[WG-OTTO] Draft OTTO Minutes 8/12/15

Janusz Ulanowski janusz.ulanowski at heanet.ie
Tue Aug 18 06:53:29 CDT 2015


Hi,
just my little quick comment related to the last call.
I guess that merkle hash tree was meant by blockchain data structure? I 
think this is great idea!
I haven't had a chance to find out what would be the cost of singing the 
whole metadata - which could happen quite often (metadata for single 
entity is modified).
I presume that every entity will be treated as single piece of data, 
which then will be hashed.
So this looks like flat structure, where all data pieces are leaves in 
that tree - what about other potential information ?
With this scenario parties checking for entities' metadata can easily 
validate them.
If we have Registration Authority which allows to register entities for 
multi-federation purpose and they use single repository then
what about trust verification - this still doesn't tell us if there is 
trust between to parties? should a specific query be allowed to verify 
the trust?


Janusz Ulanowski
Edugate: http://www.edugate.ie
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
D01 X8N7

Registered in Ireland, no 275301
tel: +353-1-660 9040 fax: +353-1-660 3666
web: http://www.heanet.ie/

On 12/08/15 18:01, Mike Schwartz wrote:
>
> Draft Meeting minutes are available on Github:
> https://github.com/KantaraInitiative/wg-otto/blob/master/minutes/015-otto_minutes-8-12-2015.md
>
>
> Please make any changes or additions directly there. As this was the
> first meeting where quorum was achieved, we can approve at next week's
> meeting.
>
> --------------------------------------------------------------------
>
> OTTO WG Minutes 8/12/15
> STATUS: Draft
>
> ## Voting Members Attending:
> - Mike Schwartz
> - Judith Bush
> - Keith Hazelton
> - Janusz Ulanowski
>
> ## Non-voting members
> - Rainer Hoerbe
>
>
> ## Topics discussed
>
> NOMINATIONS / VOTING
> We will open nominations for roles the week of 9/2 - 9/8, hold voting
> the week of 9/9-9/15.
> Roles will be two co-chairs and specification editor.
>
> DISCUSSION of RFC 6962 - Certificate Transparency
> https://tools.ietf.org/html/rfc6962
> This RFC enables PKI CA's to publish their root certificates into a
> public ledger, so a
> certificate holder can verify the integrity of the root certificate. The
> technology could be
> applied to non-certificate data.
>
> Judith thinks that the ability to query the metadata is important. Would
> we lose the ability to query
> the metadata, so organizations wouldn't have to download the whole
> metadata. Rainer mentioned that the
> key-value data structure is ok for obtaining an individual entity's
> metadata, but not for SQL-like
> queries, like "give me all the entities with a certain attribute."
>
> George is wondering if the complexity--is it necessary for the concern
> of signed metadata. Its cool
> and more secure, but does it outweigh the cost?
>
> Rainer says its appropriate for high assurance identity management, and
> not so for low assurance
> trust frameworks. Rainer is working on a small-scale implemenation for
> the Austrian government.
> Also, how distributed?
>
> Mike posed the question: Is it the goal of OTTO for very centralized
> management? If so, it might
> not be worth the trouble.
>
> Not being a crypto-mathemetician, Mike asked if RFC 6962 has been
> validated. Google has code
> available in several languages:
> https://github.com/google/certificate-transparency
> Rainer also mentioned that there is an open source Erlang implementation
> available. In the IETF,
> for an RFC to advance to Internet Standard there have to be two separate
> implementations, widespread use.
> But indications are that it looks good.
>
> Example of InCommon Federation Metadata aggregate:
>   https://spaces.internet2.edu/display/InCFederation/Metadata+Aggregates
>
> Example of CACert Root Cert Publication:
>     http://www.cacert.org/index.php?id=3
>
> There was a discussion of trustmarks--a mechanism to enable the
> federation to issue a signed JSON token
> that would indicate membership in a federation. Mike was concerned that
> by addressing trust marks, it
> would just delay the delivery of the solution for entity metadata
> publication and discovery.
>
>
> -------------------------------------------------------------------------------------
>
>
> Next week's Meeting Details - same time / same place!
>
> -------------------------------------------------------------------------------------
>
>
> Screen Sharing: https://global.gotomeeting.com/join/162399285
>
> Audio: Skype: +99051000000481
> North America Toll: +1 (805) 309-2350
> Alternate Toll: +1 (714) 551-9842
> International Toll: http://www.turbobridge.com/international.html
>
> Conference ID: 613-2898
>
> Command Menu: 0 Plays menu of Keypad Commands *3 Promote to Host (if
> non-host) *5 Raise your hand *6 Mute yourself
> (toggle on/off) *# Private roll call of participants *\ Mute
> music-on-hold (toggle on/off)
>
> TurboPhone (beta): https://www.turbobridge.com/join.html Works with
> Internet Explorer on Windows only
>
> SIP Access (using IP phone or soft phone) sip:bridge at turbobridge.com
> SIP URL details: https://www.turbobridge.com/help/Index.html?context=180
>
> _______________________________________________
> WG-OTTO mailing list
> WG-OTTO at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-otto


More information about the WG-OTTO mailing list