Trust, respect and personal datastores

On the final day of last week's European Identity Conference (EIC) I sat in on a workshop/presentation of the new Respect Trust Framework, which is being billed as a new approach to giving individuals control over their personal data shared over the Internet and mobile phone networks.

The announcement was made jointly by the Open Identity Exchange (OIX, who are also heavily involved with the U.S. NSTIC, the National Strategy for Trusted Identities in Cyberspace) and Connect.Me, the latest project of Drummond Reed (formerly executive director of both OIX and the Information Card Foundation). In a nutshell, Connect.Me enables people to build their own personal trust networks by vouching for the people they respect most in the contexts they care about most.

DETAILS: Open Identity Exchange backs US gov't privacy guidelines

Digital trust frameworks are one of the key tools advocated by NSTIC for creating a safe online "identity ecosystem." According to Reed, "NSTIC challenged private industry around the world to innovate new ways to increase privacy and safety online. This is one answer: a trust framework for personal data whose trust fabric is rooted in real people around the world."

The Respect Trust Framework is a set of legal and technical rules by which members of a network agree to operate in order to achieve trust online. It's designed to work across industry and political jurisdictions, and is based on a set of universal principles of respect for personal data. It thus can be adapted to the privacy and data protection regulations of many different countries and industries.

A white paper describing the Respect Trust Framework is available from Connect.Me but I can summarize here but showing the five core principles that all members of the network (users, vendors, Identity providers, relying parties, user agents, etc.) must adhere to:

Promise 

We will respect each other's digital boundaries.

Every member promises to respect the right of every other member to control the identity and personal data they share within the network and the communications they receive within the network.

Permission 

We won't steal from each other or try to fool each other online.

As part of this promise, every member agrees that all sharing of identity and personal data and sending of communications will be by permission, and to be honest and direct about the purpose(s) for which permission is sought.

Protection 

We will keep the confidences entrusted in us.

As part of this promise, every member agrees to provide reasonable protection for the privacy and security of any identity and personal data shared with that member.

Portability 

We won't hold each other hostage.

As part of this promise, every member agrees to ensure the portability of the identity and personal data shared with that member by another member.

Proof 

We will reasonably cooperate for the good of all members.

As part of this promise, every member agrees to share the reputation metadata necessary for the health of the network, including feedback about compliance with this trust framework, and to not engage in any practices intended to game or subvert the reputation system.

Get the paper, sign up at Connect.Me and -- maybe -- the personal datastore can become a reality.

Learn more about this topic

White House releases trusted Internet ID plan

Watch out for the tinfoil hat brigade

Google, PayPal and Equifax offer logins for US gov't systems

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT