How does XDI address the complex privacy issues involved with cross-domain data sharing?
Cross-domain privacy is a complex, multi-dimensional problem. However on this score XDI does promise a key breakthrough: XDI link contracts can provide a standardized way to both: a) persistently identify data and data authorities using XRIs, and b) represent domain-independent data sharing and usage controls. This architecture is a direct outgrowth of the ISTPA Privacy Framework developed by the International Security, Trust, and Privacy Alliance (www.istpa.org), so it explicitly addresses the requirements for cross-jurisdictional data protection. XDI link contracts can reference or describe privacy policies in different domains, and they can also provide an automated mechanism for negotiating, recording, and updating the permissions specified by these policies (e.g., opt-in or opt-out). For this reason XDI service and the XDI Service Dictionary may offer a new tool for cross-domain privacy management that can supplement W3C’s P3P (Platform for Privacy Preferences Project) and IBM’s E
