RE: [xdi] Agenda for XDI TC Call Monday 3/22 5PM Pacific

[jlschellens@netmino.org]

Hello Drummond,

I'm not yet sure I'll be able to attend this meeting. For me it'll 2 am and I've to convince my wife for such an early wake-up!

Before I will join the use cases works, I would like to summarize the 3 steps of the negotiation process we defined in Netmino for the exchange of personal data.

1. In the first step, the two persons (individual or organisation) candidates for a relationship will exchange their public keys.
-	In a “face to face”, they will use Keymino, the software we are developing for PDAs and GSMs. Keymino allows the exchange (through IrDA, Bluetooth or MMS - SMS is to small to carry a Public Key) of basic data about a person: his first name and name, picture, e-mail address and public key. The data will be different following the type of relationship, e.g. for anonymous relationship, the first name and name are not disclosed and the e-mail address will be like BE1234567.56@netmino.com; for a business relationship, the address will be the firstname.name@company.com with maybe another public key…
-	In the other cases, e.g. through the Web, the exchange of the basic data will be done by e-mails through a Netmino server and require an authentication process (where indeed SAML can be used).

2. In the second step, the two persons will exchange by encrypted (with the previously exchanged public keys) e-mails their “Privacy & Identity Contract” (a link contract) using XPIML (eXtensible Privacy & Identity Markup Language, previously XPrML) to confirm the type of relationship they want to have (anomino, pseudomino, family, friend, business, employee, prospect, customer, administrated…) and the authorised uses of the to be exchanged personal data in relation to their privacy preferences (e.g. automatic update, copy & back-up but no print or forward to third parties – I hate the vCard forward feature e.g. in Outlook, it’s totally against my privacy principle!).
The PICs will be signed using the private keys of the two persons.
This step is fundamental for a trusted relationship between the persons and can be seen as the acceptation you’re asked to give when you install software.

3. In the third step and only if the two persons have exchanged by encrypted e-mails their signed PICs, the personal data will be exchanged again by encrypted e-mails, the data being (pre-) formatted in “virtual cards” again following the type of relationship between the two persons (from anomino to full disclosure e.g. for your next employer).

I would like to know if you share this very definite approach and would appreciate all your reactions and comments.

Regards,

Jean-Luc