Profila / Catalyst

Cardano Catalyst funded projects - documentation, project management & code
1 stars 0 forks source link

[RFW0003] NFT of data subscription information and how a brand accesses it #3

Open ProfilaMitchell opened 2 years ago

ProfilaMitchell commented 2 years ago

Table of Contents

Housekeeping

Make sure to clearly understand Type-A and Type-B requests, and the relavant limitations. Failling to follow the guidelines pertaining to the two acceptable types of RFWs will automatically lead to disfqualification of the RFW.

Take time to complete each section below with as much detail as is required to establish a comprehensive understanding about the underlying product specification.

ALL BELOW FIELDS ARE REQUIRED

The Problem

There is a lack of a secure way to share data between brands and users

User Story

As a user I want to allow a brand to access my data via a data subscription so I can see their content

Request Type A/B

Type B

Owner

Mitchell Goudie

Summary

The minting of an NFT to give to brands which grants them access to user data, which is encrypted and stored on Profila. The terms of the access (which user data, for how long, compensation) are included in the NFT. This functions as a data subscription between a brand and the user.

Is This Really Necessary?

The sharing of data between users and brands (data subscription) is an integral part of Profila in not only allowing users to have more control over their data, sharing only what they want with the brands that they want (and no third parties), but also allowing them to be compensated for it. This also facilitates access to evergreen, user created data for brands as opposed to algorithmically assumed metrics. Delivering on these goals is the "best way" to shift the current marketing surveillance paradigm.

Motivation

The minting of an NFT to give to brands, through which they are granted access to user data stored on Profila servers (encrypted). This functions as a data subscription between a brand and the user.

By implementing a system wherein users can grant access to their data (specific elements) to specific brands which have an NFT (which, aside from acting as a key, contains the information of the contract), we deliver on Profila's goal of allowing consumers to control relationships with brands and the use of their data by brand's. The scope of this request:

Named Concepts

Data Subscription - Is when a brand subscribes to a certain set of user data based on their needs, and compensates the user for access to the data. The access is revoked at the end of the contract.

Examples, Risks & Assumptions

  1. Explain concretely what will manifest as a result of this RFW.

The NFT contains the following details:

  1. Individual's name, last name
  2. Brand's name
  3. The link to respective IPFS location
  4. The dataset which the Individual has agreed to share with the brand
  5. The fixed length of time the brand has access to this information
  6. The payment amount and currency (stable coin, fiat, or ZEKE)
  7. The date of the agreement


  1. Explain how is it different from what is already manifesting i.e. what we already have?

Currently there is no blockchain element to data subscriptions

  1. Explain what Profila users/brands will experience as a result of this RFW. How will they feel as a result of it? How will they benefit as a result of it?
  1. If applicable, provide sample messages for any new messages the system will display as a result of this RFW.

Message for Brands receiving the NFT to access the data: This NFT will act as your key to access the users data. Once the agreed date in the contract passes, you will lose access to the data unless you offer the user another subscription.

  1. Define what is out of scope in this request.

The UI process of granting (and requesting) access to user data is out of the scope of this RFW

  1. What are the data protection, privacy and security assumptions made for this request (example, should this be GDPR, HIPPA (healthcare), NIST compliant etc. - Speak to Michiel or Ipek!)

GDPR - Access to user data is being granted via NFT as a key, as such, proper precautions regarding the timeframe this NFT works as access need to be taken

  1. Explain how this user story will be supported (i.e customer support - if the user story fails technically, how will the user be supported).

Support Flow If the NFT cannot be minted with the relevant subscription details, tech support must be notified

User Logic

Tech Support Logic

  1. Explain how this user story impacts revenue or billing (if applicable).
  1. State any additional risks identified as a result of this user story.

There is a risk that the brand somehow records or exports user data and uses for their own marketing purposes outside of the agreed contract terms

Success Metrics

A brand can offer the user a data subscription, and once accepted would have access to the agreed dataset for the agreed amount of time, whilst compensating the user.

Conceptual Design

General Flow

The NFT contains the following details:

  1. Individual's name, last name
  2. Brand's name
  3. The link to respective IPFS location
  4. The dataset which the Individual has agreed to share with the brand
  5. The fixed length of time the brand has access to this information
  6. The payment amount and currency (stable coin, fiat, or ZEKE)
  7. The date of the agreement

228484216-3bf91bf1-6e28-4d66-9985-84224b2f5464

NB: As the metadata of these NFTs will be visible, it allows anyone to view details of the agreement. In this case, the nickname for the user could be used as an alias to their real identity within Profila. The user's DID could also be used

Drawbacks

Alternatives

New Data

The NFT generated that is given to the brand to access user data

Business release date

A rough timing for the planned release for the specification possibly resulting from this request. The implementation of NFT enabled data subscriptions is requested by Q4 2022

ghost commented 1 year ago
ProfilaMitchell commented 1 year ago
  • Does this RFW imply the future ability to cancel subscription? I suppose it does, as otherwise delaying payment doesn't make much sense, brand could just pay upfront for the whole subscription period.
  • Why encryption is needed? How would it work? Where encryption keys would be stored and who would have access to them?
  • If NFT would be a key that unlocks the content, it means that NFT-key can be transferred to other brands. I don't think that is desired behavior, if I subscribe to particular brand, I expect that my data would be available only to that particular brand. If that's the case we shouldn't give access on the availability of NFT in brands (or whoevers) wallet. Instead we can grant access to some public keys holder, keypairs are not transferrable, that would comply with required logic.

@vladwix

  1. The RFW does imply the ability to cancel a subscription
  2. The user data is encrypted on Profila servers. The NFT would serve as a key to access it. However this logic will not be applicable given the preference of using smart contracts as opposed to NFTs