Model System Rules

December 2, 2012

Updated June 20, 2013 - The current draft versions of the MIT Model System Rules and associated documents are available at with relevant documentation at our Wiki:  The authoritative stable version of the document is available at and all our published documents are freely available under Creative Commons licence.  The Trust Framework System Rules are capable of supporting openPDS, a flagship initiative of the MIT Human Dynamics Lab demonstrating how the "New Deal on Data" advocated by Professor Sandy Pentland can be accomplished technically.  By applying the business, legal and technical integrated architecture enabled by the System Rules and Terms of Authorization approach, it is possible to implement openPDS in a wide variety of existing and emerging business models, scenarios and use cases.  In this way, the System Rules and Terms of Authorization approach is intended to provide a bridge from current practice and assumptions to the dynamic and new world of big data at global-scale introperation.  
The Trust Framework System Rules are designed to apply to use of federated identity services and personal data services in various combinations with third party apps, services and systems.  The formal definition of a Trust Framework comes from the online identity field, and is under active development by the NSTIC multi-stakeholder Identity Ecosystem Steering Group with significant input from MIT.  A reference implementation of the Model Rules tailored for use with OpenPDS, FUNF and OpenID Connect will also be linked from this project page shortly. 
The System Rules are designed to be expressed as machine readable and human readable code.  Note that the file in the Human Dynamcs Lab GitHub repository includes use of markdown as part of the authoritative data comprising the legal text.  The basic notion here is to follow the SEC regulation requiring markup of filings by publicly traded companies according to a business dialect of XML and legally treating the data with markup as the enforceable and binding document rather than the document presented and formatted for human readable purposes.  For more information on this approachg by the SEC, see the overview video at: or the program office site at:  In addition to use of markddown eventually the authoritative rule is expected to include reference or direct snippets of machine-readable strings, parameters and valuesintended to drive or trigger automated transactions and processes defined by the legal rule.  
Learn more about how providers of third party apps and services can join trusted networks of users at the upcoming eCitizenSalon on Google Hangout scheduled for the afternoon of July 22nd, 2013.  Check back on this page, or at the project blog for details on schedule, guest speakers and how to participate in the online dialog.  
An advanced application of how the Terms of Authorization can be implemented in part with UMA has been published in the "Binding Obligations on User-Managed Access (UMA) Participants" under standards development by the Kantara Initiative and the IETF.  Eve Maler, who is the Chair of the UMA standards committee and an Internet Identity Guru of the First Degree, described the the eCitizen approach to Terms of Authorization at our first annual MIT Media Lab Legal Hack-a-Thon.  
Information about and a copy of the initial draft of these System Rules (published for comment) is available at in a prior blog post about this project.
To join the discussion group about the System Rules and Terms of Authorization or share your comments and questions, use our contact form.