Solid Community Workshop #7 – 27/05/2021

Solid Community Workshop

7 – usability

27 mei 2021

Introductie

Solid ecosysteem: met wie?

Vertegenwoordigers uit

  • Industrie
  • Overheid
  • Beleidsdomeinen
  • Onderzoeksinstellingen

Datanutsbedrijf (Filip Champagne)

Historiek

  • Vlaamse Regeerakkoord 2019-2024: “De overheid legt zich toe op het verzamelen en ontsluiten van kennis en data met respect voor privacy en plaatst de burger/ondernemer terug centraal in de regie over zijn eigen data en interacties met de overheid. [We stellen data maximaal en via API’s open ter beschikking]: de ontwikkeling van toepassingen en apps laten we over aan de private markt , zodat overheid en private markt optimaal samenwerken en elk vanuit de eigen sterkte opereert. Waar mogelijk passen we het wederkerigheidsprincipe toe, zodat ook de private markt haar data deelt met de overheid.”
  • Relanceplan Vlaamse Regering (Vlaamse Veerkracht):
    • Digitale transformatie van economie en maatschappij door data als grondstof van de economie en maatschappij te valoriseren
    • Burgers en bedrijven moeten meer controle krijgen over hun eigen data , zodat ze er doelgericht en zelfbewust mee aan de slag kunnen
    • Oprichting Vlaams data nutsbedrijf dat fungeert als intelligente data verkeerswisselaar & neutrale derde partij
      • Vertrouwen in de data economie borgen door spelers de controle over de toegang tot hun data te laten behouden
      • Vertrouwen van de burger in de dataeconomie versterken waarbij we burgers zelf controle willen geven over data zodat ze die vlotter en veiliger kunnen delen en zo een zelf beheerde digitale identiteit kunnen creëren.
      • Gelijk data speelveld voor alle publieke en private spelers binnen aangesloten ecosystemen

3 doelstellingen

  1. Data beter vindbaar maken à Data marktplaats
  2. Ecosysteem van datakluizen versnellen en faciliteren àNutsvoorzieningen voor datakluizen
  3. Data en datakluizen laten samenwerken à Platform voor slimme datadiensten

Wat betekent dit voor Solid binnen DataNutsBedrijf?

3 bouwstenen:

  • Infrastructuur
  • Governance & standaardisatie
  • Toepassingen (use cases)

Als onderdeel van een ecosysteem.

Wat doen we nu?

Team voorbereiding datanutsbedrijf

  • Voorbereidend team
  • Kerngroep DNB vanuit Digitaal Vlaanderen
  • Brede ondersteuning Digitaal Vlaanderen

3 bouwstenen

  • Infrastructuur
  • Governance & standaardisatie
  • Toepassingen (use cases)

Kickstart Solid infrastructuur

  • Analyse gestart voor de uitrol van een Solid infrastructuur
  • Samenwerking met Inrupt
  • Ten laatste Q4/2021: operationele uitrol van platform
  • 2 Doelen:
    • Eigen use cases veilig lanceren
    • POD provision (white label) voor 3rd party applicaties

Geen kickstart zonder use cases

  • In aanloopfase use cases lanceren (en co financieren) vanuit DataNutsBedrijf
  • Vanuit Publiek Private samenwerking
    • Ontsluiten overheidsdata
    • Vanuit ervaring om zulke projecten te trekken

Governance nodig

Agentschap Digitaal Vlaanderen waakt over:

  • Informatie veiligheid
  • Interoperabiliteit
  • Europese samenwerking

Use cases

  • Mijn Verhuis
  • My Professional Data
  • Validata
  • We Are

Wat doen we (misschien) morgen?

  1. Oprichting DataNutsBedrijf (Q4/2021 Q1/2022)
  2. Praten met partners over:
    1. Ontwikkeling 3rd party applicaties op SOLID platform
    1. Hoe Community Solid Server verder ontwikkelen in Vlaanderen
  3. Eigen Use Cases verder onderzoeken in verschillende sectoren
    1. Water
    1. Digitale Meters
    1. Mobility as a Service
    1. Cultuurprofiel

User experience design (Jelle Saldien)

Zie slides.

Use Cases

Mijn Verhuis (Thijs Degheldere [Itsme] en Stéphanie Shaubroek)

Problem statement

Citizens must inform utility companies, employer, banks and other service providers of the change of domicile address through various administrative processes.

  • No motivation: Citizens must take the initiative themselves to update their domicile address.
  • No overview: Citizen must list all service providers who have their (old) address.
  • No consistent ux: Citizen must report the new address through specific processes of the service provider.

Guidelines & principles à UX concept

Guidelines & principles

Partnership

Combining strenghts of established partners will allow us to offer a unique solid- based ecosystem in Flanders.

  • Identity/consent provider: itsme
  • Pod infrastructure: Data utility company
  • Pod provider: Vlaamse overheid
Conditions (assumptions)

When creating a pod at the Flemish government citizens agree that:

  • Itsme is identity and consent provider
  • Mijn Burgerprofiel shares your core identity data when creating your Pod
  • Itsme is data consumer of the core identity data and is therefore informed when this data from the user is updated
  • Mijn Burgerprofiel is data producer and automatically updates data in your pod if data changes in trusted sources
UX guidelines

The user experience will be the key success factor to achieve mass adoption:

  • Anyone should be able to control and share data effortlessly. Users should not be bothered by the underlying technology.
  • Companies will only invest in building apps when there is a critical mass of customers knowing how to use pods and when it is compatible with services they already offer today.

UX Concept

Zie slides.

Levenslang Leren (Nicolas Mondada)

Notities aangeleverd door Nicolas Mondada.

General info

This use case demonstrates the long term aspiration of how the realm of employment and job search could benefit from Solid. Imagine that the equivalent of VDAB could have access to your CV in Solid format, including validated data on your prior education, job experience (via the tax agency), training certificates and core ID information. Of course that means that the components of the CV will be structured using linked data. This information opens up a whole host of possibilities, ranging from more optimal matching between jobs and candidates, to suggestions on additional training during professional reorientation.

That overarching vision is beyond the scope of the present workshop. Within the usability focus of this workshop we will zoom in on the consent flow when sharing your CV with a recruitment agency while you are looking for a job.

For the presentation we are working with slides and screenshots of the interface so we can

provide the necessary translation of the content which is in Swedish.

Notes on the slides

The Inrupt team has been working with the Swedish government on a project to bring Solid to the Swedish Department of Employment Job board. This agency is called Arbetsförmedlingen, which is the equivalent of the VDAB. This use case demonstrates a Solid-enabled user experience focusing on the consent flow. Along the way, we take a look under the hood to see how the consent flow is enabled by Solid on a technical level.

Highlight 1: Purpose(s)

In each case, it is clearly stated for what purpose the information is going to be used for, and

this is done using DPV (Data Privacy Vocabulary). DPV is a structured vocabulary that provides terms to describe and represent information related to the processing of personal data based on established requirements such as those from GDPR. This means not having purposes that are just made of free texts but purposes that are consistent across different consent grants.

Highlight 2: consent receipts as verifiable credentials

The consent receipts are implemented through verifiable credentials, as part of the W3C specifications. This makes the receipts tamper evident and makes sure that they contain all the necessary information:

  • Date issued and expiry date
  • Who was given consent
  • The purpose(s) for which the data can be used (see above).
  • References to the data the consent applies to
  • The text that was used to get consent from the data subject

These are some capabilities that are not currently demonstrated in the Sweden PoC:

  • Difference between mandatory and optional information sharing
  • Difference between reading and writing access requests
  • Different views on the access granted, mapped on:
    • Resource (structure)
    • Client
    • Agent
    • Timeline
    • Status
  • Consent is not coupled with the Solid server. People might trust their data to one provided and have the consent be managed by another provider.
  • Different types of notification modifiable by the subject:
    • In-app notifications
    • Email
    • Push notifications
    • SMS
  • Secure notifications can be used to
    • inform requesters when consent is granted or revoked
    • inform data subjects when consent is requested or given up
KEY TAKEAWAYS: Consent in a Solid Ecosystem
  • Solid is premised fundamentally on consent, and does this by taking the principle of consent one step further — actualizing it as control.
    • Some of this control is implemented via the Solid specification,
    • some is provided by a good user experience,
    • and some will be a matter of legal action when trust is violated.
  • Fair processing requires that data subjects are provided with certain information about how controllers will use their personal data. The key to fairness is transparency: being clear and open with users as to how their personal data will be used.
    • Solid excels here because you can see what data is being used and what data is stored in your pod.
    • Ability under Solid to take back data (by stopping access).
    • Moving away from the world of reliance on privacy policies.
  • The technologies underpinning consent leverage standards such as verifiable credentials, UMA2, DPV, GConsent
  • Retention and deletion are built into the Solid protocol. The data is retained in the pod and companies have no need to retain it. They don’t need to keep it. With Solid, data is accessed and used for a processing purpose but is not stored — removes retention issues

More info

The people from the Swedish Arbetförmedlingen project have recently presented at Solid World, the monthly gathering of the Solid developer community. These talks are targeted specifically to a developer audience.

The presentation on Arbetsförmedlingen starts around 30:30 minutes into the video.

In the June edition of Solid World you can also find talks on:

  • The role of Verifiable Credentials in consent flowsby Ruben Verborgh (at 05:30)
  • Privacy and the legal perspective by Eliott Behar (at 11:00)
  • Data sharing patterns as a tool to tackle legal considerations in Solid by Digita (at 24:30)

Break-out sessies

Vier vragen:

  • Hoe komt de voorgestelde flow over bij de user
  • Zou je de app gebruiken? Zijn er suggesties om te verbeteren of om zaken anders te doen?
  • Zijn de consentflows van de use cases voldoende uniform? Is er nood aan een generieke standaard, richtlijn, interface?
  • Wat vind je van de specificiteit van de consent (granulariteit en doel)?