[WG-OTTO] OTTO WG Meeting Minutes 2/3/2016

Rainer Hoerbe rainer at hoerbe.at
Wed Feb 10 01:42:30 CST 2016


Judith, Janusz,

Trust decisions may be (and usually will be) more complex than distance vector metrics. A federation may decide to include only certain types of distant entities (think of SAML entity categories), or filter out entities with weaker keys. Also, binary 0/1 trust decisions may not reflect opt-in/opt-out mechanics. And while linked data should aim for semantic precision, it will be unavoidable that larger systems bump into semantic differences in different jurisdictions etc. (Think of „what is recognized as a university“).

To confirm this it may be worth looking at the various metadata filters that evolved in R&E federations wrt eduGain, or campus federation wrt to the national federation and analyze the rule sets used there.

My view is that trust circles should have the ability to define their rule set when generating metadata from the generic layer. In the OTTO-related session at the EIC someone pointed out that for this purpose the system should have 3 layers: generic layer -> trust-cirlce specific layer -> technology specific layer. 

- Rainer



> Am 10.02.2016 um 01:38 schrieb Bush,Judith <bushj at oclc.org>:
> 
> 
> I guess I need to know: what are we trusting? It seems different federations may offer a trust structure for different reasons. 
> 
> It seems that it matters how federations interfederate. I’ve a doodled example where a small federation has the ability to represent the members of the federation to InCommon. That relationship (memberof) could be represented by a 0 in your network. Here, InCommon trusts that all the members onf the small federation are bound by the same agreement (legal structure). That same small federation might exchange metadata with a library resources federation, but not make any trust assertion. That could be represented by a 1 (the small fed trusts the library fed). While institution A may trust that the metadata they have is good for C, the distance of “3” indicates that A should form a bilateral legal agreement before exchanging any assertions about their users.
> 
> 
> judith
> 
> 
> 
> 
> 
> On 2/3/16, 2:55 PM, "wg-otto-bounces at kantarainitiative.org on behalf of Janusz Ulanowski" <wg-otto-bounces at kantarainitiative.org on behalf of janusz.ulanowski at heanet.ie> wrote:
> 
>> Hi,
>> I'm just thinking about federation as member of federation.
>> Please see attached two pics.
>> 
>> a) pic1: aka traditional way (entity my be member of multiple 
>> federation) plus I added option bi-literal trust.
>> in this scenario is quite easy is quite ease calculate relations among 
>> entities. If in graph world we set distanses:
>> entity - federation = 1
>> entity - entity = 2
>> then to there is a trust between two entities if the shortest distance 
>> must be max 2
>> 
>> b) pic2 : scenario when federation is member of federation etc
>> just wondering how to software will calculate the trust between entities.
>> Is A in trust with F and D or only with D or neither?
>> 
>> 
>> 
>> On 03/02/16 21:38, Mike Schwartz wrote:
>>> OTTO WG Minutes 2/3/16
>>> STATUS: Draft
>>> 
>>> ## Voting Members Attending:
>>>  - Mike Schwartz
>>>  - Judith Bush
>>>  - Janusz Ulanowski
>>>  - Keith Hazelton
>>> 
>>> ## Non-voting members
>>>  - Yuriy Zabrovarnyy
>>> 
>>> ## Discussion of Re-Charter
>>> 
>>> Discussion of charter located:
>>> [github](https://github.com/KantaraInitiative/wg-otto/blob/master/kantara/charter.md)
>>> 
>>> 
>>> ## Discussion of Draft Initial Design
>>> 
>>> [Draft OTTO Design](http://ox.gluu.org/doku.php?id=otto:proposal)
>>> 
>>> Yuriy spent some time working on the above Wiki page to proposes a design.
>>> 
>>> He suggested three endpoints:
>>>   1. /federations endpoint returns a list of the federations
>>>   2. /federations/<id> returns information about a specific federation,
>>> such as the services and organizations
>>>   that comprise it.
>>>   3. /federation_entity endpoint returns information about a service
>>> (IDP, OP, RP, etc)
>>> 
>>> Each of these endpoints return JSON-LD, where the @context provides a
>>> link which describes the schema for the
>>> returned object.
>>> 
>>> The design would support linking
>>>   1. A federation could link to a local entity, a remote entity or a
>>> remote or local federation
>>>   2. Entities could link to organizations
>>> 
>>> Janusz mentioned that this design was compatible with his a
>>> [relation
>>> model](https://github.com/KantaraInitiative/wg-otto/blob/master/files/janusz_proposed_schema.pdf)
>>> 
>>> he had previously proposed.
>>> 
>>> A conversation arouse as to whether the entity should also link back to
>>> the federation. Mike raised the issues
>>> that this could result in referential integrity issues. However, its not
>>> really a problem, because the federation
>>> is authoritative for membership.
>>> 
>>> We had a conversation as to whether the federation should link to
>>> organizations, which should link to services.
>>> The net result was that the federation could list both services and
>>> organizations.
>>> 
>>> The work in front of us is to flush out the schema. Another important
>>> issue that needs to be raised is how to sign
>>> the graph, and perhaps also how to hash the metadata for an entity if
>>> its stored elsewhere.
>>> 
>>> ## Next Meeting - Weds 2/10/2016 8am PT
>>> ## Next Meeting - Weds 2/10/2016 8am PT
>>> 
>>> Screen Sharing:
>>> [https://global.gotomeeting.com/join/162399285](https://global.gotomeeting.com/join/162399285)
>>> 
>>> 
>>>  - Audio: Skype: +99051000000481
>>>  - North America Toll: +1 (805) 309-2350
>>>  - Alternate Toll: +1 (714) 551-9842
>>>  - International Toll: http://www.turbobridge.com/international.html
>>> 
>>>  - Conference ID: 613-2898
>>> 
>>>     Command Menu: 0 Plays menu of Keypad Commands *3 Promote to Host
>>> (if non-host) *5 Raise your hand
>>>     *6 Mute yourself (toggle on/off) *# Private roll call of
>>> participants *\ Mute music-on-hold (toggle on/off)
>>> 
>>>     TurboPhone (beta): https://www.turbobridge.com/join.html Works with
>>> Internet Explorer on Windows only
>>> 
>>>     SIP Access (using IP phone or soft phone) sip:bridge at turbobridge.com
>>>     SIP URL details:
>>> https://www.turbobridge.com/help/Index.html?context=180
>>> 
>>> _______________________________________________
>>> WG-OTTO mailing list
>>> WG-OTTO at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/wg-otto
> <default.png>_______________________________________________
> WG-OTTO mailing list
> WG-OTTO at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-otto



More information about the WG-OTTO mailing list