Towards the end, in a discussion of the value of VRM for the vendors, somebody (I'm pretty sure it was Chris Carfi) said something like
They (the vendors) will never see a better qualified sales lead
Seems that Chris's presumption is that the vendor and the customer will only ever interact AFTER they determine that there exists an intersection between the desires of the customer (e.g. Sony PSP for less than $160) and the vendor's offerings (e.g. Sony PSP for greater than $155). Thus the wonderfully qualified sales lead - the customer is pre-filtered even before the two ever meet.
So, interaction (in the form of offer and acceptance) follows discovery and retrieval of identity attributes (specifically the personal RFPs of the customer that they've created). Based on the identity RFP it finds for a particular user, the vendor decides whether or not further interaction is appropriate (i.e. beneficial to both). The model is
Identity sharing ----------> Interaction (or not)
This is interesting because it seems the exact opposite of most use cases in which identity attributes are shared (and those that Liberty ID-WSF has historically focused on). In these use cases, interaction comes first. The user shows up at a service provider and, in order to provide some enhanced level of customization, the service provider seeks to obtain identity. The model is
Interaction --------------> Identity Sharing
I'll argue that current identity systems (OpenID to a lesser extent, albeit not spec'd out) are geared to the latter model, what are the implications of the former?
If identity sharing comes first, as the precursor to (possible interaction), the question is how:
- a service provide can retrieve identity of a users when not initiated by some interaction of that user
- once identity is retrieved, how can the service provider initiate the interaction (if appropriate)
- broadcast - the user makes their identity publicly available for service providers to find
- filtered query - the service provider sends a query for desired identity to designated identity providers, specifying their request abstractly in terms of the identity they seek rather than in teh context of specific users (e.g. 'who do you have that's looking for a Sony PSP?')
This isn't specific to VRM either. A bricks-and-mortar shop could be constantly looking for 'anybody within 1 km of my location' and, once found, interact with them in the form of a 50 cents off coupon. Scaling issues I grant you.