On today's call we agreed that, rather than conducting actual interviews, we would ask those <10 previously identified as interview candidates to do the survey as it currently stands (or soon will stand, based on Eve's questions below) - with the opportunity to tell us what questions we should have asked.

Based on that sampling, we will then revise the survey before wider distribution.


Separately, specific feedback on questions below

1) suggest we need a 2-part question along the lines of :

"How much confidence do you need in the veracity of the data?'

"What provides you the necessary confidence?"

2) as modelled, we would ask that the survey be performed once for each attribute. Asking for each application might be more manageable for those surveyed (recognizing that distinctions between different attributes might get lost)

Paul

Eve Maler wrote: 
Here are the questions I administered as the exercise for my XML  
Summer School lecture on federated identity.  My comments on how they  
went over, and other comments based on our phone conversation today,  
are in [brackets].

[We need to add an introductory paragraph that explains what we're  
trying to accomplish here, something like: The Concordia group is  
examining the needs of enterprise and consumer application development  
organizations when it comes to "outsourcing" the provisioning of  
important user identity data to other applications or services, and  
having the necessary degree of confidence that this data is accurate  
and current.  In federated identity, this sort of outsourcing is  
called "attribute exchange".  We invite you to fill out the survey to  
help us work within the identity community to address your needs  
better.]

[We need to add a maximum of 5 demographic "establishment questions"  
that we can use on all future surveys, as well as allow people to  
optionally give us their name, email, and permission to contact them  
for further in-depth inquiries.  I think we should assign this one to  
Ari. :-)]

Thinking about identity data used in your applications for  
authorisation or personalisation,
  for each identity data item:

What is the nature of the data? [People asked for clarification.  What  
I meant, in brute-force fashion, was "What is the data item?"  E.g.,  
blood type, home address, etc.?]

What is the nature and role of the application in your organisation?  
[People asked for clarification. What I meant, in brute-force fashion,  
was "What does the application do?"]

What effect does the data have on application behavior? [E.g., does it  
control authorization? does it personalize the app? etc.]

What are the consequences if the data is incorrect? [e.g., spoiled  
user experience, incorrect diagnosis, death??]

What party is truly authoritative for that data? [In brute-force  
fashion: Who has the responsibility for providing the data item? Who  
has the least incentive to lie about it? Who has the most incentive to  
get it right?...]

Is there a role for self-assertion or self-service in data  
provisioning and updating? [This is phrased in a somewhat geeky  
fashion.  In brute-force fashion: Do the people about whom the data  
item have the opportunity to set and update its value themselves?]

If you are not the authoritative party, how and how often do you get  
the data today? [This is really batch vs. run-time provisioning.   
Also, note that I asked "if you are not the authoritative party"  
because I was asking a roomful of people, who may not be RPs today, to  
fill out the questionnaire.]

What is your business relationship with the authoritative party?

What is your remediation strategy and workflow for incorrect data?  
[This is phrased in stilted fashion, but isn't truly geeky.]

[On the call we agreed we need a final question, something like: What  
questions should we have asked you to get to the root of your issues  
around confidence in outsourced data?  What other comments can you  
share with us?]


Eve Maler
eve@xmlgrrl.com
http://www.xmlgrrl.com/blog
_______________________________________________
Dg-concordia mailing list
Dg-concordia@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-concordia


No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.420 / Virus Database: 270.14.4/2417 - Release Date: 10/06/09 06:50:00

--
Paul Madsen
e:paulmadsen @ ntt-at.com
m:613-282-8647
web:connectid.blogspot.com
ConnectID