By Joe on May 14, 2009
10. Duty of Care
User Driven Services look out for their users’ well-being.
If a service is truly acting in our best interests, it will take appropriate measures to protect us from dangers resulting from our use of the service. User Driven Services continually work to minimize user exposure to liability, risk, and potential harm.
Minimal identity information should be acquired and what is acquired should be retained for a minimal period of time, to help reduce the possibility of inappropriate identity correlation and theft. Services should acquire and maintain a minimum amount of confidential data—identity or otherwise—and where feasible, should store that data in an encrypted form. Services should also endeavor to minimize the possibility that their system becomes as vector for attacks of any kind on users, including phishing, viruses, Trojans, and malware. User Driven Services should also expend appropriate duty of care in protecting their systems from hacking and attacks, not simply out of self-interest, but to protect their users’ interests as well.
Examples
Google and Firefox help prevent users from unwittingly visiting potentially malicious websites, working with the StopBadware program at the Berkman Center for Internet and Society. The PCI Security Standards Council oversees payment card industry (PCI) data security standards designed to protect credit card data. Classically, Doctors adhere to the Hippocratic Oath, with its essential commitment to “Do no harm“. Attorneys and accountants have strict ethical and legal obligations to see to the welfare of their clients.
Questions
- Does the service take precautions to prevent potential risks to its users?
- Does the service have adequate security and monitoring in place to effectively identify potential risks and active incursions?
- Does the service manage its data so as to minimize the exposure profile for potential users, both in minimal data acquisition and in timely deletion?
This article is part of a series. It is the tenth of ten characteristics of User Driven Services:
Impulse from the User- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
Posted in User Driven, User Driven Services | Tagged duty of care, User Driven, User Driven Services |
By Joe on May 13, 2009
9. Self-managed Identity
User Driven Services let users manage their own online identity.
Unless we control our identity online, we risk unnecessary exposure to identity theft and unwanted correlation of online activity. At the same time, online services increase the risk of attacks when using the same identifier for multiple functions.
User Driven Services allow users to be in maximum control of their identity by distinguishing between the four different types of identifiers used online:
- Authentication IDs
- Presentation IDs
- Reference IDs
- Internal IDs
Users should be able choose their own third-party identity service and have complete control over the three external identifiers used by any User Driven Service: their authentication IDs, their reference IDs, and their presentation IDs. The internal ids relating these external identifiers should never be exposed. Identity Providers should operate in non-correlation modes—so that different services providers automatically receive different authentication tokens, and all presentation IDs should be hand selected by the user for each service whenever possible.
The ideal service will enable intentional correlation only upon user directive, allowing individuals to claim blog posts, social profiles, and microblogging accounts as their own, after initially anonymous or psuedonymous use. Services are also more flexible when they allow users to use multiple distinct identifiers within a given class, e.g., having more than one email address or online chat handle. Finally, when possible, services should allow for anonymous and anonymized use.
Examples
OpenID allows users to use a third party service for Single Sign On at millions of websites, bypassing potentially millions of usernames and passwords. Information Cards allow “clicking in” to relying websites rather than logging in, using the credentials and authentication of third party Identity Providers. Azigo’s RemindMe service allows users to selectively activate membership credentials, such as AAA or AARP affiliation, on specific websites for special offers and discounts—without divulging such affiliations to the website in question.
Questions
- Does the service allow third party identity providers for managing authentication?
- Does the service fully distinguish all four identifiers used in online identy:
- Authentication ID–used for logins
- Presentation ID–used for labelling authorship and ownership
- Reference ID–used for referring to specific users, e.g., for sending messages
- Internal ID–used internally to link the other three IDs to each other and to appropriate privileges.
- Does the service allow users to modify and manage the three exposed identifiers: Authentication, Presentation, and Reference?
- Does the service allow users to have multiple identifiers in the same class, such as two email addresses or multiple chat handles?
This article is part of a series. It is the ninth of ten characteristics of User Driven Services:
- Impulse from the User
- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
One more to go…
Posted in Identity, User Driven, User Driven Services | Tagged Identity, information cards, OpenID, User Driven, User Driven Services |
By Joe on May 12, 2009
8. Improvability
User Driven Services can be improved by users.
A closed system can’t predict and satisfy all the needs of all its users, all the time. Sooner or later, someone will eventually desire a new feature or capability beyond the resources or interest of the service provider. User Driven Services take advantage of that motivation, allowing users to directly improve the service itself, both for themselves and others.
Through source code modifications, plugins or extensions, API calls or webhooks, or client-side scripts or macros, users should be able improve the real-time experience of services, without breaking the services and without violating their Terms of Service. Mechanisms should also exist for developers to contribute to improving the standard specifications upon which interoperability and portability rely.
Examples
CGI scripts enable custom code to generate web pages for webservers such as Apache. Open Source projects provide full source code so users can directly modify a service application. Excel macros let users define sophisticated data operations across spreadsheet data. Facebook’s FBML and OpenSocial allow customized widgets integrated into web pages at social networks. The iPhone lets users download and install new applications. Internet Explorer and Firefox allow users to write or install custom plugins like Google Toolbar, Acrobat Reader, Flash, and Quicktime.
Questions
- Can users add functionality to the service through custom code, plug-ins, or extensions?
- Does the service allow interactive access via APIs so that third party applications can provide enhanced, wrap-around or integrating functionality?
- Does the services support webhooks or other callbacks for integration with other online services?
- Do client-side applications allow for client-side scripting or macros?
This article is part of a series. It is the eighth of ten characteristics of User Driven Services:
Impulse from the User- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
More soon…
Posted in User Driven, User Driven Services | Tagged customization, hacking, improvability, open source, User Driven, User Driven Services |
By Joe on May 10, 2009
7. User Generativity
Users contribute to User Driven Services.
User Driven Services build on active, engaged participation in value creation. Users should be empowered to augment, annotate, and contribute to the underlying service as much as possible. By enabling users to pro-actively co-create the service experience—and to share that co-created value with other users—services tap into the most motivated, qualified source of content and innovation in their product.
Examples
User profiles, pictures, and status updates make Facebook and MySpace highly personalized digital expressions of personal identity. Flickr lets users load photos to share with others. Facebook, MySpace, and Flickr let users tag and comment on other people’s content as a distributed worldwide dialogue in shared social spaces. Twitter integrates web and SMS updates from, and to, select lists of users to dynamically generate a real-time ambient, global conversation. GetSatisfaction and other online help forums allow users to post questions and get support from others using similar products. IRC is a global distributed chat system.
Questions
- Can users create new content within the service that contributes to value received by other users?
- Can users provide feedback that improves the flow of experience for others?
- Is user input a driver of system value?
This article is part of a series. It is the seventh of ten characteristics of User Driven Services:
- Impulse from the User
- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
More soon…
Posted in User Driven, User Driven Services | Tagged User Driven, User Driven Services, user generativity |
By Joe on May 9, 2009
6. Self Hosting
User Driven Services can be hosted on users’ own machines.
If we can’t host our own services, we become beholden to those who can. This creates an artificial barrier to portability, limiting user choice and allowing service providers to charge unnecessarily high costs for their services.
User Driven Services assure users credible alternatives to traditional hosted services. This means that there exist multiple, independent options for users to host their own service running on their own machines, and there also exist hosting solutions that allow users to run their own service on hardware at a co-location facility or running the service on a generically available website hosting provider. These options may be commercial or free, proprietary or open source. Preferably there is at least one open source, free option. It is even better if there are multiple such implementations for different platforms, different programming languages, and different storage and network technologies.
Examples
The LAMP (Linux, Apache, MySQL, Perl/PHP) stack allows anyone to host and run their own advanced web service with custom capabilities. If you own your own machine and have a connected IP address, you can host your own server for email, FTP, gopher, website, Jabber, MUD services, etc. You can host your own blog, fully integrated via pings and trackbacks into the global conversations occurring throughout the blogosphere. Free and commercial software enable you to host any number of services, either on your own hardware or hosted at standard hosting providers online.
Questions
- Can users host their own implementation of the service on their own hardware?
- Can users host their own service at third party hosting companies?
- Are there free or low-cost licenses available for self hosting?
- Can users host on a variety of hardware and operating system platforms?
This article is part of a series. It is the sixth of ten characteristics of User Driven Services
:
- Impulse from the User
- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
More soon…
Posted in User Driven, User Driven Services | Tagged co-location, hosting, independence, services, User Driven, User Driven Services |
By Joe on May 7, 2009
5. Service Endpoint Portability
People can painlessly switch between User Driven Service providers.
High switching costs create a barrier to choice and freedom; we should be able to move our services seamlessly from one provider to another without unnecessary interruptions, hassle, or frustration. Transitions between service providers should occur without significant downtime or loss of capability.
While service providers compete by distinguishing themselves with unique features, standard features should be well documented and provisioned in such a way as to be easily moved. Services which allow third party access via APIs should be tested for interoperability so that client software continues to work smoothly with new service providers. When possible, services should use open standards to assure the greatest flexibility when users choose new service providers.
Examples
Mobile phone number portability allows users to take their phone number with them when changing phone companies. Websites and email can be hosted at a new provider, as long as one owns their own domain name. Service discovery allows identity providers to direct incoming service requests to appropriate service endpoints in realtime, even when those endpoints change. The United States Postal Service provides mail forward services for patrons who relocate.
Questions
- Can users transition from one service provider to another without significant loss of service or hassle?
- Can new services be provisioned and established in a timely fashion?
- Can existing users of a service endpoint automatically reach the correct endpoint without human notification and intervention?
This article is part of a series. It is the fifth of ten characteristics of User Driven Services:
- Impulse from the User
- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
More soon…
Posted in User Driven, User Driven Services | Tagged interoperability, mail forwarding, number portability, open standards, portability, service endpoint portability, service portability, undeliverable, united states postal service, user dirven services, USPS |
By Joe on May 4, 2009
4. Data Portability
User Driven Services let people take their data wherever they go.
To exercise choice, we need to be able to move our stuff when we leave, taking it from one provider to another. Users must have the ability to easily move data into and out of the system, on their own terms. Data should be accessible using standard data formats and standard interface protocols. All of the data related to users should be available for download and the ownership rights of all user-specific data must reside with the user or be transferable to the user upon export.
Examples
Plaxo allows seamless integration with Outlook for constant maintenance of contact information. Wesabe and Mint automatically extract financial information from financial services as authorized by users. Third party Twitter clients such as Twhirl and Tweetdeck access Twitter under user authority in order to download activities and upload updates and messages. OpenSocial and Facebook Connect allow third party services access to your social data.
Questions
- Can users import and export their data in usable formats?
- Can users export or import on demand, at any time?
- Can users provision (and de-provision) third parties to access their data under explicit user selected terms?
- Can users get all of the data and related meta-data out of the system in sufficient detail to work with it elsewhere?
This article is part of a series. It is the fourth of ten characteristics of User Driven Services
:
- Impulse from the User
- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
More soon…
Posted in User Driven Services | Tagged choice, data, data portability, open standards, portability, standards, User Driven Services |
By Joe on May 2, 2009
3. Transparency
User Driven Services are transparent.
If we don’t know what’s going on, we can’t make good decisions. Users need simple, obvious, and understandable access to all of the information required to direct each service as desired. We must clearly understand the policies of service providers and must be able to view any and all data retained by service providers, whether about us or about our use of the service.
All communication channels that may be used by the service or associated third parties, and the nature of those communications, should be clearly communicated to users. This is especially true when services may override user directives because of legal action or extraordinary circumstances, such as death or failure in the primary communications channels.
Examples
Creative Commons licenses explain the rights and responsibility for reusing online content in clear, simple manner. Privacy policies are explained before services request private information. Terms of Service are shown prior to beginning transactions. Shipping and handling and other fees are disclosed before consummating online purchases. Users can view their history of online transactions, both at the merchant and the payment service.
Questions
- Do users understand all of the potential policies, usage, and risks of the service??
- Does the service have an explicit risk assessment statement available for review before joining the service?
- Do users understand the services policies for data usage, retention, security, survivability, and propagation?
- Do users understand how to—and can they—view all data stored about or on behalf of the user (within legal, technical, and security limits)?
- Is there a clear and verifiable audit trail documenting compliance to user terms?
- Is disclosure clear, concrete, and evident enough that users actually read and understand?
- Are users able to view and be alerted when relevant information about them is modified? Is there a coherent revision history of such modifications?
This article is part of a series. It is the third of ten characteristics of User Driven Services:
- Impulse from the User
- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
Posted in User Driven Services | Tagged transparency, User Driven Services |
By Joe on April 30, 2009
2. Control
Users control User Driven Services.
Once we start a service, we’d appreciate it continuing to respond to our directives, both during interactions and afterwards. User Driven Services give users direct control over both the flow of user experience and the use and propagation of all data associated with the user.
Users control the means and timing of any outbound or distracting communications such as email, telephone calls, and postal mail. Users should be able to opt-in to messaging as desired without requiring any particular intrusion, except as required by law or in otherwise exceptional situations where established, approved means failed to reach the user for vital notifications. Pop-up and pop-under windows should not intrude on users’ web experiences. Junk mail should not arrive unsolicited, either electronically or through the post.
Service providers should verifiably commit to respecting user directives regarding the use and transmittal of user data. The essential terms of that commitment should be presented and understood by all users in clear, concrete, and obvious communications. Users should be able to moderate the scope of data acquired, the tenure of its lifetime with the service provider, the timing and nature of release of that data to third parties, the terms under which such data is released, and most importantly, to whom it is released. Service providers may not be able to provide all potential services if users restrict access to certain data, but that option—fewer or lower quality services based on limited data—should be available to users.
Examples
Software applications can be turned off or uninstalled. Email list services allow users to opt-in, opt-out, hide their subscription, and receive messages immediately or via digest mode. Online communities and chat services allow users to manage their presentation in online worlds: their display name, their avatar, and their presence online. Social networks allow users to accept, cancel, request, and block links with other users. Mashup and widget enabled services allow users to enable or disable functionality at will. Users are queried before divulging profile information to others on Facebook, MySpace, and LinkedIn.
Questions
- Can users direct the means, frequency, and categories of communications directed to them by the service?
- Is the user given clear and unambiguous control over how their data is collected, used, and propagated?
- Can users select the regime under which data is, and is not, shared with third parties?
- Does the service provider use standard, human/machine/legal readable means for documenting user control of their data and their experience?
This article is part of a series. It is the second of ten characteristics of User Driven Services:
- Impulse from the User
- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
Posted in User Driven, User Driven Services | Tagged control, direct mail, junk mail, spam, unwanted ads, user control, User Driven Services |
By Joe on April 28, 2009
1. Impulse from the User
User Driven Services start with the user.
People engage the world to satisfy needs and fulfill desires. That engagement marks our intent as we try to bend the universe to our will. User Driven Services begin with that essential act, responding to each user’s expressed intent to initiate and drive every experience.
Industrial era corporate systems put the factory and factory owners at the helm, driving demand and shaping customer behavior by segmenting, targeting, and bombarding potential consumers with stimuli designed to increase sales. This intrusive, wasteful behavior exploited opportunities to invade people’s attention in hopes that they might trigger a purchase or lay the groundwork for a future purchase.
In contrast, User Driven Services start with a user’s expressed intention, to buy, to learn more, or to create value in some way, then, they simplify, automate, and speed the path to satisfying that intention.
Examples
Web Browsers navigate to user selected hyperlinks and URLs, not to pre-programmed schedules of shows constructed to be passively viewed. Search engines present results based on keyword queries, not based on demographics or gender. Emails are sent when you hit send, not before. Cell phones initiate outbound calls only upon users’ direction. Products are shipped when purchased. Credit card information is not requested by vendors until the user has indicated they are ready to make a purchase and credit cards are charged only after explicit confirmation.
Questions
- Do users initiate and motivate the key interactions with the service?
- Are service interactions always initiated by expressed user intent?
- Are users free from invasive, unsolicited “push” approaches such as direct mail, SPAM, and telemarketing?
- Does the service avoid attention invasion? Or does it exploit user attention to present unrequested messages at inconvenient times about potentially undesired opportunities?
This article is part of a series. It is the first of ten characteristics of User Driven Services:
- Impulse from the User
- Control
- Transparency
- Data Portability
- Service Endpoint Portability
- Self Hosting
- User Generativity
- Improvability
- Self-managed Identity
- Duty of Care
More soon…
Posted in Intention Economy, User Driven Services | Tagged Impulse, Impulse from the User, Intention, Intention Economy, User Driven Services |
Recent Comments