We took a stab at rewriting the ten Portability Policy questions as user demands, behavior we want.
The list so far.
- Document your APIs and data formats.
- Support existing identities.
- Support referencing to authoritative data in a location of my choosing. (include by reference)
- Support auto-updating from authoritative data in a location of my choosing. (pull)
- Support auto-updating to authoritative data in a location of my choosing. (push and notify)
- Support foreign updates on my behalf. (accept writes)
- Support ability to retrieve all data provided by user.
- Support ability to retrieve all data created from that data.
Some of the conversation…
The list of demands seems incomplete. For example, we haven’t discussed transitive data portability duties (a service’s partners’ partners’ partners’ duties). We haven’t asked for disclosures when portability services fail.
Degrees of portability, from "none" to "lots".
We want the demands to be technology/solution neutral.
Scope – what data is covered – is complex and probably needs its own section or clause. Doc Searls’s "kinds of data" is a model for this. Data I create by typing or other explicit action. Data I co-create with a site/service/app by my behavior (like click streams). Data I co-create with other users like conversations. Data derived by a service from the other data.
We should consider situations where data is never "stored," always in flight.
Time permitting, we’ll have another session tomorrow.