As a blogger, I have found the services provided by feedburner very useful: in particular I like the service providing analytics about the usage of my blog, number and provenance (…) of visitors, accessed posts, etc. This helps to better understand from which geographic areas there is an interest in my posts, which topics are perceived being more relevant, etc. (ok, somebody might think about this as a privacy threat. We could have an interesting debate …).
I was thinking about the implications and impact of having a similar service in the context of “Identity Management”, where, by analogy, instead of monitoring blogs and posts, end-users would be enabled to monitor (potentially in a fine-grained way) their identity information and profiles scattered around an organisation …
I think this would give “more control” to users on their personal data, by helping them to better understand the status of their data, who has been accessing/using it, indications of any violations (against agreed purposes/consent), etc. – via a visual and easy to understand GUI. This feature could be provided in addition to the usual self-registration and account management capabilities, by Service Providers and/or by Identity Providers (in case of federated IdM) …
Anyway, I believe a key issue would be around “trust”. Should a user trust the information provided by such a service? Which assurance should be given to the user about the integrity and accuracy of these metrics and displayed information? Who should run this service?
Another key issues is the impact (cost) for the enterprise/service provider (if done seriously) because of the need to track, monitor, collect and process “events” associated to large set of data, within their IT stack. So, after all, would there be anyone willing to deploy and run such a kind of service – in the context of Identity Management?
I think this would give “more control” to users on their personal data, by helping them to better understand the status of their data, who has been accessing/using it, indications of any violations (against agreed purposes/consent), etc. – via a visual and easy to understand GUI. This feature could be provided in addition to the usual self-registration and account management capabilities, by Service Providers and/or by Identity Providers (in case of federated IdM) …
Anyway, I believe a key issue would be around “trust”. Should a user trust the information provided by such a service? Which assurance should be given to the user about the integrity and accuracy of these metrics and displayed information? Who should run this service?
Another key issues is the impact (cost) for the enterprise/service provider (if done seriously) because of the need to track, monitor, collect and process “events” associated to large set of data, within their IT stack. So, after all, would there be anyone willing to deploy and run such a kind of service – in the context of Identity Management?
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment