I’m tired of typing my postal address into Web sites. Furthermore, it’s stupid, wasteful, and a little worrying that so many of them out there have stored copies of it. Wouldn’t it be better just to give them the address of my address?
[This is provoked by an acronym-heavy discussion that’s sloshing around online; a good sample of the thinking may be found in “Feeds-Based VRM”: A Web-Centric Approach to VRM Implementation, by Adriana Lukas and Alec Muffett.]
Your Offline Address, Online · The idea is this: Instead of filling your address into a form, you give them a URI for your address, where a Web site’s server can fetch a machine-readable version and fill in all the fields. In the case where the site only needs your address once, this is worthwhile for labour-saving and quality purposes; how many times has it taken you three tries to get all the pieces of your address into the right place on a persnickety Web form, and how many other times have you noticed a dumb error in an on-file address you entered earlier?
Suppose the Web site needs to keep your address; perhaps they’re going to send you something every month. Then this URI-based approach really shines, because if you move, then you just change your online address in one place and then anyone who needs it every so often goes and picks it up when they need it, and they’ll have the latest version without you having to run around the Web and change it everywhere.
This seems like a no-brainer, and if you buy into it, there are maybe a lot of other similar cases. Here are some other things that you might want to keep online in one place, control yourself, and deal the addresses of out, as required: your credit card info, your FedEx account, your health-insurance number, and your frequent-flyer programs.
Of course some of these get into very sensitive security issues; but actually we’re getting pretty good at providing information on the Web in a secure way.
The people who are thinking about this are slinging around jargon from the “VRM” (Vendor Relationship Management) community and from the Identity community. I’m not really a member of either, and thus am probably missing some of their finer points. But the notion of you controlling your own automated information dispensary seems like an obvious winner to me, and furthermore, one that ought to be easy to build using existing Web technology, right out of the box.
And you don’t have to be that paranoid about privacy and security issues to appreciate the advantages of controlling the storage and delivery of information about yourself.
Technical Issues · This originally came across my radar because Alec Muffett asked me what I thought about the idea of using Atom (RFC4287) as a wrapper format for this kind of data. Off the top of my head, it sounded plausible. Atom is XML, which helps with internationalization, and then it also provides you with a guaranteed last-updated timestamp and a nice globally-unique identifier for each item.
Let’s focus on that nice simple example: storing your address online. The first thing you need to figure out is how to encode the address machine-readably. From where I sit, it looks like the vCard format is the most deployed and is thus probably well-debugged. It comes in three flavors: plain-text, XML, and an XHTML microformat.
Any of them would work, either on their own or in an Atom wrapper; I’d be inclined to pick the native plain-text version just for simplicity.
Speaking of simplicity, I guarantee that if this idea got momentum, you’d hear voices raised arguing that vCard is just too simple for this or that business’ addressing needs. Well, too bad, they don’t have to play if they don’t want to. My bet is that the upside from bringing order to this chaos is much bigger than the cost in forcing businesses to dumb down their addressing data.
So, what would using an Atom wrapper, as opposed to just a naked vCard resource, buy you? To start with, you’d be able to batch up things for delivery; for example separate billing and delivery addresses. Or for that matter everything you want to share to drive one particular transaction: address, credit card, and affinity programs.
On the other hand, there’d be a cost, because you’d have to give the receiver two pieces of information: the URI of the feed and some sort of selector for the bit that contains the particular item in question.
While thinking about this, I realized that we never specified a
fragment-identifier syntax for Atom, so in
http://example.com/feed.atom#37, the #37 doesn’t
actually mean anything. Sigh.
I pinged
Joe Gregorio online and asked “Did we
really not do that?” and he replied, more or less, “D’oh, we should fix that.”
Neither
of us can remember the issue ever coming up for discussion during the Atom
process.
So actually, it’s not obvious to me that an Atom wrapper is a good idea here. The timestamp would be nice, but then a well-run Web server should also provide that information.
Take-Away · Unless I’m missing something obvious, the notion of everyone bringing the online information about themselves under their own control, using plain vanilla Web technology, seems like a winner.
What would it take to get this started?
Contributions
· Technology (90 fragments)
· · Web (396 more)
· The World (148 fragments)
· · Life Online (273 more)
Comment feed for ongoing:
From: Steve Ivy (May 05 2008, at 12:11)
Hi Tim,
I think this is a good example of where hCard support[1] would make a lot of sense for these services. Then you could point the services to an appropriate profile page, potentially protected by Oauth[2], and they can parse whatever profile information you're willing to share out of it using any number of the decent microformat parsers out there.
I have nothing against Atom, but I don't necessarily see the advantage of using a feed format here.
Cheers.
[1] http://microformats.org/wiki/hcard
[2] http://oauth.net
[link]
From: Gavin Carothers (May 05 2008, at 12:16)
I'd consider using http://openid.net/specs/openid-attribute-exchange-1_0.html Given it provides authentication and assures me that the site getting my address or other personal details is ALLOWED to get the information. I also have to authorize any updates, this to me is far preferred to having my personal information sitting out on the web raw.
[link]
From: Peter Krantz (May 05 2008, at 12:42)
Well, you could have a look a the Universal Postal Unions project to establish an email adress for everyone (can't find the link right now). Sounds like a good idea, but last time I heard they were thinking along the lines "Tim-Homestreet-55-Vancouver@ca.post.int" which means you would have to change your UPU address everytime you move. The address also acts as a key to retrieve more information.
Why they want to push the limitations of the physical world onto the online one is beyond me.
[link]
From: Mark (May 05 2008, at 12:48)
It seems like it already has started with OpenID. What's the barrier to making a system like OpenID also be a way to store and retrieve your address?
Granted, some work would be involved, since OpenID isn't an XML based system. A way to added addresses to the OpenID system would need to be devised.
[link]
From: Bob Aman (May 05 2008, at 13:00)
<blockquote>
What would it take to get this started?
</blockquote>
I haven't a clue, but I'd sure like to see it happen. I wouldn't be surprised to discovered well over a thousand places independently keeping track of my address. I suspect that the closest existing analogue to this would be the credit reporting agencies, since they keep a running tally of where you've lived. Except of course that the information that the 3 agencies have tends to be different at each one.
[link]
From: Sam (May 05 2008, at 13:12)
Isn't this what OpenID Attribute Exchange 1.0 is supposed to solve?
[link]
From: Aristotle Pagaltzis (May 05 2008, at 13:45)
> It’s stupid, wasteful, and a little worrying that so many of them out there have stored copies of it. Wouldn’t it be better just to give them the address of my
address?
Tim Bray discovers 3rd normal form. Film at 11.
SCNR. :-)
[link]
From: Danny Ayers (May 05 2008, at 15:15)
If you're giving someone the URI for your address, why does it need to be a feed?
It isn't going to change *that* often, let the consumer do a GET when they need it.
There are several vCard representations available: vCard itself, hCard or vCard/RDF (ask Norm). The latter is a good choice if you want to include your shoe size :-)
Why not give yourself a URI?
http://dig.csail.mit.edu/breadcrumbs/node/71
[link]
From: Brian Smith (May 05 2008, at 16:12)
Making it easy for businesses to get your address seems to be solving the wrong problem. Why do they need your address in the first place?
* Deliveries: Give your address to UPS, FedEx, the post office, or whatever courier. The business verifies that the courier has your address and asks the courier how much it costs to ship to you. Then the business charges you for the shipping, gives the package to the courier with no address on it, and the courier delivers it using the address information they already have.
* Fraud Protection: Visa, Mastercard, etc. already know your address. The business can just ask one of these guys to verify your identity, instead of doing it themselves.
* Junkmail, tracking, privacy invasion, identity theft: This is why you don't want to make it easy to get your address in the first place.
[link]
From: Joe (May 05 2008, at 16:14)
Isn't this what Live Mesh is going to do? You provide your own data to sites based on ATOM (or JSON, RSS etc) either hosted via the 'Live desktop' cloud or from any other source.
In fact start-ups should jump on this model as there is much less storage and data ownership. They just provide the functionality.
[link]
From: Erik Wilde (May 05 2008, at 16:30)
maybe this is more a historic note, but i thought something as simple as standardizing field names for forms already worked pretty well.
http://xml.coverpages.org/ecml.html
but of course this only works if the browser has some way of knowing the field values (through history or configuration).
[link]
From: Gunnar (May 05 2008, at 17:08)
"Of course some of these get into very sensitive security issues; but actually we’re getting pretty good at providing information on the Web in a secure way."
ROFL.
[link]
From: Tim (but not THE Tim) (May 05 2008, at 19:22)
I think this could extend outward in many ways. I think OpenID complements it but shouldn't be bent to provide these services.
The 'Identity Service' would be responsible for securely storing and retrieving identity bits that you need; therefore it could be an OpenID provider.
What about using OpenSSH-like protocol to sign in to the Identity Service, to provide a better way to identify that you are authorized to get information from the IS.
[link]
From: Mark (May 05 2008, at 19:49)
While it's cute, in a "Big Bang Theory" kind of way, to watch all the web nerds regurgitate their favorite acronyms and backronyms when poked with a sharp stick ("Ow! RDF!" "Ow! OpenID!" "Ow! RFC4287!") -- the fact remains that the web is really a terrible foundation for much of anything of any permanence. You don't own your domain name; you don't own your URI space; you don't own your online identity. You just rent it from companies with so little transparency, they would make Franz Kafka blush. Pushing identity down to the DNS level just moves the problem, it doesn't solve it. In fact, it maximizes the potential damage by minimizing the target surface for attacks. Coming soon to a major metropolitan newspaper near you: "DNS Hackers Re-Route 1,000,000 FedEx packages, Amazon Blames Tim"
[link]
From: Marius (May 05 2008, at 22:38)
I think it would be better to add something to the HTML markup (microformats, rdf) so that the browser can fill out the forms automatically with more confidence
[link]
From: Danny Ayers (May 06 2008, at 01:10)
Poor hungry troll, here you go - the Web may not be ideal for maintaining permanence, but it's no worse than any of the current alternatives. The advantages it has are that it's globally adopted, seriously versatile for information representation, and above all it's easy to create associations between pieces of information.
In this case the person-address relationship is an association between two sets of data (the identifiers for the person, the address field/values). The Web is well-suited for representing linked data.
http://en.wikipedia.org/wiki/Linked_Data
[link]
From: Alec Muffett (May 06 2008, at 03:26)
>What would it take to get this started?
It already is being started. See the stuff pertinent to the "Mine!" project, at www.mediainfluencer.net/
- alec
[link]
From: Danny Ayers (May 06 2008, at 03:55)
Here's how I'd do it, using vCard/FOAF + OpenID : http://blogs.talis.com/n2/archives/64
[link]
From: Ben (May 08 2008, at 07:31)
Hi Tim
the question you asked was 'how to get this started?' not 'which clever technology should I use?'. It's clear from the thread that there is no shortage of standards, and they've been available for years so getting started isn't a technical issue but a social one ie someone provide a compelling service proposition.
Actually I use Sxipper, which is fine but I still find myself having to write my address too often. I'd prefer it if my address wasn't held in so many places but I don't care that much and the era of linked data is some way off, even though it's technically possible today.
[link]
From: Gavin Carr (May 08 2008, at 21:20)
I think an interesting corner case here is wanting to publish (limited) address and/or location information to everyone, not just to sites you have relationships or accounts with (think store locators, transport timetables, map sites, etc.). For this stuff using something like OpenID is bad, because you probably don't want address/location information to be linked to identity in broadcast scenarios.
I was thinking about this for use with FireEagle and was toying with the idea of some kind of microformat address location data carried via HTTP request headers: http://www.openfusion.net/web/super_simple_public_location_broadcasting
[link]
From: William Stacey (May 09 2008, at 06:25)
Brian Smith, that was most insightfull post I have read in some time. Mainly because I feel the same way and don't understand why no traction in that direction as it seems obvious. I do know it will take a while because of major shifts in process and tech that need to happen. IMO, it is the way to go. No vendors ever "need" your address or cc number. Some of this is "sneaking" in with virtual CC numbers some companies use, but we need to go next step.
[link]
From: Jeffrey Yasskin (May 11 2008, at 16:25)
As to "how do we get this started", convincing Amazon to accept some such format instead of an explicit address would go a long way.
[link]
From: Mark (May 16 2008, at 05:40)
Turn on autofill in your browser. Solved.
[link]