[WG-UMA] Definition of "Trust" (borrowing from TCG)
mark at smartspecies.com
Fri Mar 4 10:47:56 EST 2011
I very much agree. I support the relies upon approach for message
flows as this reliance dictates the needed notice for each relationship.
As Jeff and Rainer have done well to point out the flow and direction
of the Host and AM relationship needs to be clear for that to be
effective to progress these forward.
On 4 Mar 2011, at 14:11, Thomas Hardjono wrote:
> Thanks Mark and Rainer,
> Yes the definition of "trust" can be many and broad :-) For UMA, I
> believe we need to focus on building-blocks or modules that can be
> identified and which has a clear API purpose (eg. expected, inputs,
> expected outputs/behaviors). I think Domenico's diagram is on track to
> doing this.
> So, for example, if a UMA spec states that a User "introduces a Host
> to a AM", we need to be very exact as to the message flows, parameters
> exchanged in the message, and the status of information stored at the
> AM/Host (ie. expected privacy-behavior of entities (AM/Host) when
> holding User-related data), etc.
> By doing so I believe:
> (a) UMA will go beyond OAUTH2.0 as it stands today, and
> (b) UMA will facilitate (make life easier for) the folks developing
> Trust Frameworks and writing contracts based on these frameworks, and
> therefore get faster adoption.
>> -----Original Message-----
>> From: Mark Lizar [mailto:mark at smartspecies.com]
>> Sent: Thursday, March 03, 2011 2:57 PM
>> To: Rainer Hörbe
>> Cc: Thomas Hardjono; 'UMA WG WG'; Thomas Hardjono
>> Subject: Re: [WG-UMA] Definition of "Trust" (borrowing from TCG)
>> I just skimmed this doc and found it faintly useful for this
>> of Trust. I highly recommend getting Piotr Cota's book as it is
>> technically detailed and is useful for developing a trust framework
>> meta-model as it technically discusses all of the elements and their
>> relationships for what we are proposing with a trust framework.
>> Trust has 17 different basic definitions. I think for the most part
>> use trust in relation to the definition where expectations exist
>> between the AU and the AM. In this context I would suggest that the
>> term confidence, or reliance is used instead of trust.
>> as for Trust Relationships referred to here in UMA is this
>> to a technical trust between technical actors?
>> With my sociologist hat on, I am of the opinion that the intent of a
>> trust framework for identity is so that it can be trustworthy for
>> management of identity in society. IF this is true than we should
>> avoid mixing the technical trust, with the social trust as this may
>> lead to creating a significant challenge to any effort to create a
>> model of trust frameworks.
>> When possible I suggest using the term control or confidence instead
>> of trust in the technical context we are applying it to here.
>> a confidence framework can be developed so that it is trustworthy..
>> I found this table of contents and foreward summary of Piotr's book.
>> Best Regards,
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
More information about the WG-UMA