Tuesday, September 25, 2007

The (bright) future of VRM

Joe Andrieu reports having a "mega-watt flash bulb" experience at a VRM summit about user-centric architecture, and then lays out a detailed vision of what this means. It's a long post, but well worth the effort of (re-)reading.

I had been about to amplify my previous post on data stores by talking about how it might work in practice. I still will, but with the caveat that Joe has already spelled pretty much all of it out in greater depth.

Suppose I have my personal datastore securely set up at a "databank", that is, at a hosting service for personal datastores that meets my and/or the state's requirements for security, integrity and liability in case of mishap.

This datastore will be partitioned, possibly across several axes. E.g., there might be travel data, entertainment preferences, email, calendars, photos, video, bookmarks, browsing history, what-have you. Everything in it can be tagged uniformly, so if I ask for "Japan", I can find email about Japan, photos of Japan, calendar entries from my trip there, web sites I've tagged "Japan", and so forth.

There is no single format for the data, but formats for a given type of data will tend to standardize via the usual market forces.

Different people will see different slices of the data. For example, I see the full details of my calendar, but a business associate might just see "on vacation" or "unavailable" or even "unknown" for part or all of it.

The datastore may also re-format or otherwise re-present data depending on the accessing party. For example, I'll probably store my audio as flac, but I'd like my phone/mp3 player to see it as mp3.

Some parties will have write access to parts of it (or more likely, append access). For example, entertainment vendors will be able to make entries in the "entertainment preferences/history" area, while travel agents will be able to (among other things) write to my calendar when I book a trip. As Joe says, access control will be very fine-grained, at least by present standards.

This will tend to turn present patterns inside out. Right now, if I go to an entertainment or travel site, I authenticate (generally pretty weakly) to convince them I'm me. Then I can see their chunk of my personal data and do various things to modify it.

Under the personal datastore model, I might contact them, or they might contact me with a suggestion. In either case, they will authenticate with my personal datastore (strongly, I hope) and convince it that they're them. They would then see the appropriate chunk of my personal data and work with it appropriately.

If I change vendors, my personal data stays. If some other party needs access to the same data, they see the same data, where presently they would have to build or obtain their own copy.

This is the power of the "user as integration point" paradigm. There are benefits to be had by all:
  • I get better control over who sees what part of my data.
  • Others get a single, consistent view without having to constantly re-discover what someone else knows.
Naturally, there will be a counter-current of vendors wanting to keep their information about me away from their competitors, and there will always be some data they keep privately, but there are any number of plausible cases where cooperation ought to win, given the enabling technology.

1 comment:

David Hull said...

Note to self: a nice idea anyway