Blogging from GnomeDex, Dave Winer says Netflix is looking to offer VRM-style data portability:
I had some interesting hallway talks, but none more interesting than the one with Kevin McEntee of Netflix about providing a way for users to take their movie ratings from Netflix to other services. This could turn Netflix into the hub for movie ratings (the first place that exports becomes the default UI), and could enable all kinds of interesting combos, such as checking a box on Match.com to be introduced to dates who like the same kinds of movies.
Turning Netflix into a hub for movie ratings doesn’t sound like much of an improvement to me, but creating a way for any authorized service to access all of my movie ratings is music to my ears.
Although Personal Data Stores are “owned” by the individual, there is no reason they can’t be implemented in a completely distributed way. I imagine we’ll have a VRM world where every individual has numerous Personal Data Store services providing identity-based access to their personal data, across Vendors.
XRI and XDI enable this sort of service discovery, although I’m only just beginning to get a glimpse of how it works. I believe the Netflix use case can be address through service discovery provided by the user’s Identity Provider (which need not be Netflix). So, for Netflix, the win would be to become my “movie ratings data store” service. Seems reasonable to me, as long as I can actually control how that data is propagated and used by Netflix and others.
In the near term, I expect Netflix to implement their own semi-open data silo, retaining both data ownership and control over identity. Not because they don’t get it, but because it will be the easiest and fastest way to offer an API for users to use Netflix as their movie ratings platform. But will Amazon and Blockbuster want to play in Netflix’ data store? Hard to say.
However, once the XDI/XRI protocols are in widespread use, the “third party” architecture makes it a straightforward proposition for any movie provider (or any service for that matter) to access the user’s data store. Standard protocols and access rights will isolate the vagaries of independent providers, making it possible for vendors to trust the data outside their own silos.
Consider this scenario, which starts with the assumption that the user has a suitable Identity Provider (IDP) to resolve service discovery requests and authentication for their i-name:
First, creating the data store.
- User signs up at a movie-ratings data store, registering his or her i-name. For this scenario, let’s use Netflix as the data store service.
- User confirms/registers Netflix as their movie-ratings data store service with their IDP
- (Optional) User uploads or inputs initial ratings into the data store. As a data store service, Netflix would start with the ratings already stored in their system.
Second, accessing that data store.
- User registers i-name with movie provider service, such as Amazon or Blockbuster (let’s pick Blockbuster for this example). Eventually, this will be an integral part of registration for most web services, replacing usernames and email addresses.
- Using the IDP responsible for that i-name, the user authorizes Blockbuster to access to his or her movie ratings data store, specifying whatever access rights are appropriate. Again, this will eventually be a standard part of registration, where users authorize access privileges to their Personal Data Stores.
- Blockbuster queries the IDP for the movie ratings data store, confirms access rights terms, and is directed to Netflix. (Note that the ordering of 2 and 3 is implementation dependent; the authorization could be triggered by Blockbuster’s query.)
- Blockbuster queries Netflix for movie ratings using the VRM standard protocol for movie ratings data sharing.
- Netflix authenticates Blockbuster via IDP, verifying that the user authorized access to the data store.
- Netflix opens communication channel to Blockbuster for appropriate read/write access to the move ratings database, based on IDP authentication.
The point with this architecture is that individuals can use any data store provider, any identity provider, and any service provider. Today, all three of these functions are bundled into monolithic proprietary services. You log into Netflix with your Netflix ID, they keep track of your ratings, and only they can provide recommendations or services based on those ratings.
Most limiting for Netflix, they can only “see” the ratings you enter on their system, with no way to know what you have at home or have entered at Amazon or Blockbuster. With reciprocity-based access rights, we should be able to get all of our service providers to both store and access our data from a shared Personal Data store, seamlessly automating the integration of data across multiple vendors.
And for the first time, services can be built that integrate data outside the “specialty” of the offering service, such as Dave suggested with Match.com using movie ratings for romantic matching. For users, that’s more useful, easier, and delightfully empowering…
Clearly, Netflix sees the benefit of opening up the silo. Here’s to hoping they will join the VRM movement and go all the way to full VRM Personal Data store interoperability with other vendors.