The Apache Unomi Project For Data Privacy Is A Reality

Jahia est la seule Digitale eXperience Plateforme qui vous permet réellement de proposer des parcours personnalisés optimisés par les données clients. En savoir plus

After more than a decade of bootstrapping, from inception to funding, my team was committed to deliver the most innovative open source platform based on the most rock-solid open source frameworks with one vision: the convergence of previously siloed software capabilities to deliver a unified digital presence management for global brands employees and customers.  

The latest achievement is an important milestone - spearheading and contributing the code of the Unomi Project to the Apache Software Foundation (Apache) -  which promises to revolutionize the technology industry and digital enterprise as a whole.

The Context… For a Context Server

From a company perspective, there is no question about the value of Digital Marketing any longer, especially when considering all the benefits enterprises and brands can leverage. Even customers now expect Digital Marketing as routine: “I am a customer, I am important and I expect that your company knows me at all digital touchpoints to answer to my requests.”

However, the flip side is that the process of aggregating all that data could make also that same customer question how you manage this data. Today, all customer data is spread into different sub-systems and, sometimes, companies do not even own their customer data due to using external “black box” external marketing software providers. 

When we decided to initiate work on a powerful customer-centric big data aggregator, the question of data privacy as a direct consequence of that aggregation was raised as a major concern. It is a complicated question. 

To answer that question, we returned to our open source DNA by working with the two most trusted software-related communities - the Organization for the Advancement of Structured Information Standards (OASIS) and the Apache Foundation.

Our approach was to build a standard to manage profile data interoperability - the Context Server Standardization (CXS) Standard at OASIS - between all those systems and a related open source project at the Apache Foundation. That project is a reference implementation of the CXS Standard named “Unomi" which provides a customer-centric big data aggregator that has data privacy in its core. It is standards-based and open source, thus transparent. 

It is time for Digital Marketing tools to be more ethical and transparent because customers are not just data. Data = real people.

It is time to put people back in the center of digital transformation for business.

The Reality

The need for ever-expanding data to support digital marketing practices in today’s economy requires significant tracking of end-user browsing and behavioral data. As set by the CXS Standard, this is becoming mission-critical: 

"Organizations currently struggle to create and deliver consistent personalized experiences across channels, markets, and systems. The Context Server will simplify management, integration and interoperability between solutions providing services like Web Content Management, CRM, BigData, Machine Learning, Digital Marketing and Data Management Platforms.” 

Yet end users, visitors and consumers are not able to determine the degree of sharing about their personal data due to lack of knowledge, unclear usage and unknown permissions of the tools used to collect it. Even more, these tools may collect implicitly, without customer knowledge (vs. explicitly, with their permission) and are often not even controlled by the brand itself. 

On a single website, there may be as many 60 external trackers monitoring visitor activity. Over the next five years, the big focus for websites will be on customer experience management. Trust matters - think Ashley Madison where customers paid for a profile deletion that never happened. It is time for data management tools to be more transparent and manageable.

The Vision

All this sets the stage for the vision of the Apache Unomi Project: a standards-based, transparent and ethical method to collect and track user identities on websites in a way that addresses user security and privacy concerns but also recognizes the value of digital marketing for enterprise at the same time. Based on the CXS OASIS standard, and being its reference implementation, the Apache Unomi Project will ensure reinforced data privacy in the CXS Standard because the core code will be accessible by all as an open source project.

On the standardization side, as proof of my vision on how central this initiative is becoming to digital enterprise, the CXS Standard has been announced by Laurent Liscia, CEO of OASIS, as a "vital standardization project”. 

As its reference implementation, Unomi was accepted as an Apache Software Foundation Incubator Project, which means that Apache considered project sustainability and supporting players over time. By contributing the code for the Unomi Project to the Apache Foundation, we at Jahia are giving back to the community again. However, this time, it is by leading the standard and spearheading a reference implementation which demonstrates the strength of the open source model.   

Rich Bowen, Executive Vice President of the Apache Software Foundation (ASF), said about the open source model, “Different projects need different things. Each of the above can be beneficial to any project past a certain size. Apache has a reputation of being trustworthy, from a code provenance / IP perspective, and people know that they can use code from the ASF without worrying about licensing, or patent / copyright / trademark issues. Projects have a full-time technical staff to handle their infrastructure needs. The ASF is heavily populated by people who have a decade or more of open source experience that projects can draw on as they grow and learn. All of these things are there in a culture of collaborative development and peer-review of both code and community.”

Why Unomi Matters

All companies that are facing transformation of their digital enterprise need to take control of their customers’ digital journeys. All companies that provide software or cloud services, or who manage user profiles, will progressively need to implement data privacy policies. With that, there is a tipping point of chaos that will need to be confronted with the amount of incoming data and the already existing diffusion of data over different software systems, services and profiles

This is the crux of the need for Unomi both as the software but also, even more critically, as a reference implementation of the OASIS’ CXS Standard for collecting and using data. The anonymization API, which is the main condition to help customers manage their data privacy, is part of the standard. Unomi can support and protect the customers of all companies that collect and use their data for personalized marketing conversations or to manage user profiles (vs. only ‘niche’ or ‘boutique industry’ companies).

Having a standard indicates not only the application of best practices in business but also becomes increasingly enforceable. It clearly communicates how data is being used and, ultimately, lets customers decide - or not - to anonymize their data through ALL connected systems, assuming those systems are supporting the standard. (In that case, the enterprise keeps the data to improve its operations but it is no longer associated to a particular individual.) 

In the imminent future, this privacy and usage standard will not be simply a voluntary issue of customer “good will” for companies but will become mandatory as new legal policy is created to keep up with digital enterprise. As real-world proof, this has already surfaced as in Europe with Google in terms of ‘the right to be forgotten’ as the right to maintain one’s privacy even on the Internet. 

I also recall a very good discussion with Swapnil Bhartiya, journalist for at ApacheCon: Core in Budapest on October 1, 2015. He asked about how regionally different data management may be executed, and how difficult applying a standard might be particularly for  U.S. corporations. I answered that I deeply thought  that digital right protection is not a “niche” nor a regional issue. It is a global problem for a global and digital economy. Technology is not a sector anymore. It is THE Economy and it is global. So is the right to digital protection. 

Incidentally, just  days after this conversation, Max Schrems, a 28-year-old Austrian law student,  jeopardized the efficiency of the Safe Harbour Act through European courts against Facebook proving the point.

The Process

Starting in 2013, my Chief Technology Officer, Serge Huber, worked with OASIS to manage the specifications for the CXS Standard via the Context Server Technical Committee, or OASIS CXS TC. This initiative is has been led, and is now co-chaired by, Jahia and Enonic.

The Apache incubating project named Unomi is the reference implementation that has come from that work.  Project mentors include: Bertrand Delacretaz (Apache Member, Adobe), Roman Shaposhnik (Apache Member, Pivotal) and Chris Mattmann (Apache Member, NASA JPL). We are really proud to see Jahia being the initial contributor of the entire Unomi code base with Serge as one of the pivotal committers on this project. We are pleased to offer two years of hard work that we believe in to the Apache Foundation, and which, likewise, represents the values that undergird the last 12 years of what Jahia has built - also in the open source way - as the most innovative Digital Experience Management platform. 

We are also thankful to see how this project has been welcomed by our open source peers: 

“One of the key Apache Unomi features is that it's an implementation of an OASIS specification, providing high-performance user profile and event tracking services. It allows companies to own their own data and the way to expose the data. It doesn't mean the data is physically stored in the company (as it could be on a private or public cloud), but manages the way the data is stored and provided as content.”

~ Jean-Baptiste Onofré (who works for Talend), Apache Incubator Committee member and a champion for the Unomi Project 

Beyond the Context Server, the next step is to take back the control of customer data and third-party applications so all the data is available via master records with consideration for customer preferences. The strategy is to integrate third-party tools, which will also end the confusion caused by using multiple marketing tools. 

After working on it from the CXS Standard side, you can see why we have been heartily working all this time to commit the related code into the new Apache named UNOMI project.  (Project documentation is here.)

The Official Launch

Given the ultimate goal of proposing that the Apache Foundation - whose mission it is to provide software for the public good - accept this project to make the vision a reality, it was most appropriate to announce the vision, scope and potential impact of the Unomi Project at ApacheCon: Core in Budapest on October 1, 2015. 

Serge and I introduced Apache Unomi with resounding success.  The introduction shared the two-year vision behind the Unomi Project while the in-depth review covered the targeted functionalities and architecture design goals. 

On October 5, 2015, the Apache Foundation formally accepted the Unomi Project as a reference implementation.

Ethical Web Experience Management

As mentioned in my introduction to this piece, I believe it is time to put people back in the center of digital disruption. Web experience management (WEM) tools are powerful but not at the cost of data privacy. This is the basis of one of our key initiatives going forward - the CXS standard at OASIS and its reference implementation at Apache Foundation, the Apache Unomi Project.

To reiterate, the Apache Unomi Project consists of a people-centric big data front-end with data privacy in its core, giving an API to understand what data is being collected, where it is being used and then allowing people to control it in terms of deciding to anonymize their data.

I also strongly believe in the open source community development model to ensure the best possible data privacy and create a transparent, thus ethical, web experience for the good of all: vendors, brands, consumers and users. 

I also believe that ‘anonymization’ is a fair and acceptable consensus between how important WEM tools are for digital enterprise (as a pillar of authentic digital transformation) and the fact that digital customers need and should have data privacy protection. For a brand to gain customer loyalty, there must be customer trust.

Transparency leads to both an ethical digital presence and customer trust. It is the right and responsible thing to do for digital enterprise at all levels of the organization. Take the time to consider your data privacy practices now or you may be forced to react to future litigation that compels your company to be responsible.

The same trust that the amazing Jahia team has built with our customers to accomplish their successful digital transformation(s) for the last decade is the reason why we are now the most innovative leader of the new Digital Experience market. 

Successful industry leaders keep the customer as their focus. Now you can easily accommodate customer preferences with regard to their data. The question now becomes:

What is stopping your organization from stepping into the technology that can give your customers an even better experience with your brand?


To experience Unomi through Jahia’s Marketing Factory, please schedule your personal demo here. Contact Us


Elie Auvray