Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version 7

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Anchor
ecommerce_scenario
ecommerce_scenario
Scenario:

...

Packaging Account/Profile

...

Resources for E-Commerce Vendors (Pending)

Submitted by: Eve Maler

This scenario focuses on the typical set of information that we hand over to online vendors repeatedly, and the desire to avoid sharing the data "by value", instead focusing on how to share it "by reference" (pointers).

Problem scenario

Let's look at how an online buying scenario might look today.

...

  • Can we imagine better ways for Maya to set up a data-sharing relationship with Staplers.com? (IdM, VRM)
    • She's planning to move in a couple of months, and that means the address information Staplers has saved will go stale.
    • Same for her credit card: it will expire next year. When these items change, she has to go fix them at dozens of sites.
    • She's not crazy about having to supply things like credit card information to every vendor on the web.
    • She thought the site terms and privacy policy were just "okay", but accepted them because she effectively has no choice – and OfficeArmory.com is probably the same anyway.
  • Is it possible for Maya to have a "one-night stand" with Staplers.com rather than a long-running relationship? (IdM, VRM)
    • ...if she doesn't really want Staplers to track her purchases, browsing habits, or anything else over time.
    • ...if she wants to share only the minimum personal information Staplers really needs to do its job this once, and then only temporarily.
  • Can we imagine betters ways for Maya to engage in the shopping-around process, possibly involving her sharing more data about herself? (VRM – particularly UD-VPIvolunteered personal information!)
    • What if she could "issue a personal RFP" indicating the price and features she's interested in, and entertain vendor site "bids", such that not only Staplers.com and OfficeArmory.com could bid, but also Ann, who has a used shredder she'd like to sell?
    • What if she could let Staplers know her customer-support phone line preferences, such as wait time and ad-playing tolerance?
  • What would it look like for Maya to get a unified understanding of all of her data-sharing relationships? (VRM)
    • She sure would like to get a handle on her own "personal data analytics" – "who knows what" about her.
    • If Staplers behaves badly (gives out her data against her rules or allows a data breach to occur), she wants to have better options for recourse.
    • ...and she wants to be able to cut off their future access to information about her.

...

  • User can package and reuse pointers to resources commonly needed for e-commerce into a rolled-up resource that is available for access by multiple requesters (assume for this scenario that all the individual resources and the rolled-up resource are available from the same host in the "personal datastore" model).
  • The data involved is "self-asserted" to a first approximation. (The credit card data we often share today is "asserted" solely by us, but then the vendor validates it out of band.)
  • Requester can handle receiving and dereferencing both a pointer to a package resource and pointers to individual resources.
  • AM can manage the offering and meeting of terms for resource-sharing for the whole package and can take advantage of efficiencies where the terms for individual resources are identical (possibly similar to the Distributed Services scenario).
  • Requester will often represent a requesting party who is the same human being as the authorizing user, and can take advantage of efficiencies in any real-time requester/AM/user connection for obtaining user consent in that moment.
  • Requester, host, and AM are likely to be willing to deal with each other solely on the basis of the user's say-so (unlike in the personal loan scenario).

...

Preconditions: Maya has already stored, and packaged together, pointers to the set of relevant data resources frequently needed for online purchases:

...

  • How can we ensure that the sensitive data is secured in motion (while being conveyed to Staplers)? (generic across all scenarios)
  • What is the right UX paradigm for letting Maya override information? Ideally, any info that's changed should be updated in the RM, not on the Staplers site. But if she wants to override a value just once, with values to be updated in future pulls of the feed, the right place to change it is on the Staplers site itself. Does this latter situation sound likely?
  • What about interfaces where the credit card information is provided at a separate point in the process? How should that be accounted for? Perhaps, except for subscription-type payments (ongoing over time), this information is not part of the registration bundle and is provided (by reference or by value) only at purchase time.

...

This is the same as the first use case outlined above, except that Maya provides her feed resource package not as part of a request to register a new account, but as part of a one-time purchase. (Some websites today allow for purchases without registering, and are prepared not to give you a browser cookie or retain your information beyond necessary for the purchase and its aftermath.)

The policies Maya chooses in this case are likelier to be more stringent about not retaining personally identifiable information (PII) for any significant length of time, and may ask the vendor to generate "positive" assurance messages about policy adherence (not just silent adherence).

Issues

...

(The protected-inbox scenario might play an especially important role if Maya is engaging in a one-night stand purchase, since it enables the vendor to report product recalls and such to Maya without her having to expose other more compromisable communications endpoints such as persistent email addresses or phone numbers.)