Personal Address Manager Service: Difference between revisions

From Project VRM
Jump to navigation Jump to search
(Added Policy Section)
(→‎Schedule: Added policy requirements to schedule)
Line 28: Line 28:
|-
|-
! High Level Use Cases
! High Level Use Cases
| TBD ||  || || ||XXX|| || || || ||
| J. Andrieu ||  || || ||XXX|| || || || ||
|-
|-
! Scenarios
! Scenarios
| TBD ||  || || ||XXX|| || || || ||
| J. Andrieu ||  || || ||XXX|| || || || ||
|-
|-
! Abstract Use Case Narratives
! Abstract Use Case Narratives
| TBD ||  || || || ||XXX|| || || ||
| J. Andrieu ||  || || || ||XXX|| || || ||
|-
|-
! Specific Use Case Narratives
! Specific Use Case Narratives
| TBD ||  || || || ||XXX|| || || ||
| J. Andrieu ||  || || || ||XXX|| || || ||
|-
|-
! Use Case Diagrams
! Use Case Diagrams
| TBD ||  || || || || ||XXX|| || ||
| J. Andrieu ||  || || || || ||XXX|| || ||
|-
|-
! Use Case Maps
! Use Case Maps
| TBD ||  || || || || ||XXX|| || ||
| J. Andrieu ||  || || || || ||XXX|| || ||
|-
|-
! Constraints and Requirements
! Constraints and Requirements
| TBD ||  || || || || || ||XXX|| ||
| J. Andrieu ||  || || || || || ||XXX|| ||
|-
! Policy Requirements
| J. Andrieu ||  || || || || || ||XXX|| ||
|-
|-
! Technology Review
! Technology Review
| TBD ||  || || || || |||| ||XXX||
| J. Andrieu ||  || || || || |||| ||XXX||
|-
|-
! Formats and Protocols
! Formats and Protocols
| TBD ||  || || || || || || || ||XXX
| J. Andrieu ||  || || || || || || || ||XXX
|}
|}



Revision as of 01:51, 16 March 2008

This Standard is being developed according to the VRM Use Case guidelines.

When possible, elements of the Requirements Model are incorporated directly herein. Otherwise, a link is provided for downloading supporting documents.

Status

Working Draft

Schedule

Proposed Schedule for First Draft
Item Who? Comment 2/20 3/5 3/19 4/2 4/16 4/30 5/14 5/28
Use Case Description J. Andrieu XXX
Actors J. Andrieu XXX
Roles J. Andrieu XXX
Role Map J. Andrieu XXX
Role Profiles J. Andrieu XXX
High Level Use Cases J. Andrieu XXX
Scenarios J. Andrieu XXX
Abstract Use Case Narratives J. Andrieu XXX
Specific Use Case Narratives J. Andrieu XXX
Use Case Diagrams J. Andrieu XXX
Use Case Maps J. Andrieu XXX
Constraints and Requirements J. Andrieu XXX
Policy Requirements J. Andrieu XXX
Technology Review J. Andrieu XXX
Formats and Protocols J. Andrieu XXX

Target date for announcing first complete draft: VRM Workshop June 2008

Description

The Personal Address Manager Service (PAM Service or PAM) allows anyone to manage their postal address in one place and have it automatically be propagated and used by others, as authorized.

Actors

A list of all Actors supported by the system.

Individuals
people who use a postal address as a point of contact for receiving correspondence. Also individuals who wish to contact others through a postal address.
Organizations
entities who rely on a postal address as a way to reach individuals with whom they have existing relationships. Could be a for-profit corporation, sole proprietorship, non-profit, or government agency. Also entities who wish to contact others through a postal address.

Note that this service is specifically NOT designed to support organizations who rely on postal addresses as a way to reach individuals with whom the want to create a relationship, who we will refer to as "Direct Marketers" for lack of a better term. For this Service, Use Cases which support Direct Marketers are explicitly out of scope.

Roles

Addressee
Anyone who use a postal address as a point of contact.
Addressor
Anyone who wants to reach an Addressee at their postal address.
AddresseeDelegate
Anyone authorized by an Addressee to act on their behalf. Specializes Addressee.
AddressorDelegate
Anyone authorized by an Addressor to act on their behalf. Specializes Addressor.
AddressRequester
Individuals or organizations who request a postal address on demand for either immediate or perpetual use. Specializes Addressor.
AddressSubscriber
Individuals or organizations who subscribe for updates to an individual's address. Specializes Addressor.
OnlineAddressSubscriber
AddressSubscribers who will receive updates electronically. Specializes AddressSubscriber
OfflineAddressSubscriber
AddressSubscribers who will receive updates via postal service. SpecializesAddressSubscriber

Role Map

A visual representation of the supported Roles and their relationships to one another.

PAM Role Map.png

Profiles

A detailed description of each Role's expectations, capability, and requirements for the system, forming an operational context for that particular role. Developed to enough detail to distinguish what this particular role needs from the system design.

Addressee

  • Average Internet user. Understands websites, email, etc., but doesn't necessarily understand any of the underlying technology (HTML, http, SMTP, etc.). Web friendly but not especially tech savvy.
  • Updates address on average once/year, although many users will spend years in between usage.
  • Authorizations occur more frequently, so that interface is more familiar.
  • Has list of authorized Requestors/Subscribers for address updates in various formats and for various services (DMV, utilities, magazine subscriptions, websites, etc.)
  • Could have addresses anywhere on the planet.

Addressee Delegate

  • Specializes Addressee
  • Authorized by the Addressee to manage authorizations and edit addresses.
  • May serve as delegate for multiple addressees
  • Can be expected to be moderately more tech-savvy than the average Addressee, but they could have the role just because they are the person in the household with the most geek skills.

Addressor

  • Anyone who wants to reach the addressee via their current postal address as managed in the Personal Address manager.
  • May be offline or online.
  • Selected by virtue of the Addressee's desire to use the Personal Address Manager for this Addressor.
  • Could be anywhere on the planet.

Addressor Delegate

  • Anyone authorized by an Addressor to act on their behalf.
  • Typically this is a shipping or mailing service
  • High technical sophistication
  • Likely to have automated systems for managing large numbers of Addressees and Addressors.

AddressRequester

  • Specializes Addressor
  • Internet-savvy entity who wants to make sure they always have the latest postal address for contacting users. Capable of implementing (or using) fairly sophisticated web services
  • Manages tens to millions of users... small or large organization or individual.
  • Will use the Personal Address Manager for on-demand queries.
  • Sometimes handles mailings in-house, sometimes through third-party mailing house.

AddressSubscriber

  • Specializes Addressor
  • Maintains own database and will not be relying on the Personal Address Manager for on-demand usage.

OfflineAddressSubscriber

  • Specialized AddressSubscriber
  • No Internet access expected or required.
  • Will be reached via postal mail.

OnlineAddressSubscriber

  • Specialized AddressSubscriber
  • Average Internet User
  • Has email address
  • May have contact manager software capable of more sophisticated processing
    • Or may manually process incoming email updates

High Level Use Cases

A list of all supported use cases in the system, identifying all required use cases by title.

  1. Addressee Manages Address
    1. Addressee Creates Address
    2. Addressee Reviews Address
    3. Addressee Changes Address
    4. Addressee Deletes Address
  2. Addressee Manages Addressors
    1. Addressee Uploads Addressors
    2. Addressee Authorizes Addressor
    3. Addressee Manages Addressor Permissions
    4. Addressee Deletes Addressor
  3. Addressee Manages Delegates
    1. Addressee Authorizes Delegate
    2. Addressee Unauthorizes Delegate
    3. Addressee Removes Delegate
  4. Addressor Manages Delegates
    1. Addressor Authorizes Delegate
    2. Addressor Unauthorizes Delegate
    3. Addressor Removes Delegate
  5. Addressor discovers Personal Address Manager service for Addressee
  6. Addressor Requests Authorization
  7. Delegate requests authorization
  8. AddressRequester Requests Current Address
  9. AddressSubscriber Activates Subscription
  10. AddressSubscriber Deactivates Subscription
  11. Addressee Accesses Activity Log
  12. Addressor reports address change
  13. Addressee acknowledges address change

Scenarios

Prose descriptions of a user's interaction with the system as one example of the Use Case that explains the context, the interaction, and the benefit. Each Use Case requires at least one Scenario.

Addressee Changes Address

Scenario 1

Bob just got a new job and is moving from Los Angeles to San Francisco and recently selected his new home. He has an address to send to existing vendors. He visits the Change of Address Service and inputs his new address and all of the vendors he wants outgoing notices for (with appropriate account #s and other identifying information). The service confirms the new address, date of the move, and the subscribers it will contact. A few vendors require contact information (they aren't in the system) so Bob provides it. The system sends out the notices and keeps track of delivery so Bob can later verify receipt of the update.

Possible Variations

Address changes initiated by a visit to a vendor rather than the CoA service?

Discussion

What is the most efficient and appropriate way for users to manage their account information for each vendor? Telling the DMV (department of Motor Vehicles, the service that provides driver's licenses in California) that John Doe is moving is useless if they don't know the driver's license number as well. Seems like this should be jointly specified by the vendor, when possible. That's easier if the vendor initiates the authorization process (catalyzing the creation of the record in the COA service). However, for real-world, off-line vendors, we probably need a simpler upload or manual entry. What about exports/uploads from bill pay services such as are common at banks or financial management services like Mint or Wesabe? - Joe Andrieu

Abstract Use Case Narratives

An implementation and technology-free chronological ordering of user intention and system responsibilities for a particular use case. Based on one or more specific Scenarios, define the specific, yet technology-free, interactions that are required for the use case. These narratives will be normative, that is, they will ultimately define the requirements of the functioning system.

Addressee Changes Address

User Intention System Responsibility
1. Addressee decides to move.
2. Addressee expresses new address to system (optionally including scheduling information).
3. System assures Addressors get the new address when they need it.


WikiQuestion/suggestion: let's set this up as a template.

Specific Use Case Narratives

Implementation-specific sequences of user action and system response for a use case. These narratives will be illustrative, that is, they will show how a particular set of technologies can implement a particular use care--or how a specific set of technologies might require or suggest changes to the use case.

Use Case Diagrams

Both abstract and specific use cases may be diagramed visually to represent the transaction flow between various system components. For abstract use cases, the diagrams will be normative. For specific use cases, they will be illustrative.

Use Case Maps

A visual representation of the multiple use cases that comprise a particular service and their relationship to one another.

Constraints & Requirements

In addition to responding to specific use cases appropriately, every VRM Service shall define its own set of constraints and requirements to complete the specification of the service. Many requirements will be applicable to most, if not all, VRM services, such as those inspired by tenets of data portability and user-centric identity.

When mapping out the first set of use cases, it became clear that the a few of the core Use Cases were already substantially met by such online services as Plaxo and LinkedIn, raising the question of what would actually make a Personal Address Manager service VRM-compliant. That led directly to a handful of simple requirements that assure the user and vendors have appropriate access and controls.

  1. Address stored independently of any particular service provider
  2. Addressee can choose who stores canonical source (self-storage ok)
  3. Data should be in an open format and portable without data or service loss
  4. Data transfer and use is always under user control
  5. Addressors can discover the appropriate CoA service for each user

Policy Requirements

Implementations must meet the following policy requirements.

Administration & Operations

  1. Specified Data Visibility--Service providers must specify and implement either a visible of invisible data strategy.
    1. Visible Data - Data stored with the Service provider is visible to administrators.
    2. Invisible Data - Data stored on the Service is encrypted and not visible to administrators.
  2. Constrained & Logged Data Modification--All data modifications must only be made through explicit Roles as defined in the specification. All data modifications must be logged in a system activity log. All system activity must be auditable by users and their delegates.

Representation & Warranties

Service providers must explicitly specify, represent, and legally warrant their policies in the following areas.

  1. Privacy
  2. Security
  3. Survivability
  4. Accountability

Note: these areas need to be more clearly and completely specified. See the [Global Services Specifications] as informative of the type of self-asserted warranties will be required by Personal Address Manager Service providers.

Technology Review

Review relevant technology and existing services, highlighting how they inform our development, either by highlighting successful ideas or as examples of what we should avoid.

Services

Technologies

Organizations/Movements

Formats & Protocols

We will need formats for

  1. Representing an address (machine readable)
  2. Presenting an address (human/postal service readable)
  3. Personal Address Manager metadata
    1. Address Metadata
      • Address Name
    2. Authorizations
    3. Log data

We will need protocols for

  1. Authenticating Addressees, Addressors, and delegates
  2. Authorizing Addressors & Delegates
  3. Service discovery
  4. Inbound human services
    • most likely web pages
  5. Inbound automated services
  6. Outbound automated services
    • email