Slashdot Mirror
A Universal Roaming Profile?
Arnaud Sahuguet asks: "I have a cell-phone with my phone book, a PDA with my calendar info and my address book. I have my home desktop bookmarks, my work desktop bookmarks, my laptop bookmarks, my PDA bookmarks, etc.
They are all mine, but somehow they are not, because they live in
different networks (or on the same network but with different operators).Everybody keeps talking about convergence, but I don't see any
convergence on the user profile front (data that matters to me). Microsoft is pushing for .NET MyServices, Sun et al. are pushing for Liberty Alliance, Apple is pushing for .Mac. Is it the right way to go?" One of the large major issues surrounding such a system would be implementing it in a way where the user can control the flow of data: where it is stored, when a certain piece of data can be sent, and who is allowed to get it. Sounds like a fine idea to me, what do you all think?
Napster is (I should say was) a community of users willing to share MP3 music files, administered by a central server managing meta-data about users and files. I don't know what the exact goal was, but I can see it as a way to free ourselves from the music industry monopoly.
GUPster would be a community of network entities (e.g. servers at Yahoo!, server at SprintPCS, servers at my university, my home machine, etc.) willing to share standardized user profile components, administered conceptually by a central server managing meta-data about entities and components. The goal is to create synergies between network components in order to deploy value added services for the user. (Since I am working for the telecom industry, the goal is to make network operators happy by making end users happier.)
Just like in Napster, my user profile information will be distributed but the meta-data will be centralized (at least from a logical point of view) at the GUPster server. This way, I can decide that my credit card information will be stored at my bank, my calendar information on my Yahoo! account, my game scores on the Sony web site, etc. Network components storing my profile information will have to support the right set of interfaces and protocol and will register to the server the pieces of my profile they are storing.
Note: I will be the one deciding who stores what. Think of it as like moving to a new place. You can choose your electricity, gas, phone, cable and Internet providers.
Applications willing to access any of this information will talk to the GUPster server. And just like Napster, the server will not return data, but referrals (i.e. where this information can be found).
Unlike Napster, the central server will also enforce some access control policies defined by the user (let's call them my 'privacy shield'). If the request for user profile information is not OK (e.g. nobody can access my presence information after 9pm), the returned referral is empty.
Does it sound crazy?"
"As a user:
- would you be willing to have your personal profile information stored on the network?
- who would you trust? Your bank, your ISP, your cell phone provider, your company, the EFF, no one but you?
- what kind of guarantees would you require?
Napster is (I should say was) a community of users willing to share MP3 music files, administered by a central server managing meta-data about users and files. I don't know what the exact goal was, but I can see it as a way to free ourselves from the music industry monopoly.
GUPster would be a community of network entities (e.g. servers at Yahoo!, server at SprintPCS, servers at my university, my home machine, etc.) willing to share standardized user profile components, administered conceptually by a central server managing meta-data about entities and components. The goal is to create synergies between network components in order to deploy value added services for the user. (Since I am working for the telecom industry, the goal is to make network operators happy by making end users happier.)
Just like in Napster, my user profile information will be distributed but the meta-data will be centralized (at least from a logical point of view) at the GUPster server. This way, I can decide that my credit card information will be stored at my bank, my calendar information on my Yahoo! account, my game scores on the Sony web site, etc. Network components storing my profile information will have to support the right set of interfaces and protocol and will register to the server the pieces of my profile they are storing.
Note: I will be the one deciding who stores what. Think of it as like moving to a new place. You can choose your electricity, gas, phone, cable and Internet providers.
Applications willing to access any of this information will talk to the GUPster server. And just like Napster, the server will not return data, but referrals (i.e. where this information can be found).
Unlike Napster, the central server will also enforce some access control policies defined by the user (let's call them my 'privacy shield'). If the request for user profile information is not OK (e.g. nobody can access my presence information after 9pm), the returned referral is empty.
Does it sound crazy?"
do you really think we want to trust someone else with that information? and if we did, would it be a commercial interest? I lied on my profiles from the time I got my first Hotmail acount more than half a decade ago. And I've seen more problems with companies having people's information than i care to count since then. So I don't see anyone with a background in information security or an idea of what goes on with that information, particularly those of us who are paranoid, as liking this concept one bit, regardless of who controls it.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
what about when this profile gets accessed by someone else? someone is bound to figure out how to spoof usernames and get another user's profile, giving them full access to all your information! now doesnt that sound like fun? it takes identity theft to a new level when your entire identity is on a network.
"And perhaps, posterity will thank me for having shown it that the ancients did not know everything." -Pierre Fermat
Nobody here will trust the government to setup a universal ID card - why on earth would we want a full profile, ready and waiting to be hacked?
Even the idea of what you are suggesting (info on the Internet) scares the shit out of me.
Now, on the other hand, a profile based on a physical item (ie/ a cd, datacard, etc) might be a nice idea. Just plug it into your PDA, cell phone, laptop, pc, etc.
Of course, considering how much information about me is sent across the Internet, maybe it's time to just give up privacy.
If we have to do that, let's at least all go nudist. That might be a fair trade off then...
Robots are everywhere, and they eat old people's medicine for fuel.
It's called my brain. Seriously though, I follow the philosophy of "A chain is only as strong as its weakest link." Distribution of resources (with no central access) limits the damage of a single weak link.
Of course, though, if I was interested in a central system, why not something implemented with a directory service (e-Directory or AD)? A nice little certification architecture for a multi-tiered privilege structure? I'd put my faith in NDS before a lot of the other products mentioned.
What is music when you despise all sound?
A universal roaming profile? Isn't that what personal electronic devices (said: notebooks) are for?
I'm not all paranoid about privacy. I think that convenience is more important than any information people my glean from me ("He drinks PBR! We've got him now"). So, that being said, I think that so far, Yahoo does one of the best jobs of any kind of convergence. While it's not open, they've got enough services where you really can start to integrate. You can sync your Yahoo mail with any mail client, you can store your browser bookmarks there, files, notes, etc. You can get all of your Yahoo info already personalized in a Sprint phone. You can take care of scheduling with your Yahoo, your cell phone, or even text messaging to almost any device. It's not perfect, but it's the best I've seen. I'm even willing to buy some of their upgrades (premium mail, for example).
There's no need for trust. Store my data on your server but store it encrypted. Only I have the decryption key. Everything I send to you and receive from you is encrypted. You are just providing the storage (and possibly I am paying you for this service).
Now, I don't need to trust you. I, of course, do have to trust my local machine and I have to trust the client I use to access my files. But I do not need to trust you.
Oceania has always been at war with Eastasia.
This is a bad idea all around, just ask .mac users :P
Do you really want to put yourself in a position to have your data taken hostage. And can they really guarantee privacy or does private just mean that it is protected from hackers, but they and the law enforcement can access it anytime?
I'd much rather see a sync over the internet from my systems to my systems using a pgp key.
Mozilla (as of version 1.0.1, 1.1 and 1.2 alpha) does not yet support roaming, unfortunately.
:-(
:-)
I used it with Netscape 4.x at work and at my home, and it was very practical (sorry, my online dictionary page is currently down:-P)
It is amazing how comfortable such a "simple" solution can be. StarOffice founder Börries has a new company http://www.verdisoft.com which wants to provide unified device/software configuration.
They use SyncML, and SyncML is IMHO the protocol of choice for this goal, supported by many vendors, but i cannot see mass products since almost 2 years. and: unfortunately there is not yet an open source implementation
I think central device and software configuration and management is the next big thing. Think of the millions of poor users today who have to keep their workstations, laptops, cell phones, pda's and frigerators on sync
--
cu
Sebastian
-- word!
Would you have your house, your car, your office, and your secret cash box all use the same key? It's all very convenient until someone else finds the key....
Got Rhinos?
The answer isn't to store your personal information somewhere new, but store it where you store it already - in your wallet. With flash cards and plug-in flash readers and the increased proliferation of USB buses, one would think it wouldn't be too big of a deal to sit down at your computer or open up your PDA, slide in your flash or whatever card, and have your preferences loaded, or when you leave, saved. If you're willing to have all the information you already do in your wallet, there's certainly no reason not to put the same information on a password-protected, access-location-limitted smart card in your wallet. You could even go so far as to have your card double as your car key.
paintball
Database people do this sort of thing all the time, by making the data superior to the application and forcing apps to work through a very rigid interface. The way to do this is probably to store the preferences in a relational database. Those things are well understood, scale up, and can be replicated. Apps would get to the database via SQL, as usual. It's not the latest buzzword-compliant technology, but it's well-understood.
Cell phones and other wireless devices will have other costs, namely money and time. Let's say that it costs somewhere around $.04/kb to send data over GPRS. My address book in Palm format is near 250KB, or about $5.00 of charges and around two minutes of time at 19.2. And that's without expanding it to vcard format for the transmission. Deltas, of course, are small but still will take time and money, although I'd be more likely to do that in a pinch.
I'd definitely want the option to sync it via IR to my Palm, with a USB/Firewire cable or cradle, inserting a GSM smart card or via Bluetooth. Only one or two of those is likely to be directly to my desktop. The others will have to flow through an intermediary. And when I'm out in the field, I don't want to be punching data into my phone via the numeric keypad when I could be syncing to my iPod.
So I see a need for the ubiquitous exchange of data, where every machine understands syncing and can do it unobtrusively and cheaply. (Of course AT&T, Sprint and Verizon have no desire to promote unpaid transfer of data, but it's Nokia, Ericsson and Motorola that count.)
John
For instance, lets say that I want your medical records. I would go to the central registry and make a request. The central registry would reply that the information is stored at, say, the Mayo Clinic. I would still have to go there and jump through whatever hoops they present to actually get the data.
The definite good thing about this is that if you decide that you don't want to use the Mayo Clinic for some reason (poor security policies, impersonal staff, whatever), then you can designate John Hopkins, and future requests will be transparently routed there instead.
The potentially good thing is that the central redirector could implement its own security policies. For example, medical info requests should only be forwarded if they come from someone with a certificate signed by an appropriate authority (i.e. ama-assn.org and/or amerchiro.org).
The process would work a lot like DNS. In fact, I don't see any reason why the central server couldn't be distributed in a manner similar to DNS servers.
Nothing for 6-digit uids?