[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [trust-el] Groups - Draft 0.2 of second deliverable uploaded
Mohammad, Thank you very much for you careful reading of the paper and input. -Mary From: Mohammad Jafari [mailto:mjafari@edmondsci.com] Hello, Thanks for the great work. One issue that I wanted to raise (possibly to be considered in the next iterations somewhere like in Section 1.1) is acknowledging that “trust elevation” and the “user’s privacy” are somehow competing requirements and every application must define/find its own optimal balance between the two. In other words, as the guard shown in Figure 1 is trying to maximize the trust, the competing force from user’s side which can be modeled as a sort of “privacy guard” is also trying to minimize sharing of information/credentials. Sufficient trust elevation occurs only if these two competing requirements coincide at a level that exceeds minimum trust requirements for the service and fall below the user’s maximum acceptable level of information given the privacy concerns. Accordingly, trust elevation is a game/negotiation between the user and the system and not a unilateral process by the service. I also found a typo on page 75 in Jaap’s last name. Also my first and last name are switched on page 76. Regards, Mohammad Jafari Security Architect, Edmond Scientific Company From: trust-el@lists.oasis-open.org [mailto:trust-el@lists.oasis-open.org] On Behalf Of Mary Ruddy
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]