|
|
|
|
|
| Realm providers are responsible for high-level administration of user data associated with a particular realm. This administration breaks down into the two major tasks of managing certification and responding to privacy violations. |
|
|
|
|
Active Certification Management
|
|
|
|
| There has been a great debate between choosing opt-in or opt-out for the default setting of all data collection and personalization technology. |
|
| With opt-in, data collection and personalization technologies sit idle until users explicitly authorize their use. While this by default perfectly preserves the privacy of users (as by default no data is collected), it is unlikely that enough users would take the time to manually enable data collection to make personalized features lucrative. Forcing opt-in as the default may produce virtually the same effect as banning data collection altogether – something to which services will surely and strenuously object. |
|
| With opt-out, services actively gather and use information about users, unless users specifically indicate otherwise. Although in theory concerned users can take action to preserve their privacy, this assumes that the opt-out steps are well documented, that they actually work, and that the user is even aware that the data is being collected to begin with. Given that privacy concerns are such a hot-button topic with opt-out currently the norm, it would seem that opt-out alone is inadequate. In short, it appears that forcing opt-in or allowing opt-out are both unacceptable when applied as a blanket rule across all services. The goal, therefore, is to find an acceptable middle ground that combines the two. Such a middle ground is codified into Talisman as realm provider active certification. With Talisman, realm providers make the opt-in vs. opt-out choice separately for each account profile, and for each certification level. |
|
| Certification levels are measures of trust assigned by the realm provider to a particular service. For example, the Brokerage realm might create gold, silver, and bronze certification levels. Bronze certification, granted to small financial services or web portals, might allow by default (opt-out) read-only access to the names of stocks owned by the user, but require explicit authorization (opt-in) for the actual number of shares owned and trading history. Silver certification, granted to large, non-financial institutions (such as Yahoo or the New York Times) might by default allow read-only access to the names and values of stock ownership, but require opt-in for any writing. Gold certification, reserved for established investment firms, might allow default read/write access to all data in the investment portfolio. Finally, services that have no certification would be granted no default access to the data, and must obtain explicit approval (opt-in) before read or write access is allowed. |
|
|
|
| The ability to equate a particular level of trust with a given certification level depends upon the difficulty of a service acting in an untrustworthy manner while advertising certification. If users believe it is easy for services to claim certification while simultaneously violating user privacy, the value of that certification will be very limited. If, however, users are confident that services touting a particular certification level actually do adhere to the rules guaranteed by that certification, the certification is much more valuable. To this end, certification in Talisman is said to be active, in that realms retain the ability to revoke and immediately constrain the operating ability of the previously certified service. Talisman certification is not just a passive “seal of approval” advertised on a web page – Talisman certification is an active component of the privacy-protecting data sharing system. |
|
| Specifically, when service providers obtain a particular certification level, they are provided a digital certificate cryptographically signed by the realm provider. This certification seal plays a critical role in the process services use to acquire user data. Revocation of this certification seal by the realm provider – a right the realm provider maintains at all times – immediately affects the service’s ability to access user data in any form. This active certification would be similar to having an automobile’s ignition system work only if the driver’s license is valid – by building the validity of the certification into the operation of the system, maintaining valid certification is in the bearer’s best interest. |
|
| The result is a system where users can trust that the certification they see advertised by a service is accurate and in full effect, because the tools to reprimand that service quickly and affirmatively are readily available. Thus, when a user detects questionable behavior on behalf of a service and raises it to the realm provider’s attention, the user can be confident that the realm provider has the authority to take corrective action. |
|
|
|
|