Can VRM answer the OpenID trust question?

Monday 31st March, 2008

Or… can I use the social (and commercial) graph to assert my identity?

OpenID provides the ability for a user to prove that they “own” a particular URL. What it does not do (another commentary) is verify that the URL in question is in any way trustworthy. Nor does it really verify that the person consuming the service is who they claim, or even a real person.

This got me thinking about the identity problem. How do you actually verify that someone is who they claim? What is identity?

The idea that I like the most is that you can verify my identity by asking my friends and family. That’s something that’s very hard to fake or steal. The Ebay community uses something very similar to this to self-police a network of sellers that’s essentially unpolicable by other means. You earn trust by selling, and each transaction leaves its mark on your account, building up a reputation as a trustworthy seller. The way to avoid the “first sale” catch 22 is for Ebay virgins to sell small items first, as buyers don’t mind risking small amounts of money to try out a seller without a reputation.

The concept isn’t limited to Ebay. To get a passport in the UK you need to get a trusted professional (like your doctor) to sign your photograph. Banks use passports and utility bills to verify your identity. Utilities often just use your address.

The feed-centric VRM model described by Alec Muffett and Adriana Lukas is based on the concept of a user owning space on a web server that they can use to communicate their personal information to companies and other individuals in a way they can control. This is OpenID’s home territory.

What if VRM could work like Ebay? If companies and individuals I deal with could somehow “sign” my identity, I could build up a history of relationships that would go a long way to providing a convincing method of asserting my identity online. If I wanted to apply for a job I could grant that employer access to my the professional signatures on my identity. If I wanted to prove to the hamster breeders society that I’m a genuine hamster fanatic I could show them the digital equivalent of a handful of hamster breeders signatures on my passport photograph.

If VRM could do that, safely and with a simple user experience, it opens up a good few possibilities.

Is the term VRM misleading?

Sunday 30th March, 2008

I just read Lee White’s post, Enterprise 2.0, meet Social Media Monitoring, and it made me think. Lee wrote:

“Consider a world where a customer with an issue merely has to post their problem on their own blog or any discussion forum and the company will find it and resolve it. You will have removed the burden from the customer of figuring out HOW to complain. Sounds a lot like Doc Searls VRM project to me”

While it’s not clear from his post whether or not Lee is missing the full potential of VRM, it seems to me that the name itself (by its very association with CRM) limits the idea in peoples’ imaginations.

To me, the VRM project is not about managing the other side of the customer helpdesk relationship (as implied by the name). That might be one use case for it, but to me it’s one of the least interesting. I think the VRM project goes much deeper. I think it changes a relationship where you have to shop around, filling in forms, endlessly giving away your data, to a relationship where you signal an interest in a product and vendors bid for your custom. It brings the marketplace to your doorstep. It changes the way people engage in E-commerce.

VRM London

Friday 28th March, 2008

I went to the VRM London meeting yesterday (kindly hosted by Sun). I have to admit I was somewhat undecided before I turned up, but there are clearly a lot of passionate and imaginative people driving it, and within an hour I already had a few pages of implementation ideas and compelling applications that could be based on it.

VRM stands for Vendor Relationship Management (the counter-point to CRM – Customer Relationship Management). The short version is that by asserting a single point of control for your data as a consumer, you can add value and privacy for both yourself and companies you deal with.

The benefits to the user include:

  • The ability to ensure your data is accessed in the way you want. You can make sure that data is kept up to date for people or companies you want to have a relationship with, and that access (at least to fresh data) is blocked for those you don’t want to deal with.
  • The ability to bring companies to you, on your terms, rather than having to go to them. Ultimately I think widespread adoption could enhance competition and stimulate the economy as a whole.

The benefits to companies include:

  • Being able to keep data up-to-date. In some industries this is a serious problem.
  • Access to a greater depth of data than users would allow if they didn’t have granular control of it
  • The ability to cut out brokers and middle-men (excluding the VRM host, although the business model of individual VRM providers is up to them)

Here are a few use cases:


Bob loves music. He’s heard of a VRM host, and signs up. He inputs or uploads details of his music collection. He enables access to his private music collection data for a few music services and sends them a message asking for recommendations. The music services then respond, recommending new music to him and offering him their best price.


Bob is looking for some home insurance. He inputs data about all the belongings in his house that he wants covered, his postcode (zip code if you’re merkin), and then sends a message through the VRM host to insurance companies giving them one-off access and asking them for a quote. The insurance companies respond. He then selects the quote he wants, and provides them with his identity and whatever other personal data is required to establish a relationship. The chosen insurance company can then be given persistent access to Bob’s private house contents data so that he can quickly re-insure when he buys something to avoid being underinsured.

The insurance company wins because they can cut out the brokers. Bob wins because he gets cheaper insurance and can reduce the hassle of re-insuring. He doesn’t want to be underinsured if something goes wrong.

Invisible auctions

The exact same data could be applied to another use case. If Bob gives a shopfront like Ebay access to his private house contents data, they could anonymously list his posessions on their site under a “make me an offer” feature. If some collector out there really wants the chest of drawers Bob inherited then they can make him an offer without needing to know who Bob is, or what else is in his house.

Social Networks

You can see the pattern here. If Bob’s friend list is stored on the VRM host he can enable complete or partial access to any social network he wants to join, saving him from having to recreate those connections afresh.

Reverse Marketing

Bob is interested in music and wouldn’t mind being sent invites to gigs, but he doesn’t want to be inundated with rubbish. He tells his VRM host that he’s interested in receiving direct marketing on that subject, and will charge marketeers 50p per message he reads to encourage them to send him only relevant messages. In return he grants them access to his music data so they can figure out what to send him. Whenever he reads an email, they pay him 50p. They win because he buys gig tickets, and he wins because he gets only the marketing material he might be interested in.

Further reading

If you’ve got time for a little reading, I’d heartily recommend checking out Adriana Lukas’ VRM one-pager and Doc Searls’ Blog.

Capturing data using RegExp Backreferences

Thursday 27th March, 2008

Quite often you need to capture data from a string. For example when translating a formatted date into a date object. The following example shows one way you can do that in Javascript.

// String to parse
var dateString = "Mar 27 2008 1:46PM";

// Define the pattern, including capturing brackets
// ^ - Start of string
// (\w{3}) - Three letters : "Mar"
// ([0-9]{1,2}) - One or two numbers : "27"
// ([0-9]{4}) - Four numbers : "2008"
// ([0-9]{1,2}) - One or two numbers : "1"
// : - Colon
// ([0-9]{2}) - Two numbers : "46"
// (\w{2}) - Two letters : "PM";
// $ - End of string;
var format =
        /^(\w{3}) ([0-9]{1,2}) ([0-9]{4}) ([0-9]{1,2}):([0-9]{2})(\w{2})$/i;

// Specify which bracket pairs have which meanings
// This is mostly just to make the code readable below
var parts = {
        month : "$1",
        day : "$2",
        year : "$3",
        hour : "$4",
        minute : "$5",
        half : "$6" };

// Define key to translate month names to numbers
var months = {
        Dec:12 };

// Execute the RegExp
format.exec( dateString );

// Pull a few captured values out of global RegExp object
var hour = parseInt( RegExp[parts.hour], 10 );
var half = RegExp[parts.half];
hour = ( half == "AM" && hour == 12 ) ? 0 : hour;
hour += ( half == "PM" && hour != 12 ) ? 12 : 0;

// Create a date object and set the captured values
var d = new Date();
	( months[ RegExp[parts.month] ] - 1 ),
	RegExp[] );
d.setUTCHours( hour );
d.setUTCMinutes( RegExp[parts.minute] );

Accessible forms

Wednesday 26th March, 2008

Accessibility Tips has an article about using titles on form fields. I couldn’t agree more. Like a lot of sites Justgiving has been somewhat weak in the past when it comes to accessibility, but this is something that is now an integral part of our development process.

One situation in which I found INPUT.TITLE particularly useful is when one label visually describes two fields. An example of this is “Address Lines” next to two input fields.

Picture of a form containing a two-part address field

Often a designer or usability expert wants to minimise copy and label both fields with a single “Address” or “Address Lines” label.

Using a LABEL tag you could only label one field. You could use a hidden LABEL tag for the second field, or possibly wrap a second LABEL tag around the first one, but it seems more elegant to use the TITLE attribute to say “Address Line 1” and “Address Line 2”.

To finish this off I’d also want to make sure that the required or optional status of the field was included in the TITLE tag. Validation is handled either by server or client-side code, rather than by browser behaviour specified by markup. This means that screen-readers have little or no chance of communicating the optional/required status of fields, which for fully sighted people are often marked using asterisks or similar. Producing something like <input title=”Address Line 1 – required field”/>, <input title=”Address Line 2 – optional field”/> solves the problem.

Mobile barcodes

Thursday 20th March, 2008

Just came across this really interesting idea for a bar-code driven product wiki. The killer use case is that you could take a snap of a product’s bar code with your mobile phone camera and within seconds be reading what other people say about it, news articles, reviews, etc. It’s very compelling.

I suspect that patent holders would come running, but surely there’s a reasonable case for this patent (6,993,573) being denied, as granting it would create a monopoly equivalent to all hyperlinks being controlled by a single source.

Google Docs – Javascript presentation

Thursday 20th March, 2008

I’ve just been playing with Google Documents slideshow tool. On the whole, very impressive.

Positive points include the ability to share and chat online, allowing you to present remotely and only have to worry about voice connectivity.

Negative points include (and this might be my stupidity) a complete inability to figure out how to use the text formatting controls. No matter what I did I couldn’t change the size of my text, even though the font-size control was right before my eyes, taunting me.

Check out Google Docs to view the slides (Google account required). Slides include notable language points for Javascript outsiders, techniques for managing large codebases, summary of Javascript 2.

If anyone finds it useful, fair play.