On today's call we agreed that, rather than conducting actual interviews, we would ask those <10 previously identified as interview candidates to do the survey as it currently stands (or soon will stand, based on Eve's questions below) - with the opportunity to tell us what questions we should have asked. Based on that sampling, we will then revise the survey before wider distribution. Separately, specific feedback on questions below 1) suggest we need a 2-part question along the lines of : "How much confidence do you need in the veracity of the data?' "What provides you the necessary confidence?" 2) as modelled, we would ask that the survey be performed once for each attribute. Asking for each application might be more manageable for those surveyed (recognizing that distinctions between different attributes might get lost) Paul Eve Maler wrote:
Here are the questions I administered as the exercise for my XML Summer School lecture on federated identity. My comments on how they went over, and other comments based on our phone conversation today, are in [brackets].
[We need to add an introductory paragraph that explains what we're trying to accomplish here, something like: The Concordia group is examining the needs of enterprise and consumer application development organizations when it comes to "outsourcing" the provisioning of important user identity data to other applications or services, and having the necessary degree of confidence that this data is accurate and current. In federated identity, this sort of outsourcing is called "attribute exchange". We invite you to fill out the survey to help us work within the identity community to address your needs better.]
[We need to add a maximum of 5 demographic "establishment questions" that we can use on all future surveys, as well as allow people to optionally give us their name, email, and permission to contact them for further in-depth inquiries. I think we should assign this one to Ari. :-)]
Thinking about identity data used in your applications for authorisation or personalisation, for each identity data item:
What is the nature of the data? [People asked for clarification. What I meant, in brute-force fashion, was "What is the data item?" E.g., blood type, home address, etc.?]
What is the nature and role of the application in your organisation? [People asked for clarification. What I meant, in brute-force fashion, was "What does the application do?"]
What effect does the data have on application behavior? [E.g., does it control authorization? does it personalize the app? etc.]
What are the consequences if the data is incorrect? [e.g., spoiled user experience, incorrect diagnosis, death??]
What party is truly authoritative for that data? [In brute-force fashion: Who has the responsibility for providing the data item? Who has the least incentive to lie about it? Who has the most incentive to get it right?...]
Is there a role for self-assertion or self-service in data provisioning and updating? [This is phrased in a somewhat geeky fashion. In brute-force fashion: Do the people about whom the data item have the opportunity to set and update its value themselves?]
If you are not the authoritative party, how and how often do you get the data today? [This is really batch vs. run-time provisioning. Also, note that I asked "if you are not the authoritative party" because I was asking a roomful of people, who may not be RPs today, to fill out the questionnaire.]
What is your business relationship with the authoritative party?
What is your remediation strategy and workflow for incorrect data? [This is phrased in stilted fashion, but isn't truly geeky.]
[On the call we agreed we need a final question, something like: What questions should we have asked you to get to the root of your issues around confidence in outsourced data? What other comments can you share with us?]
Eve Maler eve@xmlgrrl.com http://www.xmlgrrl.com/blog _______________________________________________ Dg-concordia mailing list Dg-concordia@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-concordia ------------------------------------------------------------------------
No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.420 / Virus Database: 270.14.4/2417 - Release Date: 10/06/09 06:50:00
-- Paul Madsen e:paulmadsen @ ntt-at.com m:613-282-8647 web:connectid.blogspot.com ConnectID <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
