Deconstructing the Respect Network

There seems to have been a deal of confusion this week around a new concept, the Respect Network, following a global roadshow promoting the network that passed through Sydney. So I’m going to try and dispel some of that.

Reactions seem to have been a mixture of cynicism, scepticism and suspicion, which is a pity because, I believe, the underlying idea is sound and if the vision as described by the founders, can be realised, it will radically change the way we use the Internet.

The essence of the scheme is to enable consumers to participate in the online world, sign up to web sites, avail themselves of a range of services and for all their personal information, preferences etc to be shared only as needed with individual service providers, or with others at the consumer’s discretion.

The trouble is there are a few different ways of looking at what the Respect Network does and what it will offer and focussing on each in isolation tends to obscure the whole.

The first manifestation of the network is federated identity. It is fairly simple and easy to grasp - which is why it is being pushed initially. If you sign up and pay $30 you will get an ID like a Twitter handle but preceded by =, eg =stuartcorner, that you will be able to use to log in to web sites that display the ‘Respect Connect’ logo just as you can do that today with your Facebook, LinkedIn or Twitter ID. The difference being that no other organisation will know what services you have signed up to, unless you choose to tell them.

Your Respect ID and password, and down the track much other information about you, will be held in the cloud by cloud service provider partners of the Respect Network; the one in Australia is Onexus.

The networking that will enable sites using the Respect Connect logo, and other partners of which more later, to retrieve and verify user IDs will be operated by Neustar, a company which provides number portability services to a number of US telcos.

That’s all pretty straightforward but it does not seem to bear much resemblance to how the Respect Network is describing itself in its bid to make the concept simple to understand.

Respect Network CEO, Drummond Reed likens the network to the credit card system. A credit card company, eg Visa, simply operates the network and enables users to have credit cards and merchants to accept payments on these. The actual service is provided by participating banks. Merchants pay a percentage of each transaction as a fee for service. Banks may also charge customers a fee or may offer the service free because it gives them an opportunity to lend money to the cardholder at usurious rates.

That explanation introduces, but not in a very helpful way,  the other - and perhaps the most important - group of players in the Respect Network game, those companies that will provide services to Respect Network users based on their identity and preferences. These players will be identified by the handle +companyname in the Respect System.

So how will it all work? There are two key components, one technical and one contractual. The contractual component is set out in the Respect Trust Framework, a set of documents lodged with the Open Identity Exchange that commits all participants to protecting members’ information and to ensuring that any information created through the provision of services is fully portable within the Respect Network.

This portability will be achieved through the use of XDI (eXtensible Data Interchange), a data interchange format and protocol by the XDI Technical Committee of OASIS, (formerly the Organisation for the Advancement of Structured Information Standards) which is co-chaired by Respect Network CEO, Drummond Reed.

Because data on individuals will not be generally available, even anonymised and aggregated, there is no opportunity to fund the system by exploiting that data (the Facebook model). Instead Respect Network believes that businesses will pay for access to consumers. The fee they pay, annually will be split equally three ways: one third to the consumer, one third to the provider of the consumer’s ‘base cloud’ (eg Onexus) and one third to the intermediary service providers.

CONCLUSION

So that’s the essence of it. There are many questions to be answered about how it will work, particularly around security, data integrity and how adherence to the Respect Framework will be maintained. All these are essential to its successful operation.

Using the federated identity to get the ball rolling seems like a good idea - it is easy to understand. However early adopters who have paid their $30 for a =name might be a little disillusioned to find there is little they can presently do with it (this was the reaction of a friend of mine who signed up).

Make or break for the Respect Network will likely come through the emergence of service providers that are able to exploit the network and the structures it has set up to offer compelling services, and it may well be that the functions and features of those services per se will be the driver of success for the Respect Network, rather than the attractions of privacy.

Yes, Facebook is somewhat on the nose with users at the moment (see the results of this survey What would make you quit Facebook? on the Sophos Nakedsecurity blog), but I suspect there is still a long road to go before most people are actively seeking greater online privacy.