DESIRE Information Gateways Handbook
HomeTable of contentsAuthors-
Search | Help   
-3.5. User profiles

In this chapter...
 
  • why profiles?
  • personalisation
  • characterising user interests
  • authentication, trust and standards
  • directory services
  • legal issues
Introduction
 

This chapter provides a brief overview of some issues surrounding the provision of personal profile services for Information Gateways. It is beyond the scope of this document to offer a comprehensive account of these complex issues. Instead, a brief summary of major points is provided alongside pointers to more detailed treatments available online.


Why Profiles?
 

User profile services are a natural extension to the subject gateway approach. Subject-themed Information Gateways provide a focal point for broadly defined subject communities. Through the addition of user profile facilities, broadly-based gateways can begin to provide more specific 'views' into their information services. This is particularly important where a gateway's target audience includes multiple smaller communities. For example, a Social Science service such as SOSIG may have information appropriate for the Economics, Psychology and Law subject areas. Individuals in these professions may think of themselves as economists, psychologists or lawyers rather than as social scientists. A broadly based Social Science gateway that covers these topics (amongst others) might therefore benefit from an architecture which allows community specific or personalised views into a sub-set of the available resources. User profiles, which we might loosly define here as 'data structures that describe the properties of users', are an essential component of such a system since they allow a service to cross-reference information resources against user interests.


Personalisation
 

The notion of a 'personalised' interfaces to Web content has become commonplace. There are challenges involved in the creation of such interfaces, but these typically share a common component: personal profiles. As used here, 'personal profiles' refers to the practice of describing individuals and various of their properties in a database for the purpose of improving their access to networked information resources. For example, a profile might store name and address details, home page URL, URL of an online image of that person, alongside details of their interests.


Characterising User Interests
 

While there are no established standards for doing this, a simple guiding principle is to attempt to align the subject classification of documents and other 'discoverable' resources with user profile 'interest' classifications describing the subject or subjects that some user is interested in hearing about. For example, an information gateway targeted at the Economics community might adopt the JEL (Journal of Economic Literature) subject scheme both for user profiles and for classification. The SOSIG Grapevine service, similarly, has used the UDC subject scheme for personal interest profiling, to facilitate easy cross referencing with SOSIG catalogue records.

Many of the observations made in this handbook concerning the value of formal classification schemes and controlled vocabularies in the context of document description are also of relevance in the field of user profiling. There are, however, some differences. If complex structured vocabularies are to be used to allow users to describe their interests, a number of challenges arise for Information Gateway architects.

User Interface:
There is a significant challenge associated with building an intuitive interface which allows users to pick subject headings from a (potentially very large) set of subject categories they interested in.

Multiple subject schemes:
The problem of multiple classification schemes and mapping between them is as big a problem here as in document classification (See the section on controlled vocabularies).

Multiple interests:
This is another potential usability problem. There is a case to be made for allowing users to define multiple 'profiles' for each of several potentially unrelated subject interests they may have. While this result can result in a 'cleaner' and more accurately structured profile, there is an associated cost in terms of the increased user interface complexity.


Authentication, Trust and Standards
 

For an information gateway to offer personal profile based services, it is necessary for the service to have one or more mechanisms to establish the identity of users. There are a range of options here, from a simple stand-alone database of username/password pairs to more sophisticated cryptographic solutions. Gateway providers should be aware that there is as yet no widespread 'right answer' to this problem. Deployment of cryptographic (digital signature) technologies for this is at an early stage. Simpler username/password approaches (particularly when the default non-encrypted 'Simple authentication' HTTP authentication protocol is used) have their own problems. Users will frequently forget their passwords, and are known to be reluctant to go to the trouble of logging in to an authenticated service unless there is a clear benefit to doing so.

It is important to establish both formal and informal trust relationships with users when building a personalised, authentication-mediated Information Gateway. A formal 'privacy statement' for your service is a necessity. Users should know exactly what data you will be holding about them, and the purposes to which it will be put. The Platform for Privacy and Preferences (P3P) work of the World Wide Web Consortium (W3C) is a relevant standard here. P3P provides a common vocabulary for making such statements, both in simple natural language and in a machine-processable XML/RDF vocabulary. The idea here is to facilitate automatic negotiation between 'user agents' (i.e. Web browsers) and Web services such as information gateways.

The current Web model for acquiring user profile information from users usually involves the user completing a Web form. Uses are often reluctant to do so, both due to lack of trust or knowledge regarding the remote service, or because it is simply a boring and repetitive task. The combination of metadata standards such as P3P, vCard and XML/RDF promises to make this task easier. vCard is a simple standard which specifies a common set of fields for personal profile data; in this sense it plays a similar role to that played by the Dublin Core element set in document description.

A P3P-aware browser and server should be capable of discussing, on behalf of their human counterparts (end user, service provider) the data fields requested by the server and the applications it will be acceptable to use these for. Whilst P3P is not yet widely deployed, Information Gateway services should be aware that such facilities are a likely development, and that their potential for service enhancements may be significant. For example, if P3P succeeds, Web services will be able to automatically ask for subject-interest information about users browsing their site.

E X A M P L E

P3P Example Scenario

The following example shows some of the current capabilities of the P3P data negotiation framework. P3P has an extensible architecture, and may in future versions allow such machine-processable statements to refer to arbitrary data structures (such as subject interest information).

Note: the english language text that follows has a precise mapping onto the formal, machine processable data structures defined in the P3P specification. The actual text below is based on an example from the AT&T Privacy Minder toolkit, and happens to fairly well characterise the current operating policies for the DESIRE project web site.

Sample (Fictional) P3P Privacy Statement for http://www.desire.org/

The DESIRE project makes the following statement for the Web pages at http://www.desire.org/

We collect clickstream and user agent information stored in standard HTTP log files. We use this information for Web site and system administration. We do not distribute this information or use it in a way that would identify you.

We also have forms on our Web site where we may collect your contact information, information about your computer, demographic information, and information about your preferences. We use this information to complete transactions, provide customized services, and contact you. We may also use it for system administration and for research and development. We will not distribute this information to other organisations.

We use "cookies" on some of our Web pages in order to provide customize services to you and to research the way people use our web site.

For further sample applications of P3P see AT&T's "Privacy Minder" tools at http://www.research.att.com/projects/p3p/pm/


Directory Services
 

One possible technology applicable to Information Gateway user profile services is LDAP, or more broadly, 'white page' directory services. LDAP is a derivative of the older X.500 standard for representing personal data in a set of networked databases. LDAP does not address problems such as the classification of user interests, but does provide a widely implemented standard for representing name, address and contact detail information. Whether a directory-based approach, rather than a privately managed database, is appropriate will depend on the nature of your application. Where profile information will be exploited by a number of loosely connected Information Gateways, LDAP may be an attractive solution.


Legal Issues
 

Any computer-based service which stores data about individuals should take legal advice about their practices, and in particular about the implicit or explicit contracts that they enter into with users. It is beyond the scope of this handbook to offer further guidance here, other than to say that the full complexities of the international environment of the Web have yet to be worked through in court. Different countries have varying laws regarding the management and storage of personal profile data; service providers should consequently proceed with caution when making such systems available to an international user base.


Glossary
 

LDAP - Lightweight Directory Access Protocol
P3P - Platform for Privacy and Preferences
RDF - Resource Description Framework
XML - Extensible Markup Language


References
 

Grapevine, http://www.grapevine.sosig.ac.uk/

P3P, http://www.w3.org/P3P/

M. Wahl, T. Howes & S. Kille, RFC 2251, Lightweight Directory Access Protocol (v3) (Internet Engineering Task Force, Network Working Group, December 1997).
ftp://ftp.isi.edu/in-notes/rfc2251.txt


Credits
 

Chapter author: Dan Brickley

<< P R E V I O U S 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 N E X T >>
  Go to the table of contents  

Return to:
Handbook Home
DESIRE Home
Search | Full Glossary | All References

Last updated : 20 April 00
Contact Us
© 1999-2000 DESIRE