[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [orms] Use Case - OpenID RP Reputation in Trusted Exchange
Let me supplement a bit here: > 1) Do you view the reputation of the OP as important, or only the > reputation of the RP? If you don't care about the OP's reputation, why? We have dealt with OP Reputation last week with PAPE use case. > 2) How do providers decide which reputation service to use and trust, > since anyone can set one up? Also, it is probably possible for the RPs to advertise which Reputation Service they are listed in in XRDS document that they publish. Whether the OP believes in those Reputation Service is entirely another matter, though. Reputation Service may have its Reputation as well. > 3) What information about a provider can be communicated in the > reputation request/response messages? Is it just a score? The actual implementation that we have is very basic as Tatsuki has pointed out. However, in a full version, I am envisaging that it would at least include the following: item typeDescriptionExample SubjectIDXRI/URIThe Identifier of the claim being reputed=nat/email_address_usage_policy ReputationServiceIDXRI/URIThe Identifier of the reputing entity@myRS CriteriaTextThe criteria on which the reputaion score was madeSubjective Probablility of the adhearance of Display Score (Cumulative Percentage)floatThe score that End Users sees as reputation score. It is a subjective probability of this claim being true74.2 Display WordEnumWords like "Excellent", "Good", "Average", "Unsatisfactory", "Bad" Raw ScoreFloatActual score value. 56.8 DistributionenumStatistical Distribution of the scoreBeta MeanfloatMean of the distribution50 Standard DeviationfloatEmpirical standard deviation 10 Subject Public KeyStringPublic key of the reputed entity2fdlafodnewoldfjkaslf … PublishedDateXMLDATEDate the score was made2008-02-01T14:34:00Z ExpiryXMLDATEExpiry date of this reputatoin2009-02-01T14:34:00Z SignaturestringSignature over this fileaf8afsld92dfjdsla…blah…blah… ________________________________________ 差出人: Tatsuki Sakushima [tatsuki@nri.com] 送信日時: 2008年6月12日 4:47 宛先: Nate Klingenstein CC: orms@lists.oasis-open.org 件名: Re: [orms] Use Case - OpenID RP Reputation in Trusted Exchange Hi Nate, I wrote my answers inline below. Tatsuki Sakushima NRI Pacific - Nomura Research Institute America, Inc. TEL:(650)638-7258 SkypeIn:(650)209-4811 Nate Klingenstein さんは書きました: > Tatsuki, > > Thank you for sharing this use case. I have several questions about it. > > 1) Do you view the reputation of the OP as important, or only the > reputation of the RP? If you don't care about the OP's reputation, why? In general, we need reputation for both OP and RP. In terms of the OpenID Trusted Exchange(TX) use case, we are focus on RP reputation, because OP holds important information and provides it to RP based on user's agreement and contract between OP and RP. In the TX process, RP has to present a contract template and to declare how they are handling user's information. Since OP provides user's information to RP behalf of the user, we think OP need some means to validate credibility of RP. Therefore we are interested in reputation services. We care about OP's reputation. But it is not required in our use case. For RPs to decide if OP is trustworthy to work with, we might need another reputation services. But this is currently out of scope in our spec. > 2) How do providers decide which reputation service to use and trust, > since anyone can set one up? We are expecting that reputation services or realm organizers are likely to be the same role as SSL certificate providers for web sites. The difference from SSL providers is that OP's credibility is built on OP's history of behavior and evaluation from many RPs. > 3) What information about a provider can be communicated in the > reputation request/response messages? Is it just a score? In the current spec, the messages include a score and a public key of RP. The public key is only used for OP checking a signature in a contract template(a sort of proposal) presented by RP and OP encrypting user's data passed to RP. I hope I answered your questions. Tatsuki > > Take care, > Nate. > > On 11 Jun 2008, at 17:04, Tatsuki Sakushima wrote: > >> Hello, >> >> Attached is another reputation use case around our OpenID >> implementation. Nat has already introduced OpenID Trusted Exchange. I >> extract only a reputation part out of it. >> >> However, the current implementation doesn't include repuation scoring. >> This part is still missing and TBD. >> >> Tatsuki >> >> -- >> Tatsuki Sakushima >> NRI Pacific - Nomura Research Institute America, Inc. >> TEL:(650)638-7258 >> SkypeIn:(650)209-4811<OpenID RP Reputation in Trusted >> Exchange.ppt>--------------------------------------------------------------------- >> >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. You may a link to this group and all your TCs in >> OASIS >> at: >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]