Personalized Services and Policy Management
Back at the end of June, I posted some of my thoughts on personalized services after the announcement of Google Checkout. At that time, a lot of my thinking was on how a service provider can personalize services for their consumers. Since then, my thinking has went in a different direction. In cases like Google Checkout, a third party is in the position of being able to collect and potentially share lots and lots of information about our shopping practices (no worse than what credit card companies already have).
What would be very interesting is if these service providers gave the true owners of the information the ability to control who and how could access it. This actually creates a very interesting scenario, and one that I think demonstrates the importance of the policy-based infrastructure now available for Web Services. Let’s suppose there is a competitor to Google Checkout called PayIt. PayIt is storing purchase information in their data centers. Let’s also suppose that PayIt can makes this information available to the shopping partners that are leveraging their checkout service, in either an aggregated or anonymous fashion. In reality, the owner of the data being shared is the individual shopper, not PayIt and not their retail partners. Google, however, is acting as both the data steward and the service provider. How does the data owner get involved? The data owner, you and me, sets the policies. While PayIt provides the service, we provide the policies that govern the service execution- who can access them, and what information they can see. Since most of us don’t work for PayIt, there needs to be a way to externalize the policy management from the service execution, even outside the firewall. While this is an extreme example, the same needs exist inside the firewall. The group that own the source code and deploy the services may not be the same group that sets the policies regarding who can access them. While today we have tools for externalizing authorization policies, we’ll soon need better tools for other types of policy management tailored toward the end policy manager which could be you and I.
2 Responses to “Personalized Services and Policy Management”
Leave a Reply
Patty Seybold posted a very interesting analysis of Google Checkout on her Outside Innovation blog.
Todd,
Thanks for the link–You’re right on the money and thanks for taking this dialog a step further to consider the customers’ rights in controlling the policies around the use of their information.
I believe that what we customers want is privacy, control and convenience combined. The best way to do this would be to NOT relinquish any of our identity information either to a third-party like Google or to your mythical PayIt or to the merchant in question. In the best of all possible worlds, my identity and payment information remains mine and mine alone. It is not “out there anywhere” for companies to mine.
There could be three separate services: an authentication service–I am who I say I am and you are too; a payment service–my account will be debited upon receipt of the goods and yours will be credited; a fulfillment service–what Brenda Michelson would probably describe as a “compound service,” that would manage shipping, logistics, returns handling; and a support service, that would provide the customer access to general support and to entitled support (for both business issues and technical issues). And, of course, an adjudication service for prompt dispute resolution.
I realize that the Liberty Alliance and a bunch of other folks are all working on various solutions to the identity management part of this puzzle. But has anyone–Google included–actually taken the time to co-design the “correct” identity management/payment solutions with end-customers?? I sincerely doubt it!
Maybe at the next Liberty Open Space conference (http://ios.windley.com/wiki/IOSVan), we should offer a “co-design your own personalized service and policies” session to be driven by consumers–not merchants, service providers, technology providers or techies!
Patty Seybold