Wednesday, April 19, 2006

You show me yours ....

I can think of a number of situations where I might be willng to release some slice of my identity only if the individual making the request (or on whose behalf the request was being made) was willing to share that same information (or perhaps even some other aspect of their identity) with me.

For example
  • geolocation - if you want to know where I am, before I decide to approve the request I want to know where you currently are. Maybe I won't share mine if you are within a certain minimum distance.
  • home address - similar to above but perhaps I'll only release my address if you live in the same city
  • marital status - 'nuff said
This quid pro quo is a normal part of offline interactions, the sometimes not-so-subtle negotiation that we engage in before giving up some otherwise private piece of info. Sometimes merely the act of sharing is sufficient, other times the actual value of the data matters (e.g. 'what is your salary?')

To duplicate this in the digital world would require a number of pieces (not necessarily all):
  1. the ability to express this preference as an access control policy.
  2. the ability for this preference to be advertised to potential requestors, or the ability for non-compliant requests to be failed with appropriate fault information.
  3. the ability for a request for some piece of identity to include any of
    1. the same piece of identity for the requestor.
    2. the location of the same piece of data for the requestor.
    3. how to discover the same piece of data for the requestor.

No comments: