[WG-UMA] Definition of "Trust" (borrowing from TCG)

Thomas Hardjono identity at hardjono.net
Fri Mar 4 09:11:42 EST 2011

Thanks Mark and Rainer,

Yes the definition of "trust" can be many and broad :-)   For UMA, I
believe we need to focus on building-blocks or modules that can be
identified and which has a clear API purpose (eg. expected, inputs,
expected outputs/behaviors). I think Domenico's diagram is on track to
doing this.

So, for example, if a UMA spec states that a User "introduces a Host
to a AM", we need to be very exact as to the message flows, parameters
exchanged in the message, and the status of information stored at the
AM/Host (ie. expected privacy-behavior of entities (AM/Host) when
holding User-related data), etc.

By doing so I believe:
(a) UMA will go beyond OAUTH2.0 as it stands today, and 
(b) UMA will facilitate (make life easier for) the folks developing
Trust Frameworks and writing contracts based on these frameworks, and
therefore get faster adoption.



> -----Original Message-----
> From: Mark Lizar [mailto:mark at smartspecies.com]
> Sent: Thursday, March 03, 2011 2:57 PM
> To: Rainer Hörbe
> Cc: Thomas Hardjono; 'UMA WG WG'; Thomas Hardjono
> Subject: Re: [WG-UMA] Definition of "Trust" (borrowing from TCG)
> Rainer,
> I just skimmed this doc and found it faintly useful for this
> of Trust.  I highly recommend getting Piotr Cota's book as it is
> technically detailed and is useful for developing a trust framework
> meta-model as it technically discusses all of the elements and their
> relationships for what we are proposing with a trust framework.
> Trust has 17 different basic definitions.  I think for the most part
> use trust in relation to the definition where expectations exist
> between the AU and the AM.  In this context I would suggest that the
> term confidence, or reliance is used instead of trust.
> as for Trust Relationships referred to here in UMA   is this
> to a technical trust between technical actors?
> With my sociologist hat on, I am of the opinion that the intent of a
> trust framework for identity is so that it can be trustworthy for
> management of identity in society.   IF this is true than we should
> avoid mixing the technical trust, with the social trust as this may
> lead to creating a significant challenge to any effort to create a
> model of trust frameworks.
> When possible I suggest using the term control or confidence instead
> of trust  in the technical context we are applying it to here.
> a confidence framework can be developed so that it is trustworthy..
> I found this table of contents and foreward summary of Piotr's book.
> (attached)
> Best Regards,
> Mark

More information about the WG-UMA mailing list