Addressing Two of the Web's Fundamental Problems with IEEE7012 and FedID
.... Human-centric identifiers and human-centric privacy policies
So, over here, I talked about how the digital spaces we now operate within are ‘like asbestos’. And how they will fragment; some ‘bits’ becoming governed ecosystems, others heading off into the wild west Sludgernet.
Thankfully those governed spaces can be a vast improvement on the current mess. In this post i’ll flag in particular how two innovations that are ‘almost baked’ will combine to make how we each manage our personal data online much better than it is now.
But let’s remind of the core problems.
Firstly we have the issue that we are all currently unable to operate on the web as ‘ourselves’. Each and every time you access The Internet, one of the the first things that happens is that an identifier is assigned to represent you. That might be a cookie ID, an IP address, a MAC address, a user name, a contract ID, or many more. That all happens because the organisation that is acting as your entry point either needs or just wants to identify you. Sometimes that is about compliance; more often than not it is about business models and the surveillance that has become the default mode today. Note that this now starts as soon as you enter the digital realm. Try getting access to The Internet without having to sign the terms of the Internet Service Provider, and then the browser manufacturer and you’ll see what I mean. So problem One - lack of individual owned and controlled digital identifiers.
Problem Two is that point about terms, or to be specific Privacy Policies (often wrongly conflated by organisations with terms and conditions of service; the privacy policy should be the contract that covers personal data exchange and practices). There are many issues with 'these contracts of adhesion’, and they have been written about many times over; not least at The Biggest Lie on The Internet. Problem two is that there are currently no means for an individual to assert their own terms around a data exchange.
That combination of no self-owned and controlled identifier, and that one cannot do anything much at all online without signing someone else’s terms mean that your digital footprint is largely out of the bag before you have even started looking around.
So how about we fix those by joining up what becomes possible from two emerging initiatives that both touch on this space?
Firstly, the Federated Identity and Federated Identity Connect protocol enables the lack of individual-controlled identifiers problem to be solved. I think the first FIDC providers and FIDC enabled web sites to show up in early 2025; possibly before then. That enables the individual, not to avoid having all of those other identifiers foisted upon them; but at least to say ‘great, I actually now have my own additional digital representation of myself that I own and control.
Then, we use the emerging IEEE7012/ Customer Commons privacy policies from the individual perspective to be the first thing that individuals sign with their new credentials that they own and control themselves.
The visual below remains work in progress, and is one I presented at IIW last week. It shows the ‘human-readable’ version of one of the agreements being prototyped by Customer Commons. There are equivalent ‘lawyer’ and ‘machine’ readable variants covering the same ground. The lawyer and machine readable agreements are necessarily more complex, but they benefit from pointing to the wonderful resource that is the Data Privacy Vocabulary (aka DPV). That resource provides a description and a persistent web location for thousands of privacy and data protection related terminologies. Therefore, when the Customer Commons agreements point to a term within DPV, it comes with a name, a definition, and a persistent URL. So can be relied upon to at least some extent by the lawyers drafting privacy policies. (It would be a difficult argument to win to discount DPV when then people behind the regulations point to it).
What this particular (draft agreement 6) is saying, simplistically, is, ‘I’m in the market for product or service X; i’m willing and able to share the data relating to my buying intentions with any relevant party willing and able to sign this agreement and then respond to my request’. In Project VRM we have called that an Intentcast; it could be seen as the equivalent in the B2B world as an RFI (Request for Information), or maybe an RFQ (Request for a Quotation), or some hybrid. We won’t know how that pans out in practice until we deploy the model for the first time for real. But i’m pretty confident that strong buying intent signals will be enough to bring at least some of the supply side to the party. They will actually find it to be a very helpful model in comparison with now, in which their CRM’s are regularly filled up with ‘hot leads’ that prove to be anything but. An intentcast can be seen in some ways as a self-cleaning Lead; it goes away when it is no longer valid in the eyes of the buyer.
This is where we get the big 2 + 2 = 7, from looking at these two initiatives in combination. What we are saying is that when these capabilities fall into place in early 2025, there is no barrier whatsoever to an individual publishing their buying interests somewhere relevant, in the full knowledge that only organisations that can sign the human-centric agreement will receive the relevant data.
That’s complex, and clearly needs more work; but I think the underlying point is undeniable. An individual, under their own steam, can build data online that they and only they control, and then share that with others on terms that they choose (from a set of currently 8 emerging contracts). And that those terms are fully machine-readable and should be acceptable to all organisations who are willing the respect the wishes of the individual. This plays, for example, into where Salesforce are headed with AgentForce. I imagine a Lead Management agent automatically finding and signing these agreements and then progressing the lead as usual.
Still getting my own head around that combination, but writing this up has been part of that journey.
We are certainly getting closer than ever to the point where the individual can act as a ‘free customer’ on The Internet.
As always, I enjoy your craft.