Re: [soa-rm-ra] Trust

[Rex Brooks <rexb@starbourne.com>]

Sorry I missed the discussion, Frank,

I agree on 1. Agent refers to human entity or software entity. 
Participants usually "participate" which an agent may or may not.

2. These entities have identity that needs to be "confirmed" or 
authenticated, not authorized. Authorization belongs to roles in 
organizations, as Frank states as "empowerment."

3. I agree that Section three works at the appropriate level of abstraction.

4, I think Section 5 should deal with Trust on the level of 
confidence in the sense of authentication (that participants are who 
they say they are) and confidence (that security is adequate, 
appropriate and acceptable).

I agree with Frank's conclusion.

Cheers,
Rex


At 1:20 PM -0700 4/16/08, Francis McCabe wrote:
>I am afraid that I caused something of an 'upset' at today's telcon 
>concerning trust :)
>
>Here are the issues as I see them:
>
>1. I am unhappy substituting participant for agent. My reasoning is 
>that automated systems need to be trusted at least as much as 
>people. There was no clear idea on the call for what participant 
>should be replaced by; although removing the qualifier at the 
>beginning about mostly human participants may be removed. In normal 
>English usage, participants are essentially human in character.
>
>2. The relationship between credentials and identity and action is 
>*not* one of authorization. I am not sure at the moment what it 
>should be but authorization is about the empowerment to perform 
>actions, not whether the person doing them should be trusted. (The 
>CIC has the power to take us to war; but I would not trust him if he 
>asked us to.)
>
>3. Some of the modeling around trust is inextricably linked to the 
>issues covered in Section 3, and so I think that some of this needs 
>to be moved there. That is because the appropriate level of 
>abstraction for trust requires discussing the relationships between 
>organizations, actions, participants etc.
>
>4. A Section 5 discussion on trust should focus on what is needed to 
>support clarity on trust and what is involved in running such a 
>system (In fact, I see elements around trust in all three sections: 
>3,4 and 5.)
>
>So, thinking more generally about this, I feel that (a) we are 
>getting close to the total amount of content for the document but 
>that (b) we are likely to need some reorganization. This is not 
>reason to stop our first public review though.
>
>Frank
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe from this mail list, you must leave the OASIS TC that
>generates this mail.  You may a link to this group and all your TCs in OASIS
>at:
>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


-- 
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-898-0670