RE: [soa-rm-ra] Trust

["Poulin, Michael" <Michael.Poulin@uk.fid-intl.com>]

Is this a proper understanding that the "lower model for section
5-Security" allows for un-authenticated Principal/Subject to be
authorised for an Action? If so, it is OK because we may have some
public services that do not require a control over a user identity.

However, the "top model for section 3-Business" implicitly states that a
Trust may affect Principal's abilities to perform an Action. I would
clarify  the dotted link with a comment like 'optional' to make it
consistent with the "lower model for section 5-Security"

Thanks,
- Michael

Important: Fidelity Investments International (Reg. No.1448245),
Fidelity Investment Services Limited (Reg. No. 2016555), Fidelity
Pensions Management (Reg. No. 2015142) and Financial Administration
Services Limited (Reg. No. 1629709, a Fidelity Group company) are all
registered in England and Wales, are authorised and regulated in the UK
by the Financial Services Authority and have their registered offices at
Oakhill House, 130 Tonbridge Road, Hildenborough, Tonbridge, Kent TN11
9DZ. Tel 01732 361144. Fidelity only gives information on products and
does not give investment advice to private clients based on individual
circumstances. Any comments or statements made are not necessarily those
of Fidelity. The information transmitted is intended only for the person
or entity to which it is addressed and may contain confidential and/or
privileged material. If you received this in error, please contact the
sender and delete the material from any computer. All e-mails sent from
or to Fidelity may be subject to our monitoring procedures. Direct link
to Fidelity's website -
http://www.fidelity-international.com/world/index.html 


-----Original Message-----
From: Danny Thornton [mailto:danny.thornton@scalablearchitectures.com] 
Sent: 16 April 2008 23:49
To: Francis McCabe
Cc: soa-rm-ra
Subject: RE: [soa-rm-ra] Trust

I have created two diagrams from the current trust model, the top model
for section 3-Business Via Services, and the lower model for section
5-Security.  I did not try to incorporate Agent into the section 3
diagram.  As always, suggestions are welcome.

Danny 

-------- Original Message --------
Subject: [soa-rm-ra] Trust
From: Francis McCabe <frankmccabe@mac.com>
Date: Wed, April 16, 2008 1:20 pm
To: soa-rm-ra <soa-rm-ra@lists.oasis-open.org>

I am afraid that I caused something of an 'upset' at today's telcon 
concerning trust :)

Here are the issues as I see them:

1. I am unhappy substituting participant for agent. My reasoning is 
that automated systems need to be trusted at least as much as people. 
There was no clear idea on the call for what participant should be 
replaced by; although removing the qualifier at the beginning about 
mostly human participants may be removed. In normal English usage, 
participants are essentially human in character.

2. The relationship between credentials and identity and action is 
*not* one of authorization. I am not sure at the moment what it should 
be but authorization is about the empowerment to perform actions, not 
whether the person doing them should be trusted. (The CIC has the 
power to take us to war; but I would not trust him if he asked us to.)

3. Some of the modeling around trust is inextricably linked to the 
issues covered in Section 3, and so I think that some of this needs to 
be moved there. That is because the appropriate level of abstraction 
for trust requires discussing the relationships between organizations, 
actions, participants etc.

4. A Section 5 discussion on trust should focus on what is needed to 
support clarity on trust and what is involved in running such a system 
(In fact, I see elements around trust in all three sections: 3,4 and 5.)

So, thinking more generally about this, I feel that (a) we are getting 
close to the total amount of content for the document but that (b) we 
are likely to need some reorganization. This is not reason to stop our 
first public review though.

Frank




---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php