|
|
|
|
|
| Some subset of service providers will choose, for whatever reason, to host user accounts. Account providers must provide, on top of their existing services, the following features to users: unified data review and correction, usage tracking, and fine grained access control. |
|
|
|
|
Unified Data Review and Correction
|
|
|
|
| A key contributor to improving user confidence in data collection is to provide a complete view of all data collected on that user, by all services, in one location. Additionally, upon detecting a mistake in the data, users should be able to take corrective action from that same location. |
|
| Technically, the review portion of this process is very straightforward: assuming distributed accounts, the account provider knows and has access to all data stored on behalf of the user. Thus, the account provider can easily draw together all data associated with a particular account. However, this data is not generally stored in a form that is ready for presentation. For this reason, data standards published by realms all use XML data markup, and include a default XSL stylesheet to translate the account profile into a readable form. In this way, the account provider can access and display all data known about the user in a readable form, even if the account provider doesn’t know what the data means. |
|
| Providing a unified means of correction, however, is more difficult. While technically it would be possible to allow direct modification of the collected data, this would not necessarily result in accurate corrections. First, the user is not necessarily trusted to make accurate changes to all collected data. Take credit reports or driving records, for example: only a credit agency or the department of motor vehicles is authorized to make these changes. Likewise, allowing direct manipulation of the underlying data may result in data that is technically correct (adheres to the standard for that data) but practically invalid (containing values that services cannot understand or operate upon). Rather than the account provider attempting to provide a location where changes can be made, the account provider merely links to those service providers that actually created the data, and the realm under which the account profile falls. |
|
|
|
| Along with exposing all data collected about a user, access to that data is logged in such a fashion that users can see how it’s used. This usage tracking ability is accomplished by recording, upon the committing of any changes to the data, the service provider that performed the change. Additionally, the account profile standard could define additional information that must be logged along with the change such as an explanation of what changed, why it was changed, and who authorized the change. |
|
|
|
|
Fine Grained Access Control
|
|
|
|
| The user is the final authority on all access control decisions, and the account provider is the user’s representative in Talisman. Thus, the final account maintenance feature that account providers must provide to their users is an interface to view who can access what and to what extent. The precise manner by which this is presented to the user is up to the user interface specialists employed by the account provider. This interface may consist of a simple access control list (ACL) defining the privileges of each service one at a time, or some more complex group management system. Regardless, the access control information created and updated through this interface is consulted whenever service providers attempt to access the account. |
|
|
|
|