[WG-OTTO] OTTO WG Minutes 11/11/2015

Rainer Hoerbe rainer at hoerbe.at
Thu Nov 12 09:10:57 CST 2015

> Am 11.11.2015 um 22:03 schrieb Mike Schwartz <mike at gluu.org>:
> Minutes from today's meeting are here:
> https://github.com/KantaraInitiative/wg-otto/blob/master/minutes/026-otto_minutes-11-11-2015.md

> ## Discussion of Linked Data
> JSON-LD looks like a good place to start. We have a way to define our schema, to globally identify
> entities, and to link entities. Kudos to Judith for suggesting it! 

I would add that JSON-LD is one of several linked data serialization formats, and to exploit the various tool kits available any notation in JSON-LD should be fully compatible with at least turtle and RDF.

> ## Discussion of Blockchain
> One of the challenges is how the federation can point to the current metadata for an entity. Depending
> on the blockchain technology used, its possible that old transactions may be purged after a certain
> period of time to keep the data set small. TBD, but we may need to include into the blockchain a pointer
> to the identifier of the entity + a hash value of the contents.

Block chains have different actors. Full nodes store the whole block chain, clients may store fairly small subsets. Purging will be difficult in a distributed environment, unless each entry has an expiration date, because otherwise no one knows for how long to use assertions for which purpose (thing of audit or litigation). OTOH expiration dates have been a pain in PKIX, requiring re-issuing certificates for no other reason as supporting the CA’s revenue model.
Metadata for networks should be always slow and tiny compared the the payload. I would argue that 100 GB of blockchain would not be considered large for the kind of network it supports. For mobile/embedded devices a client/server relationship should eliminate the size problem.

> ## Discussion of Rainer's requirements
> Reiner started this
> [use case doc](https://github.com/KantaraInitiative/wg-otto/blob/master/docs/sources/requirements/requirements.md)
> ### R1. Technology-Independent Claims
> Basically the idea is that OTTO could be used to solve problems in SAML and PKIX. This is a nice to have,
> but the last O in OTTO is "OAuth2". We could change the name to OTT (Open Trust Taxonomy)…

What about Omnifarious Trust Taxonomy Observatory ;-)

> But everyone agrees that if we can solve SAML and PKIX challenges too, that would be great.

- Rainer

More information about the WG-OTTO mailing list