Φ Pardalis Data Ownership Blog

Let's begin with the definition of Cloud Computing as currently found in Wikipedia, the free encyclopedia -

"The term ... derives from the common depiction in most technology architecture diagrams, of the Internet ... using an illustration of a cloud. The computing resources being accessed are typically owned and operated by a third-party provider on a consolidated basis in data center locations. Target consumers are not concerned with the underlying technologies used to achieve the increase in server capability, [the availability of which] is sold simply as a service available on demand."

As reported in Data Center Knowledge, Microsoft Chairman Bill Gates recently spoke about the boom in data center growth -

"The shift of services to the Cloud is getting us to think about data centers on a scale we never have before .... When you think about design, you can be very radical and come up with some huge improvements as you design for this kind of scale ...."

As reported in The Economist there is indeed a boom in the data center industry -

"Data centers are essential to nearly every industry and have become as vital to the functioning of society as power stations are .... American alone has more than 7,000 data centers .... And each is housing ever more servers, the powerful computers that crunch and dish up data .... Google is said to operate a global network of about three dozen data centers with ... more than 1 million servers. To catch up, Microsoft is investing billions of dollars and adding up to 20,000 servers a month .... In America the number of servers is expected to grow to 15.8 million by 2010 - three times as many as a decade earlier."

This boom is building the Cloud where software as a service (SaaS) will find the 'oxygen' it needs to survive and thrive. The expansion of the Cloud augurs well that distributed data within the Cloud will come to substitute to some extent - perhaps substantially so - for data distributed outside of the Cloud.

One resulting consequence will likely be that mobile technology becomes promoted not as a storage device but as a utilitarian tool for taking a sip of data as needed, when needed, from the moisture of the Cloud. Imagine the Cloud holding the data for each user's personal mobile technology. Imagine users traveling as 'digital nomads' without laptop computers, because they will stay connected to the Cloud through their internet-accessible mobile phones.

Jonathan Schwartz, CEO of Sun Microsystems, spent a week recording his life as one such digital nomad for The Economist.

Click on image to play video podcast [5m 25s]

Here's the takeaway quote (paraphrased) from this podcast - "In my travels I keep a pen and a BlackBerry. My assumption is that the network has become ubiquitous across the world. The network is more a utility for me than a destination." 

Again, data distribution becomes more about distribution of data stored within the Cloud and less about distribution of data stored on mobile technology. Lost your internet-accessible mobile phone in Paris, France? Purchase another one when you land in San Francisco and re-connect to the Cloud (and your address book, scheduling calendar, etc.) without missing a beat.

Another likely consequence of the Cloud is that as people and businesses consider moving their computer storage and services into the Cloud, their direct technological control of information becomes more and more of a competitive driver. The buzz created by Dataportability.org is the early evidence of this driver. See Portability, Traceability and Data Ownership (Part I).

But mere portability is not enough. It only whets the appetite of people and business owners for more technological control - not just legislated or contractual privacy protections. See, e.g., Personal Health Records, Data Portability and the Continuing Privacy Paradigm. That is, the Cloud significantly increases the opportunities for privacy friendly technologies, including data ownership technologies.

"The [online] company that ... figures out ways of ... [technologically] building into [its] compliance systems ... [privacy] compliance mechanisms ... will be putting itself at a tremendous competitive advantage for attracting the services to operate in [the cloud computing environment]." Quoting Reidenberg in Computing in the Cloud: Possession and ownership of data.

Steve Inskeep of NPR's Morning Edition recently talked with Craig Balding, an information technology security expert for a Fortune 500 company, about Cloud Computing. Here's the takeaway exchange from the 3m 30s audio clip 'Cloud Computing' Puts Computer Resources on Tap -

Inskeep (2m25s): "Is somebody who runs a business, who used to have a filing cabinet in a filing room, and then had computer files and computer databases, really going to be able or want to take the risk of shipping all their files out to some random computer they don't even know where it is and paying to rent storage that way?"

Balding: "Yes, that's really a key question, even though these are reputable companies ... there's going to be a whole ecosystem that builds up around around [Cloud Computing] ... of smaller companies that will offer additional services on top of [Cloud Computing's] basic services .... so what I've done is [I've} actually started up a blog [called] cloudsecurity.org and what I'm trying to do is to get the various cloud providers to come and have a discussion about what security they are doing ..."

If you are an IT security expert, I would encourage you to take a moment to familiarize yourself with Mr. Balding's Cloud Security blog. Security is an absolute essential for the Cloud, as it has been for databases of any size since they were first engineered.

But security ... is not enough.

As Bruce Schneier has written in Secrets And Lies - Digital Security In A Networked World -

"The average person can not tell good security from bad security... the world is filled with specialties that are critical to public safety and security, and yet are beyond the comprehension of the general population... Commerce works the same way. When was the last time you personally checked the accuracy of a gas station's pumps, or a taxicab's meter, or the weight and volume information on packaged foods?" [emphasis added]

Schneier's language parallels the central theme of Banking on Granular Information Ownership -

"People are comfortable and familiar with monetary banks. That’s a good thing because without people willingly depositing their money into banks, there would be no banking system as we know it .... [By comparison, we] live in a world that is at once awash in on-demand information courtesy of the Internet, and at the same time the Internet is strangely impotent when it comes to information ownership ....

In many respects the Internet is like the Wild West because there is no information web similar to our monetary banking system. No similar integrated system exists for precisely and efficiently delivering our medical records to a new physician, or for providing access to a health history of the specific animal slaughtered for that purchased steak. Nothing out there compares with how the banking system facilitates gasoline purchases."

Banks meet the expectations of their customers by providing them with security, yes, but also credibility, compensation, control, convenience, integration and verification. It is the dynamic combination of these that instills in customers the confidence that they continue to own their money, even while it is in the hands of a third-party bank.

No, security is not sufficient by itself to compel the hypothetical business owner, whom Inskeep was referencing, to take the risk of putting his or her information into the Cloud.

As blogged in Portability, Traceability and Data Ownership (Part IV), nobody has done a better job of describing why data ownership matters to the use and effectiveness of big databases than Marshall Van Alstyne. And I continue to be charmed with the 1994 publication he co-authored entitled, Why Not One Big Database? Ownership Principles for Database Design.

You might have seen this before, but here’s my favorite quote from Van Alstyne's paper -

“The fundamental point of this research is that ownership matters. Any group that provides data to other parts of an organization requires compensation for being the source of that data. When it is impossible to provide an explicit contract that rewards those who create and maintain data, "ownership" will be the best way to provide incentives. Otherwise, and despite the best available technology, an organization has not chosen its best incentives and the subtle intangible costs of low effort will appear as distorted, missing, or unusable data.” (emphasis added)

I know I am in effect bootstrapping Van Alstyne's research results.

I am taking liberties by stretching his research from big organizational databases to cover that of the Cloud. I recognize that the Cloud is already of a scale that is astronomically larger than even what Van Alstyne in his mid-1990's research could have possibly imagined it would become today.

But when I read Van Alstyne's paper there is an insistent voice inside of me that says "data ownership matters to the Cloud for the same reasons it matters to big, organizational databases." 

Clouds V1 from Robert Beyer on Vimeo.

[This concludes Part I of a three part series. On to Part II.]

The following video is provided by UChannel, a collection of public affairs lectures, panels and events from academic institutions all over the world. This video was taken at a conference held at Princeton University's Center for Information Technology Policy on January 14, 2008. The conference was sponsored by Microsoft.

What you will see is a panel and discussion format moderated by Ed Felten, Director of the CITP. The panel members are:

1. Joel Reidenberg, Professor of Law, Fordham University
2. Timothy B. Lee, blogger at Technology Liberation Front and adjunct scholar, Cato Institute
   
3. Marc Rotenberg, Executive Director, Electronic Privacy Information Center
   

Here is a paragraph descriptive of the questions addressed by the panel. 

"In cloud computing, a provider's data center holds information that would more traditionally have been stored on the end user's computer. How does this impact user privacy? To what extent do users "own" this data, and what obligations do the service providers have? What obligations should they have? Does moving the data to the provider's data center improve security or endanger it?"

The video, entitled "Computing in the Cloud: Possession and ownership of data", is useful and timely. And the panel is well constructed.

Tim Lee, who readily states that he is not a lawyer, very much serves as an apologist for the online companies who believe that "total, one-hundred percent online privacy would mean ... that there wouldn't be any online [sharing] services at all" (Video Time ~ 2:07).

The online services Lee briefly touches upon by way of example are the ubiquitous use of Web cookies for collecting a wide variety of information about usage of the Internet by online users (~5:30), Google's Gmail which employs a business model of examining contents of users' e-mail and tailoring advertising presented to users (~8:05), Facebook's News Feed service which permits users to keep track of changes to their 'friends' accounts, and Facebook's Beacon service which sends data from external websites to Facebook accounts for the purpose of allowing targeted advertisements (~10:54).

Joel Reidenberg, a professor of law, believes that the distinction between government and the private sector loses its meaning when we think of computing in the cloud (~ 15:10), but that the prospect of cloud computing also reinforces the need for fair information practice standards (~16:00). He is of the opinion that as computing moves into the cloud it will be easier to regulate centralized gate-keepers by law and/or by technical standards (~23:50).

• This is my first 'take away' from this video clip in that Professor Reidenberg reinforces the need for centralized standard setting bodies as I concluded in Portability, Traceability and Data Ownership - Part IV.
  

Marc Rotenberg, also a law professor, emphasizes that without user anonymity, and without transparency provided by the online companies, there will be no privacy for users in the cloud (~29:47 - 37:20). And in doing so Rotenberg challenges Tim Lee for his statement that there cannot be complete user privacy for online companies to provide the services they provide (~33.30). This actually makes for the most interesting exchanges of the video from the 38:00 minute mark to the 44:00 minute mark. 

There is also an interesting dialogue regarding the application of the Fourth Amendment. One of the conference attendees asked the panel why there had been no mention of the Fourth Amendment in any of their presentations. Here is the response from Reidenberg at the 53:30 mark:

"Cloud computing is threatening the vitality of the Fourth Amendment ... [because] the more we see centralization of data [by private, online companies], and the more that data is used for secondary purposes, the easier it is for the government to gain access outside the kind of restraints we put on states in the Fourth Amendment."

In other words, why should the government worry about overcoming Fourth Amendment hurdles about confiscating a person's data when it can sit back and relatively easily purchase or otherwise obtain the same personal data from the big online companies? And do so even in real-time? Why, indeed.

For me, the second 'take away' from this video is found in another cogent comment by Professor Reidenberg at the 88:53 mark:

"The [online] company that ... figures out ways of ... building into [its] compliance systems ... [privacy] compliance mechanisms ... will be putting itself at a tremendous competitive advantage for attracting the services to operate in [the cloud computing environment]."

The technological data ownership discussed and described in Portability, Traceability and Data Ownership - Part IV, supra, is a privacy compliance mechanism.

For those who are interested in the legalities and government policies revolving around burgeoning data ownership issues related to software as a service, the Semantic Web and Cloud Computing, and who are motivated to sit through a 90 minute presentation, here is the video clip ....

 

[return to Part III]

Connecting Portability to Traceability

Let’s begin this final part with a nicely presented video interview of Tim Berners-Lee, the widely acclaimed inventor of the World Wide Web, by Technology Review.

Video: Tim Berners-Lee on the Semantic Web
Technology Review (March, 2007)
Clicking on this link opens the video in a separate window for an 8 min 24 sec video.
Close that window when the video is complete and you'll be returned here.

 
Berners-Lee has a degree in physics from The Queen’s College, Oxford. He well expresses in the video the insight of an academic technologist preaching the benefits of the emerging Semantic Web as, essentially, one big, connected database.

For instance, Berners-Lee discusses life sciences not once but twice during this interview in the context of making more and better semantically connected information available to doctors, emergency responders and other healthcare workers. He sees this, and rightly so, as being particularly important to fight both (a) epidemics and pandemics, and (b) more persistent diseases like cancer and Alzheimer’s. Presumably that means access to personal health records. However, there is no mention in this interview about concerns over the ownership of information.

Here’s a more recent interview excerpt in March, 2008, initiated by interviewer Paul Miller of ZDNet, in which Berners-Lee does acknowledge data ownership fear factors.

Miller (03:21): “You talked a little bit about people's concerns … with loss of control or loss of credibility, or loss of visibility. Are those concerns justified or is it simply an outmoded way of looking at how you appear on the Web?”

Berners-Lee: “I think that both are true. In a way it is reasonable to worry in an organization … You own that data, you are worried that if it is exposed, people will start criticizing [you] ….

So, there are some organizations where if you do just sort of naively expose data, society doesn't work very well and you have to be careful to watch your backside. But, on the other hand, if that is the case, there is a problem. [T]he Semantic Web is about integration, it is like getting power when you use the data, it is giving people in the company the ability to do queries across the huge amounts of data the company has.

And if a company doesn't do that, then, it will be seriously disadvantaged competitively. If a company has got this feeling where people don't want other people in the company to know what is going on, then, it has already got a problem ….

Well actually, it would expose... all these inconsistencies. Well, in a way, you (sic) got the inconsistencies already, if it exposes them then actually it helps you. So, I think, it is important for the leadership in the company … to give kudos to the people who provided the data upon which a decision was made, even though they weren't the people who made the decision.” (emphasis added)

Elsewhere in this ZDNet interview, Berners-Lee announces that the core pieces for development of the Semantic Web are now in place (i.e., SPARQL, RDF, URI, XML, OWL, and GRDDL). But, again, what I find lacking is that these core pieces do not by themselves provide a mechanism for addressing data ownership issues.

I wish I could introduce Berners-Lee to Marshall Van Alstyne.

Actually, they may already know each other. Like Berners-Lee, Van Alstyne is a professor at the Massachusetts Institute of Technology. Van Alstyne is an information economist whose work in the area of data ownership I have greatly admired for some time (though I have yet to have had the pleasure of making his acquaintance).

There are other noteworthy recent papers by Van Alstyne but, since I first came across it several years ago, I have continued to be enamored with the prescience of a 1994 publication he co-authored entitled, Why Not One Big Database? Ownership Principles for Database Design. Here’s my favorite quote from that paper.

“The fundamental point of this research is that ownership matters. Any group that provides data to other parts of an organization requires compensation for being the source of that data. When it is impossible to provide an explicit contract that rewards those who create and maintain data, "ownership" will be the best way to provide incentives. Otherwise, and despite the best available technology, an organization has not chosen its best incentives and the subtle intangible costs of low effort will appear as distorted, missing, or unusable data.” (emphasis added)

Whether they know each other or not, the reason I would want to see them introduced is that I don’t hear Van Alstyne’s socio-economic themes in the voice of Berners-Lee. In fact I have checked out the online biographies provided by the World Wide Web Consortium (W3C) of the very fine team that Berners-Lee, as the head of W3C, has brought together. I find no references to academic degrees or experiential backgrounds in either sociology or economics. The W3C team is heavily laden with technologists.

And, why not? After all, the mission of the W3C is one of setting standards for the technological marvel that is the World Wide Web. One must set boundaries and bring focus to any enterprise or endeavor, and Berners-Lee has reasonably done so by directing the W3C team to connect the data that society is either already providing, albeit free of data ownership concerns (i.e., the information already available in massively populated government databases, academic databases, or other publicly accessible sources).

It’s just that I wish there was some cross-pollination going on between the W3C and the likes of Van Alstyne that was resulting, for instance, in something like author-controlled XML (A-XML) as exampled in Parts II and III, above (and, again, below).

That the W3C is not focusing on data ownership is an opportunity for the likes of Dataportability.org. Similarly, as mentioned in Part III, above, in the world of supply chains a likely candidate for a central ‘any product data bank’ would be EPCglobal, the non-profit supply chain consortium. But EPCglobal is a long way from focusing on the kind of data ownership proposed in this writing, or perhaps even envisioning as an organization that they might want to do so.

Like EPCglobal within the ecology of supply chains, Dataportability.org has seated at its table some very powerful members of the social networking ecology (i.e., Google, Plaxo, Facebook, LinkedIn, Twitter, Flickr, SixApart and Microsoft). There is a critical mass in those members that provides an opportunity for an organization like Dataportability.org to become a neutral, central data bank for portable information among its members for the benefit of social networking subscribers.

For instance, for e-mail addresses desired by a Facebook subscriber to be portable to other social networking websites, Facebook would add tools to the subscriber's interface for seamless registration of the e-mail addresses with a central, portability database branded with Facebook's trademark (but in fact separately administered by Dataportability.org).  The subscriber would merely enter the chosen e-mail addresses into his or her interface, click on the 'register' button, and automatically author the following draft XML object ...

<?xml version="1.0" encoding="UTF-8" ?>
<PortabilityDictionary_DraftElements>
<emailaddr>noname01@pardalis.com</emailaddr>
<emailaddr>noname02@pardalis.com</emailaddr>
<emailaddr>noname03@pardalis.com</emailaddr>
</PortabilityDictionary_DraftElements>

... which would come to be registered in the central portability 'bank' (again, administered by Dataportability.org) as the following XML object.

<?xml version="1.0" encoding="UTF-8" ?>
<PortabilityDictionary_RegisteredElements>

<emailaddr UniquePointer =
" http://www.centralportabilitybank.org/email_IDs/21263 "/>

<emailaddr UniquePointer =
" http://www.centralportabilitybank.org/email_IDs/21264 "/>

<emailaddr UniquePointer =
" http://www.centralportabilitybank.org/email_IDs/21265 "/>

</PortabilityDictionary_RegisteredElements>

Again, as illustrated in Part III, above, this would set the stage for a viable model for Dataportability.org, as a non-profit consortium managed by the likes of Facebook, Flickr, etc., to provide more than just portability services. Now, with a centralized registry service for A-XML objects (i.e., author-controlled, informational objects) the portability service could easily be stretched into a non-collaborative data authoring and sharing service.

IP Comment: Compare and contrast the collaborative data authoring and sharing systems illustrated by Xerox's US Patent 5,220,657, Updating local copy of shared data in a collaborative system Φ and eiSolutions' US Patent 6,240,414, Method of resolving data conflicts in a shared data environment.

And, again, the 'data ownership' service would presumably be branded by each of the distributed ‘bank members’ (like Facebook, Flikr, etc.) as their own service.

What might this data ownership service entail? To instill confidence in subscribers that they ‘own’ their portable data, what could be provided to members by Facebook, Flickr, etc. as part of the data ownership service made possible by the central Dataportability.org?

For instance: 

• Each time an administrative action is taken by Dataportability.org affecting the registered data object - or a granular data element within a registered object - the subscriber could choose to be automatically notified with a fine-grained report.
  
• Each time the registered data object is shared - or data elements within the object are granularly shared - according to the permissions established by the subscriber, he or she could choose be immediately, electronically notified with a fine-grained report.
• Online, on-demand granular information traceability reports (i.e., fine-grained reports mapping out who accesses or uses a subscribers shared information)
• Catastrophe data back-up services
• etc. 

Thus could Dataportability.org light a data ownership pathway for both the W3C and EPCglobal. 

Concluding Remarks 

The fundamental point of this multi-entry blog is that data ownership matters. With it, the Semantic Web stands the best chance for reaching its full potential for the porting of records between and among social networking sites, and for the tracking and discovering of information along both information and product supply chains.

And holding that positive thought in mind, it’s time to end this writing with a little portability rock n’ roll. It's courtesy of Danny Ayers. Enjoy!

[return to Part I]

The Dilemma of Missing Information

Here is a four minute video interview of Chris Saad, Co-founder and CEO of Faraday Media. If you are pressed for time, just catch the first minute and a half. Chris is also Co-founder and Chairperson of Dataportability.org of which Faraday Media is a sponsor. In Part I of this multi-entry blog I began with the video clip called Data Portability – Video that is a promo for Dataportability.org.

Learning from the Future at the Next Web with Chris Saad from Maarten on Vimeo.

Right after the Facebook/Scoble incident, Dataportability.org gained momentum and membership from individuals associated with the likes of Google, Plaxo, Facebook, LinkedIn, Twitter, Flickr, SixApart and Microsoft. At Chris' suggestion I, too, have just recently joined their DataPortability Policy Action Group.

Henry Story, a staff engineer for Sun Microsystems, made the following interesting comments on the Sun Babelfish blog about Chris Saad’s Data Portability group and the Data Portability – Video.

“Will the Data Portability group [at Dataportability.org] get the best solution together? …. [O]ne wonders whether XML is not the solution to their problem. Won't XML make data portability possible, if everyone agrees on what they want to port? Of course getting that agreement on all the topics in the world is a never ending process....

But the question is also whether portability is the right issue. Well in some ways it is. Currently each web site has information locked up in html formats … [which makes] it difficult to export the data, which each service wants to hold onto as if it was theirs to own.

Another way of looking at this is that the Data Portability group cannot so much be about technology as policy. The general questions it has to address are question of who should see what data, who should be able to copy that data, and what they should be able to do with it. As a result the policy issue of Data Portability does require one to solve the technical problem of distributed identity: how can people maintain the minimum number of identities on the web? (ie not one per site) Another issue that follows right upon the first is that if one wants information to only be visible to a select group of people - the "who sees what" part of the question - then one also needs a distributed way to be able to specify group membership, be it friendship based or other. The [Data Portability – Video] … makes that point very clearly why having to recreate one's social network on every site is impractical.

Story’s comments are a good setup for what I want to address. And what I want to address is how to make a connection between data portability and what I call the ‘frayed ends and laterals’ of complex product supply chains.

Along the way I want to pay attention to those readers (i.e., the vast majority of the regular, non-techie folks in the world) who are hanging back wondering what an XML object is. Let’s weave in a little history with a simple example, shall we?

The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. W3C is headed by Sir Tim Berners-Lee, creator of the first web browser and the primary author of the original Uniform Resource Locator (URL), HyperText Transfer Protocol (HTTP) and HyperText Markup Language (HTML) specifications. These are the principal technologies that form the basis of the World Wide Web.

For example, consider this product pedigree written in natural language.

Product Pedigree Document
Manufacturer ID = Safe Toy Company
Product Serial Number = STOY991
Product Description = Painted Toy
Product Info To Supply Chain = 0% lead in paint
Product Info To Govt Regulator = Less than 600ppm of lead in paint by weight

A beneficial characteristic of the World Wide Web is that you can read language like the foregoing example in a natural way but ‘behind the scenes’ (i.e., behind the web browser interface) this natural language representation can be constructed in different ways for different purposes.

The same natural language representation written as an HTML information object using an HTML authoring software application (also called an HTML editor) would read behind the scenes as follows.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<body><p>
Product Pedigree Document<br>
Manufacturer ID = Safe Toy Company<br>
Product Serial Number = STOY991<br>
Product Description = Painted Toy<br>
Product Info To Supply Chain = 0% lead in paint<br>
ProductInfo To Govt Regulator = Less than 600ppm of lead in paint by weight
</p></body></html>

Because HTML objects are designed primarily for creating static websites, and not for dynamic information sharing, W3C has further developed standards for structured electronic sharing in the form of Extensible Markup Language (XML) objects for facilitating the emerging Semantic Web.

With gracious assistance from my good friend and collaborator, Dr. Marvin Stone, here’s an example of a granular XML information object created in an XML editor that would be naturally represented through a web browser as above.

<?xml version="1.0" encoding="UTF-8" ?>
<Pedigree>
<ManufacturerID>Safe Toy Company</ManufacturerID>
<ProductSerialNumber>STOY991</ProductSerialNumber>
<ProductDescription>Painted Toy</ProductDescription>
<ProductInfoToSupplyChain>0% lead in paint</ProductInfoToSupplyChain>
<ProductInfoToGovtRegulator>Less than 600ppm of lead in paint by weight</ProductInfoToGovtRegulator>
<OtherData>Document Type Definitions</OtherData>
</Pedigree>

This type of granular XML object works fine for short, vertically integrated supply chains covered by one or two enterprise systems where a small number of supply chain participants agree on what they want to port. But due to prevalent fear factors (and other policies) that prevent or otherwise affect information sharing along lengthy, complex information supply chains, there is a critical need for a more refined XML tool.

Here’s an example of a hypothetical, author-controlled XML object that would be created/authored/constructed using an extension to the foregoing XML editor that we could call an A-XML editor extension (i.e., author-controlled XML editor extension).

<?xml version="1.0" encoding="UTF-8" ?>
<Pedigree>
<PedigreeID UniquePointer =" 99087 "/>
<ManufacturerID UniquePointer =" 00372 "/>
<ProductSerialNumber UniquePointer =" 43229 "/>
<ProductDescription UniquePointer =" 23444 "/>
<ProductInfoToSupplyChain UniquePointer =" 66221 "/>
<ProductInfoToGovtRegulator UniquePointer =" 66333 "/>
<Permissions UniquePointer =" 37911 "/>
     <!-- Manufacturer information sharing permissions -->
<OtherData>Document Type Definitions</OtherData>
</Pedigree>

In the process of being authored by the toy manufacturer, this A-XML object would be constructed to point to a central repository of uniquely identified data containing the toy manufacturer's unique ID, the unique identifiers of the painted toy’s pedigree, and a unique identifier of the toy manufacturer's information sharing permissions.

Once distributed by the manufacturer/author to a lengthy supply chain, this A-XML object would provide greater control, visibility and traceability one-share, two-shares, three-shares, etc. away from the author. As other supply chain participants access the A-XML object (using a compatible XML editor) to confirm the toy’s pedigree, the toy manufacturer would be provided with supply chain visibility never before experienced.

For instance, the data element "0% lead in paint" uniquely identified as 66221 would be accessible by any supply chain participant registered with the central repository and using a compatible XML editor. The data element "Less than 600ppm of lead in paint by weight" uniquely identified as 66333 would only be accessible by permitted government regulators also registered with the central repository. (For those of you concerned with the ethics of representing one thing to consumers while reporting something else to the government, check out Are Food Labels Reliable?)

In my first journal entry to this blog I offered this:

“Unscrupulous supply chain participants will always try to hide in the ‘fog’ of their supply chains. The manufacturers of safe products want to differentiate themselves from the manufacturers of unsafe products. But, again, fear factors keep the good manufacturers from posting information online that may put them at a competitive disadvantage to downstream competitors.”

There’s a chicken and egg effect here, isn’t there? That is, which comes first, policy or technology?

Here’s one answer.

Don’t throw the baby out with the bath water. Don’t get rid of the supply chain enterprise and legacy systems that are already providing useful information sharing without the data ownership characteristics of a tool like A-XML. But in the context of an emerging Semantic Web that will lean heavily upon software-as-a-service, consider the missing and incomplete information that is not being shared from the frayed ends and laterals of complex product supply chains.

And, ask yourself, could there be both a technological and socio-political connection made between data portability and supply chain traceability?

[continued in Part III]

When 0 trans fats doesn't mean zero ....