be? Send a tip newsroom@pde.cc.
ID World Congress
October 1618, 2012 Frankfurt, Germany The place for advanced automatic identication: RFID, biometrics and smart card technologies.
http://www.mesago.de/en/IDW/The_conference/Welcome/index.htm
Table of Contents
Table of Contents
Digital Arabia
November 6-7 Abu Dhabi, UAE Produced by STL-Partners, New Digital Economics, Telco 2.0. There may be a WEF Rethinking Personal Data Tiger Team Day associated with this event. http://www.newdigitaleconomics.com/DigitalArabia_Nov2012/
Identity.Next
November 20-21 The Hague, Netherlands http://www.identitynext.eu/
Table of Contents
Digital Asia
December 3-5 Singapore Produced by STL-Partners, New Digital Economics, Telco 2.0. There may be a WEF Rethinking Personal Data Tiger Team Day associated with this event. http://www.newdigitaleconomics.com/events/
SXSW
March 2013 Austin, Texas http://sxsw.com/
Table of Contents
Semantics and Big Data 10th ESWC 2013 May 26-30, 2013 Montpellier, France Call for Tutorials Proposals due: Nov 23, 2012 - 23:59 Hawaii Time Notication of acceptance: Dec 7, 2012 - 23:59 Hawaii Time Tutorial Web site due: Dec 17, 2012 - 23:59 Hawaii Time Camera-ready material due: Apr 29, 2013 - 23:59 Hawaii Time Tutorial days: May 26 and May 27, 2013
Table of Contents
Table of Contents
PDEC Directory
People and organizations you might want to talk to. All information is public. Send additions and corrections to newsroom@pde.cc.
Azigo. CEO: Paul Trevithick. @azigo. http://azigo.com/ Allled. CEO: Piyush Shah. @allled. http://www.allled.com/ bitWorld. Executive Director: Cameron Hunt. http://www.bitworld.us/ Cloudstore. CEO: Johannes Ernst. @cldstr. http://cldstr.com/ Comradity. CEO: Katherine Warman Kern. @comradity. http://www.comradity.net Connect.me. Co-Founder: Drummond Reed. @respectconnect. http://www.connect.me Consumer Data Rights. CEO: Craig Lipman. http://consumermarketingrights.org/ Gluu. CEO: Mike Schwartz. @gluufederation. http://www.gluu.org Interest Networks. CEO: Barbara Bowen. http://www.interestnetworks.com/ Knowledge Based Opportunities CIC. CEO: John Beer. http://kbocic.co.uk/ Kynetx. CEO: Stephen Fuller. @kynetx. http://www.kynetx.com LifeDash. President and CEO: Travis Bond. @lifedash. http://www.lifedash.com/ MetaConnectors. Project Leader: Victor Grey. http://metaconnectors.com/ MMINDD Labs. CEO: Estee Solomon Gray. @estee http://mmindd.com My Info Safe. CEO: Ross Hughson. @myinfosafe. http://www.myinfosafedirect.com/ Mydex. CEO: David Alexander. @mydexCIC. http://mydex.org/ MyMindshare. CEO: Jim Bursch.http://mymindshare.com OwnYourInfo. Functional Lead: William McCusker.http://ownyourinfo.com PeerCraft. CEO: Henrick Biering. @peercraft. http://www.peercraft.com/ Personal. CEO: Shane Green. @personal. http://www.personal.com
Table of Contents
Personal Info Cloud. Principal: Thomas Vander Wal. @infocloud. http://personalinfocloud.com/ PiB. CEO: John Harrison. http://www.pib-d.net/ Planetwork. Executive Director: Jim Fournier. @planetworkngo. http://www.planetwork.net/ Privo. CEO: Denise Tayloe. http://www.privo.com Privowny. CEO: Herve Le Jouan. @privowny. http://www.privowny.com/ Project Danube. Project Leader: Markus Sabadello. @privowny. http://www.projectdanube.org Qiy. CEO: Maarten Louman. @qiytweet. http://www.qiycorporate.nl/en/ Reputation. CEO: Michael Fertik. COO: Owen Tripp. Business Director: Noah Lang. @Reputation_Com . http://www.reputation.com Singly. CEO: Jason Cavnar. @singlyinc. http://www.singly.com Switchbook. CEO: Joe Andrieu. @switchbook. http://www.switchbook.com Synergetics. CEO: Luk Vervenne. http://synergetics.be/ Tangled Web. CEO: Ankit Kapasi. @tangledp2p. http://www.tangledp2p.com The Customers Voice. CEO: Iain Henderson. @tcvuk. http://www.thecustomersvoice.com/ Virtrue. CEO: Adam Spector. @virtrue. http://www.virtrue.us/
Table of Contents
Aftermatter
Our Masthead
Personal Data Journal Personal Data Journal is published by PDEC: the Personal Data Ecosystem Consortium, a working group of Identity Commons, a not-for-prot association. PDEC exists to create and support a diverse community of companies, small and large around the world,building a thriving personal data ecosystem. The Journals purpose is to inform, educate, and connect its readers in support of PDECs mission. Personal Data Journal Sta Publisher: Kaliya Hamlin. Kaliya@pde.cc Managing Editor: Phil Wol. Phil@pde.cc Technology Editor: Markus Sabadello. Markus@pde.cc Standards Editor: Joseph Boyle. Joseph@pde.cc Associate Publisher: Patrick Reilly. Patrick@pde.cc Founding Editor Emeritus: Kelly Mackin. Kelly@pde.cc Personal Data Ecosystem Consortium Sta Executive Director: Kaliya Hamlin Strategy Director: Phil Wol Board Members Aldo Castaneda, Tony Fish, Clay Shirky, Phillip J. Windley, Ph.D. http://PersonalDataEcosystem.org
Subscriptions:
Phil Wol: phil@pde.cc PDEC members receive the Journal with membership. Inuence your entire rm with enterprise licenses for PDJ, available at http://www.pde.cc/journal. Rates are also available for individuals, academics, and teams. You can subscribe online with a company card, pay by check or by wire.
Table of Contents
Editorial Policies
Some things we stand for.
Tell the truth, be useful, make a dierence. The path forward means aligning personal, enterprise and public interests. Some complex ideas are worth exploring in depth.
PDJs License.
Unless otherwise noted, Personal Data Journal is copyright Personal Data Ecosystem Consortium, an Identity Commons organization. All rights reserved (please ask rst for CC-BY permissions). Some logos, art and names may be marks of other organizations. Some works will used by permission and will be noted as such.
Corrections.
We welcome complaints and suggestions. We will publish corrections promptly and at least as prominently as our errors. Send notices to editor@personaldataecosystem.org.
Conicts of Interest.
We will disclose personal and institutional conicts of interest including aliations and memberships.
Opinions.
Authors are responsible for opinions. The Journal, PDEC and its members arent.
Table of Contents