Scenarios - Consumer Tracking Scenario
www.blue.com is a fictitious website that is being proposed to track consumer purchases on behalf of companies who wish to share such data. It works as follows:
1) A web site (e.g. www.55gold.com) that wishes to share consumer purchase data with other web sites registers with www.blue.com.
2) Any time there is a visitor to www.55gold.com, the website will do cookie synchronization with www.blue.com in order to obtain the unique identifier for the visitor (if the visitor is not known to www.blue.com an identifier is created and stored with www.blue.com).
3) Using the identifier, www.55gold.com can request a consumer profile from www.blue.com. This will list all the purchases made by the consumer restricted by type (e.g. clothing, etc.) and time period (e.g. last week, last month, etc.).
4) Using the identifier, www.55gold.com can also notify www.blue.com any type the consumer makes a purchase.
5) www.blue.com also provides statistical reports that correlate purchasing behavior, identifying segments of customers with shared buying habits and identifying trends in terms of the types of products these customer segments like to purchase. There is an overall report each month which lists all currently identified customer segments, and then individual reports for each customers segment. www.55gold.com can request such reports by specifying the type and month they are interested in.
6) www.blue.com invoices all websites registered with it on a monthly basis. Websites are charged $.15 per consumer profile requested during the month, and $200 per report requested. They receive a $.20 credit for each purchase notification they send.
Explain how www.blue.com could implement a secure service that would allow other websites to communicate over the internet to automatically register, request consumer profiles, send purchase notifications, and request a report.
Define, in high level terms (not code), the API calls that would be supported making clear the types of inputs and outputs for each call. Illustrate with a simple scenario that shows the sequence of calls for a typical purchase.
Given that www.blue.com and the other websites have different domain names describe briefly one mechanism that might be used to enact the cookie synchronization required to share the identifier of consumers.
Are there any legal or ethical issues that are raised by the service www.blue.com wishes to provide? How could they be addressed? How can www.blue.com be sure that the purchase notifications sent by www.55gold.com are authentic? How can www.55gold.com be sure that the consumer profiles received from www.blue.com are authentic?
Papers:
1. Koch, M., and Möslein, K.M., Identity Management for Ecommerce and Collaborative Applications, International Journal of Electronic Commerce / Spring 2005, Vol. 9, No. 3, pp. 11-29.M.E. Sharpe Inc., 2005.
2. Agrebi, S., &Jallais, J. (2015). Explain the intention to use smartphones for mobile shopping. Journal of Retailing and Consumer Services, 22, 16-23. doi:https://dx.doi.org/10.1016/j.jretconser.2014.09.003
3. L. Peyton, C. Doshi, J. Hu, P. Seguin, "Information Rich Monitoring of Interoperating Services in Privacy Enabled B2B Networks", International Journal of Advanced Media and Communication, Inderscience Publishers, Vol. 4, No.3, pp 258273,2010. DOI: 10.1504/IJAMC.2010.034660
4. Hirschheim, Rudy, Richard Welke, and Andrew Schwarz. "Service-oriented architecture: Myths, realities, and a maturity model." MIS Quarterly Executive 9, no. 1 (2010): 37-48.