Vendor Relationship Management

Doc Searls is blogging about what he's calling Vendor Relationship Management (VRM), basically the inverse of Customer Relationship Management (CRM).

CRM is when a company stores information about you; VRM would technically be you storing information about the vendors you deal with, but really it's more like you're storing things on behalf of the vendors you deal with. 

Now, Doc is using his relationship with the bank as an example, but I don't think that's a very good example, because the bank owns your transaction data.  When you use your credit card to buy your dog a scarf, what you're really doing is asking the bank to pay the dog scarf vendor on your behalf, and you promise to pay the bank back.  That data belongs to the bank.  If you had it, well, wouldn't it be terrible if the dog scarf transaction data got lost?

Single Signon is a real problem, but it's a different problem.   There are two different pieces here:  Authorization, and data.

I'm all for single signon, but I accept that it will probably never happen, because every signle signon provider wants to be the only one.  Ironic, isn't it?

But the other part of the question is who owns the data.  One of Dave Winer's recent podcasts (sorry, I don't remember which one) mentions the movie ratings data that both Netflix and Yahoo Movies maintains, and comments that he'd really like to be able to take the data from one and move it into the other, but because they're both silos, he can't.

This is similar to an idea I've blogged about before (a few times, but I can only find this one mention right now) where what I'd really rather do is have somewhere like Flickr or Yahoo Movies have an abstraction layer that they use to access a data store, and be able to supply my own implementation fo that abstraction layer to them when I sign up.

I want to maintain my own identity and data - or at least, have the option of choosing who maintains it on my behalf (and the ability to do it myself if I want to).  When I sign up for a service, rather than creating an account, I want to give them my DataHub address, and they can use that to authenticate me, and also use that to store my data.

When I sign up for Yahoo Movies, I expect it would work a lot like it does today - especially with someone like Yahoo that provides a lot more than just one service - but I also expect that there will be a place for me to enter my DataHub address, so they can fetch my movie ratings data, and store new ratings data there.

And, if Yahoo Movies and Netflix both use a common movie ratings metadata schema, then they can both work with my most up to date data, without having to import or synchronize or do any additional work.  Netflix writes a rating, Yahoo Movies reads the rating from the same place.

Blog posts, forum posts, and comments, are all perfect uses of this system.  I configure WordPress with my DataHub address, and when someone visits my blog, it pulls (and caches) the data to show to the user.  If I want to switch to another blog engine, as long as it supports the DataHub blog post schema, there's no messy converting from one format to the other to do (if there even exist the tools to do it); the new engine just pulls the same data the old one has been using.

This isn't technically difficult, but it will be difficult.

This scheme only benefits the user; it doesn't benefit the sites that are providing the services.  Many of these sites depend on their users basically doing the work of building their databases or driving traffic to them for free, and they want to own that data.  Yahoo doesn't want me to be able to pull all my ratings out of their database whenever I feel like it.

I think the only way we'd see something like this happen is if it were to be required by some sort of Internet User Bill of Rights. 

Which isn't impossible - look at CableCard.  This is a technology that the cable providers didn't want to implement, that only benefits consumers.  Government is the only entity in a position to force companies to do things like cough up records; and if I can request my physical "file" from any company I deal with, why not my virtual "file"?