Is it too much to ask, I keep asking, to ask our online services to provide us:
- Access to a record of all the information they keep on us and how they use it
- The ability to challenge that data's accuracy, and edit it for accuracy
- The ability to opt out (with a clear understanding of the resulting loss of services and opportunities that might result)
- The ability to set permissions as to who else might see the data
- The right to maintain a user copy of that data for archival purposes
- The right to share in the value of that data on negotiated terms
It's not stated but the implication seems to be that there would be such a dashboard for each provider in isolation, e.g. one for Google, another for AOL, etc. Dashboard silos. Beyond the implied management burden for the user are the issues such a model would create for providing a holistic view of their identity operations.
To combat this scenario, the Liberty Alliance is working on a Reporting Service, whereby the 'events' that a user/employee/citizen would wish to track/manage/approve would be communicated to their chosen 'dashboard provider' - thereby making possible a 'single' (the user could always have multiple providers) point of control as well as a comprehensive view of the W5 (who, what, where, when, why) of their identity transactions.
For instance, if Joe's calendar service shared his availability with their best friend Bob (based on Joe's previously set permissions), the calendar service could report this event (not the calendar data itself) to Joe's reporting service (and subsequently made available to Joe through a dashboard interface). If Joe, through the same dashboard, was able to determine that his wife Marie, simultaneous with Bob's query, was asking about Joe's whereabouts through Joe's geo-location service, he might have cause to be concerned (and perhaps avail himself of a 'Private Investigator Service').