Ten Years Later

Ten years ago I wrote a blog post that captured a key architectural insight at the core of VRM: putting the user at the center of integration not only improves the quality of services, it simplifies our systems.

When we put the user at the center, and make them the point of integration, the entire system becomes simpler, more robust, more scalable, and more useful.

The article captured the gestalt of VRM and helped catalyze a range of conversations that still shape the VRM approach.

Since then, we have seen a lot of progress. Sometimes we proceeded in fits and starts and there were certainly failures along the way, including my own venture, SwitchBook. When I started pulling together my notes for this anniversary post, I was mildly surprised and delighted at how much real work got done and the real-world impact we’ve had. Here are a few VRMy developments in the last decade worth noting.

Please chime in with a comment if you know of a good one to add to the list.

Coming in December of that same year, OAuth kicked off a series of standard protocols for identity, attribute sharing, and permissions, including OAuth 2.0, OpenID Connect, and User Managed Access (now at 2.0). These efforts brought together the leading technology companies to collaboratively develop new standards that give individuals greater flexibility and control over data exchange between online services.

Companies like Personal.com. (now TeamData), Digi.me, and Cozy Cloud shipped user-driven personal data stores. Software project HIE of One offers a personal data store that lets individuals manage our own healthcare data.

In Europe, GDPR has ushered in a new wave of regulatory requirements and penalties driving companies and organizations to give individuals easier access to, greater control of, and more security in our personal data. JLINC Labs offers a provenance service layer that allows companies to quickly attain GDPR compliance for the right to erasure and data provenance by giving individuals direct control over which data is used for what purposes.

Kantara Initiatives’ Consent & Information Sharing Work Group (CISWG) has published its Consent Receipt Specification to help both individuals and organization keep track of data provenance and terms of use.

Working with the CISWG, Customer Commons has picked up the challenge of developing customer-driven terms of use called “first party terms”. Asserted by individuals when interacting with websites, they are designed to provide a balance to the ubiquitous company-asserted terms of use we all are forced to accept when we interact online.

Perhaps the biggest recent splash has been made by self-sovereign technology, which provides distributed identity services completely independent of any centralized authority. Using distributed ledger technology, firms like Evernym, Blockstream, Digital Bazaar, Microsoft, and IBM are enabling a wide range of robust identity services that put individual users in the driver’s seat.

Collaborative initiatives like Sovrin, Hyperledger, the Decentralized Identity Foundation (DIF), Rebooting Web of Trust, W3C Verifiable Claims Working Group, and ID2020 bring technologists together to develop open source and open standards solutions that realize secure, privacy enhancing, self-sovereign architectures.

ID2020 brought the self-sovereign technology conversation to the UN, convening technologists, UN staff, representatives from sovereign states, and NGOs to explore how block-chain based approaches might enable cost-effective, scalable solutions for U.N. Sustainable Development Goal 16.9 https://sustainabledevelopment.un.org/sdg16: to give everyone on the planet a legal identity by 2030, including birth registration.

International non-profit technology solutions organization iRespond has agreements in place and is seeking funding for a self-sovereign identity layer to bootstrap identification credentials for tribal people in the border region of Myanmar and Thailand. These self-sovereign credentials will the recognized and used by local governments to provide work permits, health care, and other services.

There is still a long way to go, and there probably always will be room to improve whatever systems we build. The conversations continue at the Internet Identity Workshop (IIW), the People Centered Internet, and of course, on the Project VRM mailing list as well as the collaborative initiatives mentioned above.

Do you know a VRMy project that’s made a difference? Share with us in the comments.

This entry was posted in Identity, ProjectVRM, Vendor Relationship Management and tagged , , , , , , . Bookmark the permalink.