[WG-UMA] graph person-to-organization constellation
rainer at hoerbe.at
Tue Mar 15 09:44:08 EDT 2011
Am 15.03.2011 um 14:33 schrieb Susan Morrow Avoco Secure:
> I agree Rainer that excessive detail is not a good idea, but I think the use of a graph to display the information, has the potential to allow more information than is normally possible to be displayed in a coherent manner.
> Domenico will be doing a revised model based on suggestions by Trent and others after last weeks call. We can access then, the effectiveness of this method.
> Domenico has also given explanations of the axes during that call, but I think that after the revisions are made it may become more clear.
> The bottom line is to try and find a manner of representing your constellation model in a rich enough way to capture UMA. And as Eve states in such a way that both legal and technical trust vectors can be displayed.
Technical and legal trust maps are not congruent because the actors are different. Eg. a Relying Party has trust to a subject's identity, whereas the verifier (the RP's agent to execute the authN protocol) has a technical trust to the claimant (the technical agent executing the authN protocol on behalf of the subject). I suggest to put them into separate diagrams.
> Sent from my iPad
> On 15 Mar 2011, at 13:03, Eve Maler <eve at xmlgrrl.com> wrote:
>> Hi Rainer-- Great questions. Domenico is normative for answers here. My guess is that this diagram is about generic "business trust" since it maps to one of our motivating scenarios vs. hard protocol details. My hope would be that it could be overlaid on our trust model to gain both meaningful "legal trust" (requesting party/AM operator/liability/etc.) and meaningful "technical trust" (requester endpoiny/AM endpoint/interop/etc.) if someone were to deploy UMA for this scenario.
>> On 15 Mar 2011, at 3:59 AM, Rainer Hörbe wrote:
>>> Hi Domenico
>>> Sorry if my comment is late and inadequate as I missed the discussion on the last call. I have difficulties to interpret the diagram:
>>> - What is the difference between trust and trustworthiness? Subjective vs. objective? If objective, by what authority?
>>> - Are we talking about technical or legal trust? The terms imply a mix of both, which is problematic.
>>> - What are the driving factors to put the actors at certain positions in the matrix?
>>> - How should the numbers be used? For some automated policy negotiation? If yes, how should it be computed?
>>> - What are the assumptions in the model on the technical and policy levels?
>>> In my view a trust model should make the trust computation as explicit as possible without displaying excessive details.
>>> - Rainer
>>> Am 10.03.2011 um 18:32 schrieb Domenico Catalano:
>>>> An Authorizing user (AU) make a loan request to a Financial Broker (Legal person) which became Requester Party in the act to access Authorizing User's resource (i.e. credit score).
>>>> The Financial Broker uses a Bank online loan service (third-party Requester) to process the AU request.
>>>> WG-UMA mailing list
>>>> WG-UMA at kantarainitiative.org
>>> WG-UMA mailing list
>>> WG-UMA at kantarainitiative.org
>> Eve Maler http://www.xmlgrrl.com/blog
>> +1 425 345 6756 http://www.twitter.com/xmlgrrl
>> WG-UMA mailing list
>> WG-UMA at kantarainitiative.org
More information about the WG-UMA