Respect Network marries security, trust in portable cloud data push

More than three years after its founders began looking for a more secure way of sharing data across cloud services, the launch of the global Respect Network – in four countries – highlights their ambition to turn a federated cloud-based platform for secure information sharing into the next big social-media platform.

The Respect Network – launched this week with 73 partners at ceremonies in four cities around the world including Sydney – is the culmination of years of research work by an 18-strong team of software architects that has built on the emerging XDI (eXtensible Data Interchange) OASIS standard to allow data to be moved with all security controls and authentication requirements intact.

XDI is built on the idea of 'link contracts' that define security and privacy requirements that must be adhered to when handling the data referred to by the link contract. Because they are portable and stay with the data, they form the basis for Respect Network's promised value-add: securely moving data amongst participating private-cloud services.

“The problem we're trying to solve is providing an easy and standard way to do trusted private data sharing versus the kind of public data sharing that happens on social networks today,” CEO Drummond Reed, who is co-chair of the XDI standards technical committee, told CSO Australia.

“This data needs to be under your individual control: you need to be able to share it with a very high degree of security and privacy.”

Respect Network's overall structure not only includes the XDI-based data exchange format, but also incorporates a policy layer that offers legally-binding agreements amongst member companies to respect certain levels of security.

This agreement, called the Respect Trust Framework, was submitted to the Open Identity Exchange as a formal Trust Framework and includes five subsidiary elements: a Master Document highlighting the overriding principles of the framework; a Respect Reputation System outlining the reputation-based peer-to-peer system; the Respect Business Framework specifying business rules for interoperability; Technical and Operational Specifications specifying technical interoperability; and Mapping of Respect Principles between the Respect Principles and formal information protection principles around the world.

With 73 partners already signed up and more joining every week – Australian cloud provider Onexus was one of five cloud service providers upon the global launch – Reid is optimistic that the move to support technical interoperability with portable business rules and legally-binding responsibilities will help the Respect Network become a trusted conduit for secure information exchange.

“We are starting with a simple membership model but as the business grows, [companies] will pay to scale to recognising the value of the cloud and the value of the relationship,” Reed said. “It's not about people selling data: they're providing access to information about themselves, and a secure channel for messaging with them to have a private relationship.”

The service's use of a universal indicator – the equals sign, serving as an identifier in the same vein as Twitter's @ symbol – is designed to position the service as a permanent and portable data repository to customers who pay the one-off fee of around $US25 for a Respect Network address. Trusted partners could then deliver information to this address knowing that its security protections are maintained.

For their money, customers gain access to a secure form of data tagging that follows the RTF's five core principles: promise, permission, protection, portability and proof.

The paradigm will be most familiar to everyday users who see it increasingly used to share social-media comments in the same vein as the now-ubiquitous 'Like' and 'Tweet' sharing buttons. A 'Respect' button would not only publish the information, but allow the owner to retain control over it – including withdrawing it in the future if so desired.

Building a coalition of online trust will eventually position Respect Network as the cloud-data equivalent of existing networks of credit-card providers or banks, Reed said – with related service providers and users of secured data expected to come aboard as the number of users grows. A target of 1 million users has been set by year's end as a so-called Million Member campaign takes hold.

“We intend to do for private, trusted data sharing what Facebook, Twitter or LinkedIn have done for public data sharing and messaging,” he said, noting that the ease of moving data between cloud services could help smaller cloud providers work together to quickly bring newer, nimbler innovators into their ecosystems.

“We're making it very tangible,” Reed explained.

“We believe this will be as much of a generator of new applications and services as the personal computer was in the 1980s and the smart phone in the 2000s. The emergence of global networks of personal clouds is going to enable a new class of applications based on trusted data being able to flow as easily as packets do today.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.