Blogging from GnomeDex, Dave Winer says Netflix is looking to offer VRM-style data portability:

I had some interesting hallway talks, but none more interesting than the one with Kevin McEntee of Netflix about providing a way for users to take their movie ratings from Netflix to other services. This could turn Netflix into the hub for movie ratings (the first place that exports becomes the default UI), and could enable all kinds of interesting combos, such as checking a box on Match.com to be introduced to dates who like the same kinds of movies.

Turning Netflix into a hub for movie ratings doesn’t sound like much of an improvement to me, but creating a way for any authorized service to access all of my movie ratings is music to my ears.

Although Personal Datastores are “owned” by the individual, there is no reason they can’t be implemented in a completely distributed way. I imagine we’ll have a VRM world where every individual has numerous Personal Datastore services providing identity-based access to their personal data, across Vendors.

XRI and XDI enable this sort of service discovery, although I’m only just beginning to get a glimpse of how it works. I believe the Netflix use case can be address through service discovery provided by the user’s Identity Provider (which need not be Netflix). So, for Netflix, the win would be to become my “movie ratings datastore” service. Seems reasonable to me, as long as I can actually control how that data is propagated and used by Netflix and others.

In the near term, I expect Netflix to implement their own semi-open data silo, retaining both data ownership and control over identity. Not because they don’t get it, but because it will be the easiest and fastest way to offer an API for users to use Netflix as their movie ratings platform. But will Amazon and Blockbuster want to play in Netflix’ datastore? Hard to say.

However, once the XDI/XRI protocols are in widespread use, the “third party” architecture makes it a straightforward proposition for any movie provider (or any service for that matter) to access the user’s datastore. Standard protocols and access rights will isolate the vagaries of independent providers, making it possible for vendors to trust the data outside their own silos.

Consider this scenario, which starts with the assumption that the user has a suitable Identity Provider (IDP) to resolve service discovery requests and authentication for their i-name:

First, creating the datastore.

1. User signs up at a movie-ratings datastore, registering his or her i-name. For this scenario, let’s use Netflix as the datastore service.
2. User confirms/registers Netflix as their movie-ratings datastore service with their IDP
3. (Optional) User uploads or inputs initial ratings into the datastore. As a datastore service, Netflix would start with the ratings already stored in their system.

Second, accessing that datastore.

1. User registers i-name with movie provider service, such as Amazon or Blockbuster (let’s pick Blockbuster for this example). Eventually, this will be an integral part of registration for most web services, replacing usernames and email addresses.
2. Using the IDP responsible for that i-name, the user authorizes Blockbuster to access to his or her movie ratings datastore, specifying whatever access rights are appropriate. Again, this will eventually be a standard part of registration, where users authorize access privileges to their Personal Datastores.
3. Blockbuster queries the IDP for the movie ratings datastore, confirms access rights terms, and is directed to Netflix. (Note that the ordering of 2 and 3 is implementation dependent; the authorization could be triggered by Blockbuster’s query.)
4. Blockbuster queries Netflix for movie ratings using the VRM standard protocol for movie ratings data sharing.
5. Netflix authenticates Blockbuster via IDP, verifying that the user authorized access to the datastore.
6. Netflix opens communication channel to Blockbuster for appropriate read/write access to the move ratings database, based on IDP authentication.

The point with this architecture is that individuals can use any datastore provider, any identity provider, and any service provider. Today, all three of these functions are bundled into monolithic proprietary services. You log into Netflix with your Netflix ID, they keep track of your ratings, and only they can provide recommendations or services based on those ratings.

Most limiting for Netflix, they can only “see” the ratings you enter on their system, with no way to know what you have at home or have entered at Amazon or Blockbuster. With reciprocity-based access rights, we should be able to get all of our service providers to both store and access our data from a shared Personal Datastore, seamlessly automating the integration of data across multiple vendors.
And for the first time, services can be built that integrate data outside the “specialty” of the offering service, such as Dave suggested with Match.com using movie ratings for romantic matching. For users, that’s more useful, easier, and delightfully empowering…

Clearly, Netflix sees the benefit of opening up the silo. Here’s to hoping they will join the VRM movement and go all the way to full VRM Personal Datastore interoperability with other vendors.

The NYT reports interesting things afoot with major players Google and Microsoft pushing their own visions of the future of health care:

If the efforts of the two big companies gain momentum over time, that promises to accelerate a shift in power to consumers in health care, just as Internet technology has done in other industries.

Today, about 20 percent of the nation’s patient population have computerized records — rather than paper ones — and the Bush administration has pushed the health care industry to speed up the switch to electronic formats. But these records still tend to be controlled by doctors, hospitals or insurers. A patient moves to another state, for example, but the record usually stays.

The Google and Microsoft initiatives would give much more control to individuals, a trend many health experts see as inevitable. “Patients will ultimately be the stewards of their own information,” said John D. Halamka, a doctor and the chief information officer of the Harvard Medical School.

Indeed. Users are often (always?) the best stewards of their own data, no matter the use case or application. There is so much inherent value in managing user data from the user’s perspective that this architectural shift is not only useful, it is inevitable.

Vendor Relationship Management is creating tools for individuals to manage their relationships with Vendors. In health care, that means giving people control over their Personal Health Records and how (and which) Vendors gets access. Think Personal Datastores as applied to health records.

The article continues:

It is common these days, Dr. Halamka said, for a patient to come in carrying a pile of Web page printouts. “The doctor is becoming a knowledge navigator,” he said. “In the future, health care will be a much more collaborative process between patients and doctors.”

Microsoft and Google are hoping this will lead people to seek more control over their own health records, using tools the companies will provide. Neither company will discuss their plans in detail. But Microsoft’s consumer-oriented effort is scheduled to be announced this fall, while Google’s has been delayed and will probably not be introduced until next year, according to people who have been briefed on the companies’ plans.

A prototype of Google Health, which the company has shown to health professionals and advisers, makes the consumer focus clear. The welcome page reads, “At Google, we feel patients should be in charge of their health information, and they should be able to grant their health care providers, family members, or whomever they choose, access to this information. Google Health was developed to meet this need.”

Just as markets are conversations, so is health care. It’ll be interesting to see what the major players do with this opportunity. It not only one of the most complex and challenging VRM scenarios–with lots of regulation and technical challenges–it is also one of the most promising.