Respect Network marries security, trust in portable cloud data push

More than three years after its founders began looking for a more secure way of sharing data across cloud services, the launch of the global Respect Network – in four countries – highlights their ambition to turn a federated cloud-based platform for secure information sharing into the next big social-media platform.

The Respect Network – launched this week with 73 partners at ceremonies in four cities around the world including Sydney – is the culmination of years of research work by an 18-strong team of software architects that has built on the emerging XDI (eXtensible Data Interchange) OASIS standard to allow data to be moved with all security controls and authentication requirements intact.

XDI is built on the idea of 'link contracts' that define security and privacy requirements that must be adhered to when handling the data referred to by the link contract. Because they are portable and stay with the data, they form the basis for Respect Network's promised value-add: securely moving data amongst participating private-cloud services.

“The problem we're trying to solve is providing an easy and standard way to do trusted private data sharing versus the kind of public data sharing that happens on social networks today,” CEO Drummond Reed, who is co-chair of the XDI standards technical committee, told CSO Australia.

“This data needs to be under your individual control: you need to be able to share it with a very high degree of security and privacy.”

Respect Network's overall structure not only includes the XDI-based data exchange format, but also incorporates a policy layer that offers legally-binding agreements amongst member companies to respect certain levels of security.

This agreement, called the Respect Trust Framework, was submitted to the Open Identity Exchange as a formal Trust Framework and includes five subsidiary elements: a Master Document highlighting the overriding principles of the framework; a Respect Reputation System outlining the reputation-based peer-to-peer system; the Respect Business Framework specifying business rules for interoperability; Technical and Operational Specifications specifying technical interoperability; and Mapping of Respect Principles between the Respect Principles and formal information protection principles around the world.

With 73 partners already signed up and more joining every week – Australian cloud provider Onexus was one of five cloud service providers upon the global launch – Reid is optimistic that the move to support technical interoperability with portable business rules and legally-binding responsibilities will help the Respect Network become a trusted conduit for secure information exchange.

“We are starting with a simple membership model but as the business grows, [companies] will pay to scale to recognising the value of the cloud and the value of the relationship,” Reed said. “It's not about people selling data: they're providing access to information about themselves, and a secure channel for messaging with them to have a private relationship.”

The service's use of a universal indicator – the equals sign, serving as an identifier in the same vein as Twitter's @ symbol – is designed to position the service as a permanent and portable data repository to customers who pay the one-off fee of around $US25 for a Respect Network address. Trusted partners could then deliver information to this address knowing that its security protections are maintained.

For their money, customers gain access to a secure form of data tagging that follows the RTF's five core principles: promise, permission, protection, portability and proof.

The paradigm will be most familiar to everyday users who see it increasingly used to share social-media comments in the same vein as the now-ubiquitous 'Like' and 'Tweet' sharing buttons. A 'Respect' button would not only publish the information, but allow the owner to retain control over it – including withdrawing it in the future if so desired.

Building a coalition of online trust will eventually position Respect Network as the cloud-data equivalent of existing networks of credit-card providers or banks, Reed said – with related service providers and users of secured data expected to come aboard as the number of users grows. A target of 1 million users has been set by year's end as a so-called Million Member campaign takes hold.

“We intend to do for private, trusted data sharing what Facebook, Twitter or LinkedIn have done for public data sharing and messaging,” he said, noting that the ease of moving data between cloud services could help smaller cloud providers work together to quickly bring newer, nimbler innovators into their ecosystems.

“We're making it very tangible,” Reed explained.

“We believe this will be as much of a generator of new applications and services as the personal computer was in the 1980s and the smart phone in the 2000s. The emergence of global networks of personal clouds is going to enable a new class of applications based on trusted data being able to flow as easily as packets do today.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags secuirty and privacy requirementsdata sharingXDICloudprivate dats sharingNexus ItRespect Network

More about CSOEnex TestLabFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place