Public Commons
As with Creative Commons, there is currently no standard way to express, from a data owner perspective, how you would like your data to be used on remote services once you've given access to it.
The idea is of the PublicCommons is let Consumers (remote services) know what they can and cannot do with protected resources (i.e. your data). If you specify that you support this extension, Consumers cannot do anything unless explicitly granted.
Simple examples:
- Any data retrieved with an OAuth Token must be protected and only exposed to the same User who authorized the Token. This will prevent sites like TwitterVision.com from showing my private tweets (my the private tweets of those I am following) to anyone else on the map. - Basically keep the same limits OAuth enforce.
- Use and discard. Flickr should be able to say, Consumers can grab Users' photos and do something useful with them but not store them locally. Usually the right to store the resources will be tied to the Token lifetime (which makes this very simple).
It might even be something as simple as saying "Don't share", "Don't store", etc.
Like any Privacy statement and TOS, this is just a declaration and does not actually stop anyone from obeying, but the same way Google respects your preferences in the robots file, the major players will resepect directives given in an OAuth extension.
Examples in the wild
- Facebook's F8 Platform has 5 categories of permissions specific to their platform:
Types of data
- if a social network supports OAuth, a Consumer can get access to my profile, but also to my friends profiles. It would be useful to be able to say: you can only use this information for the sole benefit of the User - which means, do not crawl the network for your own database.
Previous work