OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [soa-rm-ra] Trust

I have created two diagrams from the current trust model, the top model
for section 3-Business Via Services, and the lower model for section
5-Security.  I did not try to incorporate Agent into the section 3
diagram.  As always, suggestions are welcome.

Danny 

-------- Original Message --------
Subject: [soa-rm-ra] Trust
From: Francis McCabe <frankmccabe@mac.com>
Date: Wed, April 16, 2008 1:20 pm
To: soa-rm-ra <soa-rm-ra@lists.oasis-open.org>

I am afraid that I caused something of an 'upset' at today's telcon 
concerning trust :)

Here are the issues as I see them:

1. I am unhappy substituting participant for agent. My reasoning is 
that automated systems need to be trusted at least as much as people. 
There was no clear idea on the call for what participant should be 
replaced by; although removing the qualifier at the beginning about 
mostly human participants may be removed. In normal English usage, 
participants are essentially human in character.

2. The relationship between credentials and identity and action is 
*not* one of authorization. I am not sure at the moment what it should 
be but authorization is about the empowerment to perform actions, not 
whether the person doing them should be trusted. (The CIC has the 
power to take us to war; but I would not trust him if he asked us to.)

3. Some of the modeling around trust is inextricably linked to the 
issues covered in Section 3, and so I think that some of this needs to 
be moved there. That is because the appropriate level of abstraction 
for trust requires discussing the relationships between organizations, 
actions, participants etc.

4. A Section 5 discussion on trust should focus on what is needed to 
support clarity on trust and what is involved in running such a system 
(In fact, I see elements around trust in all three sections: 3,4 and 5.)

So, thinking more generally about this, I feel that (a) we are getting 
close to the total amount of content for the document but that (b) we 
are likely to need some reorganization. This is not reason to stop our 
first public review though.

Frank




---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

TrustAuthorizationDiagram.png

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]