[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposed Charter for OASIS ORMS TC
FYI to all XRI TC members -- this is a new TC proposed in the IDtrust Member
Section. See the end for details on how to participate.
=Drummond
-----Original Message-----
From: Dee Schur [mailto:dee.schur@oasis-open.org]
Sent: Tuesday, February 12, 2008 7:00 AM
To: idtrust-sc@lists.oasis-open.org; idtrust-ms@lists.oasis-open.org
Subject: [idtrust-ms] FW: [oasis-charter-discuss] Proposed Charter for OASIS
ORMS TC
Please distribute this proposed charter to all parities that you believe
might be interested.
Best,
Dee
-----Original Message-----
From: Mary McRae [mailto:marypmcrae@gmail.com] On Behalf Of Mary McRae
Sent: Friday, February 08, 2008 2:14 PM
To: members@lists.oasis-open.org; tc-announce@lists.oasis-open.org
Cc: oasis-charter-discuss@lists.oasis-open.org
Subject: [oasis-charter-discuss] Proposed Charter for OASIS ORMS TC
To OASIS Members:
A draft TC charter has been submitted to establish the Open Reputation
Management Systems (ORMS) Technical Committee. In accordance with the OASIS
TC
Process Policy section 2.2:
(http://www.oasis-open.org/committees/process.php#2.2) the proposed charter
is
hereby submitted for comment. The comment period shall remain open until
11:45pm
ET on 22 February 2008.
OASIS maintains a mailing list for the purpose of submitting comments on
proposed charters. Any OASIS member may post to this list by sending email
to:
mailto:oasis-charter-discuss@lists.oasis-open.org. All messages will be
publicly
archived at:
http://lists.oasis-open.org/archives/oasis-charter-discuss/. Members who
wish to
receive emails must join the group by selecting "join group" on the group
home
page:
http://www.oasis-open.org/apps/org/workgroup/oasis-charter-discuss/.
Employees
of organizational members do not require primary representative approval to
subscribe to the oasis-charter-discuss e-mail.
A telephone conference will be held among the Convener, the OASIS TC
Administrator, and those proposers who wish to attend within four days of
the
close of the comment period. The announcement and call-in information will
be
noted on the OASIS Charter Discuss Group Calendar.
We encourage member comment and ask that you note the name of the proposed
TC
(ORMS) in the subject line of your email message.
Regards,
Mary
---------------------------------------------------
Mary P McRae
Manager of TC Administration, OASIS
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
phone: 603.232.9090
===========
PROPOSED CHARTER FOR REVIEW AND COMMENT
OASIS Open Reputation Management Systems (ORMS) Technical Committee
1) The Charter of the TC, which includes only the following items:
(1)(a) The name of the TC
OASIS Open Reputation Management Systems (ORMS) Technical Committee
(1)(b) A statement of purpose, including a definition of the problem to be
solved.
The increasing reliance on the Internet as a medium for social interaction
and
online collaboration, and the emergence of converged networks with
ubiquitous
services that span different wire-line, wireless, mobile networks, devices,
and
users are placing new emphasis for developing reputation mechanisms for
electronics based communities.
The use of reputation systems has been proposed for various applications
such
as:
* Validating the trustworthiness of sellers and buyers in online auctions
(which
sites like eBay have proved can have large influence on sellers)
* Detecting free riders in peer to peer networks
* Ensuring the authenticity of signature keys in a web of trust.
* Smarter searching of web sites, blogs, events, products, companies and
other
individuals.
Reputation in this context refers to the opinions about an entity, from
others.
Reputation is one of the factors upon which trust can be based through the
use
of
verifiable claims. Reputation changes with time and is used within a
context.
Trust and reputation are related to a context. For example, my trust in
Sam as
a
doctor can be different from my trust in Sam as my financial advisor.
There are various methods for generating user's reputation data or
trustworthiness.
Some methods are based on user's feedback through appropriate feedback
channels,
such as in eBay. Other methods include having viewers participate in the
reputation-building process through the user's profile at specific sites and
communities. Each method has its limitations in terms of its susceptibility
to
bad
actors, manipulation of data for specific purposes, and spammers.
Current thrusts with user-centric Identity solutions place immediate and
urgent
importance for the development of online reputation management systems that
could be
used for enabling trust and collaboration in a distributed manner while
preserving the
privacy of Personally Identifiable Information (PII).
Reputation models are built using diverse mechanisms to meet specific needs
-
such as
the feedback system of eBay. In general reputations systems collect,
distribute,
and may aggregate feedback about a principal's past behavior. The
availability
of online
reputation feedback systems and the use of data extraction mechanisms will
eventually lead
to the wide availability of reputation information about users (human,
devices
etc.) on
the Internet. As such, there is a need to have users control how, when and
by
whom their
reputation data is accessed. At the least, there is a need for users to be
aware
and
in control of privacy related components of their reputation data. These
issues
are
also related to how global reputation is computed based on observed user's
interactions.
Reputation based techniques can be used as the basis for building trust and
enhancing
cooperation in peer-to-peer networks, either in a centralized manner or
through
the use
of aggregators and brokers. Currently, because the majority of existing
online
reputation
based mechanisms is developed by private companies and use proprietary
schemas
for
representing reputation data, there is no standard way to query, store,
aggregate,
or verify claims between systems. There is no standard way for users to
participate or
determine the reputation of the reputation data providers. Additionally,
there
is no
standard communication protocol for exchanging reputation data.
Evaluating large sets of different and possibly contradictory opinions is a
non-trivial process. The trust model of a reputation system represents the
core
component of the system. It defines all assumptions on the properties of
trust
and
describes how to calculate reputation scores (trust values). A trust value
cannot be
applicable in all contexts. As such, there is a need for a Reputation
Management
Framework that enables users to acquire raw reputation data and calculate
their
own
reputation scores, either using their personal experience or with the help
of
data aggregators.
A good Reputation Management System will separate the reputation of the
evaluator
from the data that is used to evaluate a give entity in the system. The same
concept
should apply to all entities in the eco-system. In this fashion, aggregators
will have a
reputation that can be used to score how well they do in gathering good
data,
and feedback
providers will have their own reputation that could be used as a means to
purge
or clean
feedback that they provide on other entities. Such systems will be less
susceptible to
data manipulation and have the ability to provide constructive reputation or
trustworthiness
scores.
In order to build an internet-scale trust-infrastructure, reputation data
needs
to be
readily available for use and sharing in many contexts. Additionally, there
is a
need to ensure that users have a say in who owns their data, how it is
protected
and what mechanisms are available to manage it. Many OASIS and other open
standards
can play an important role in ensuring that reputation data stays open.
The
ORMS
standards will be independent of the Identity Management System.
(1)(c) The scope of the work of the TC.
The purpose of this TC is to develop an Open Reputation Management System
(ORMS)
that provides the ability to use common data formats for representing
reputation
data,
and standard definitions of reputation scores. The system will not define
algorithms for
computing the scores. However, it will provide the means for understanding
the
relevancy
of a score within a given transaction. The TC's output will enable the
deployment of a
distributed reputation systems that can be either centralized or
decentralized
with the
ability for aggregators and intermediaries to be part of the business model.
Scope of the work
1. Analysis, Use Cases and Requirement Gathering
a. Use cases to gather requirements that ORMS will need to meet and
understand
the
business and social impact of such a system including security, privacy,
threats
and risks requirements will also be developed. Explore the use of
reputation
mechanisms
in novel settings.
b. Document that analyzes performance of existing reputation mechanisms with
respect to the requirements developed in the previous steps and identify
current gaps.
2. Develop Framework for Open Reputation Data
a. Development a framework for reputation data gathering including:
* Development of common data models for expressing reputation data
* XML Schema for representing ORMS data
* XML Schema for Reputation Score
* Development of standard way of exchanging reputation claims among
systems.
* Development of means of aggregating reputation data including
delegation of
claims generations and assertions.
* Development of query/response communication protocols for exchanging
reputation data in a trusted and secure fashion. This step may develop
a
new protocol, or extend current ones such as SAML, OpenID etc.
3. Security, threats and Risk analysis
* Perform Security Risk analysis and profiles for best practice.
4. Out of Scope
Algorithms that can be used for generating a reputation score are out of
scope
of
this work. The work will define a standard way to infer what a given score
will
mean
but will not specify how to compute that value.
The work does not exclude methods for asserting equivalence or relationships
between
scoring systems. A possible output of the TC work might include methods to
facilitate the
calculation of comparisons between score ratings, or operations that take
multiple scores
as inputs.
(1)(d) A list of deliverables, with projected completion dates.
1. Use Cases document; July 2008
2. Requirements document; September 2008
3. Framework for reputation data gathering; January 2009
4. XML Schema for representing ORMS data; March 2009
5. XML Schema for Reputation Score; March 2009
6. Assertions/claims (tokens) profiles; March 2009
7. Protocol(s) for exchanging of reputation data and assertion tokens;
September 2009
8. Security, threats and Risk analysis; January 2010
(1)(e) Specification of the IPR Mode under which the TC will operate.
The TC shall operate under: RF on limited Terms
(1)(f) The anticipated audience or users of the work.
The output of this work will have direct benefits for the use of the
internet as
a
medium for conducting social internetworking. The work will have direct
impact
of the
users of the Identity Management, blogs, OpenID communities and trust
establishment in
peer to peer and social networks.
(1)(g) The language in which the TC shall conduct business.
This TC will use English as the language for conducting its operations.
(2) Non-normative information regarding the startup of the TC:
(2)(a) Identification of similar or applicable work that is being done in
other OASIS TCs or by other organizations, why there is a need for
another
effort in this area and how this proposed TC will be different, and
what
level of
liaison will be pursued with these other organizations.
The ORMS TC will be developing new work items that are currently not covered
by
any
other OASIS TC. However, the TC will be using the output of other OASIS TC
such
as XDS, XRI,
DSS, WS*, SAML and WS-Security.
The TC co-chairs will coordinate closely with the above TC in order to
inform
them about the progress of the ORMS work and also in order to count on their
expertise in the development of ORMS work.
Currently, there is no other work in any other SDO that overlap with the
work of
this TC.
(2)(b) The date, time, and location of the first meeting, whether it will
be held in person or by phone, and who will sponsor this first meeting. The
first
meeting of a TC shall occur no less than 30 days after the announcement of
its
formation in the case of a telephone or other electronic meeting, and no
less
than 45 days after the announcement of its formation in the case of a
face-to-face
meeting.
The First meeting of this TC will take place on May 1 and May 2, 2008 to
coincide with the
OASIS Symposium at: Santa Clara Marriott, 2700 Mission College Boulevard,
Santa Clara CA 95054.
(2)(c) The projected on-going meeting schedule for the year following the
formation
of the TC, or until the projected date of the final deliverable,
whichever comes
first, and who will be expected to sponsor these meetings.
The TC will conduct its business via weekly teleconference call. The time of
the call will be determined during the first meeting of the TC. The TC will
conduct F2F
meeting on as needed bases. Teleconference facilities and F2F meetings will
be
sponsored by the TC participants.
(2)(d) The names, electronic mail addresses, and membership affiliations of
at
least
Minimum Membership who support this proposal and are committed to the
Charter
and projected meeting schedule.
Tony Rutkowski, VeriSign, trutkowski@verisign.com
Tony Nadalin, IBM, drsecure@us.ibm.com
Drummond Reed, Cordance, drummond.reed@cordance.net
Nat Sakimura, NRI, n-sakimura@nri.co.jp
Tatsuki Sakushima, NRI, tatsuki@nri.com
Masaki Nishitani, NRI, m-nishitani@nri.co.jp
Madhukar, GOOGLE, madhukar@google.com
Travis Phipps, Vidoop, travis.phipps@vidoop.com
Phill Windley, BYU, phil@windley.org
Daniel Lulich, Iovation, daniel.lulich@iovation.com
Chris Hagenbuch, Safespace, chris.hagenbuch@safetspace.com
Paul Trevithick, Parity, Paul@parityinc.net
Terrell Russel, terrell@terrellrussell.com
Arshad Noor, StrongAuth, arshad.noor@strongauth.com
Bill Barnhill, Booz Allen, barnhill_william@bah.com
(2)(e) The name of the Convener who must be an Eligible Person.
Abbie Barbir of Nortel will be the TC Convener.
(2)(f) The name of the Member Section with which the TC intends to affiliate
with
The TC intends to affiliate with the IDTrust Member Section.
(2)(g) Optionally, a list of contributions of existing technical work that
the
proposers anticipate will be made to this TC.
[1] OpenID Reputation Service Extension (Proposal), by Nat
Sakimura,
Nomura Research Institute
[2] Trusted Data Exchange Overview, by Nat Sakimura and
Masaki Nishitani, Nomura Research Institute
* wiki version of the two documents can be found at
http://myidproject.net/?OpenIDTrustedDataExchange
http://myidproject.net/?OpenIDReputationService
(2)(h) Optionally, a draft Frequently Asked Questions (FAQ) document
regarding
the
planned scope of the TC, for posting on the TC's website.
None
(2)(i) Optionally, a proposed working title and acronym for the
specification(s)
to be
developed by the TC.
None
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]