Scribing Template --Friday, Oct 5, 2012 at 8:45am -- Salon 5
TOPIC: scaling metadata mngment &
CONVENER: David Simonsen
SCRIBE: Chris phillips
# of ATTENDEES: 40
MAIN ISSUES DISCUSSED
NOTE: these notes are freeflowing captured
How do we manage trust at scale of thousands (hundreds of thousands) of Service Providers & Identity providers
Areas of Interest:
Metadata files
Discovery
Trust
Q: M Gettes: How do communities form?
Q. Scott C: what do people have in mind around concepts.
Comments:
MG:I would like to publish
Tom B: What are the other factors (scholorship).
Attribute Authority for metadata
People want to be able to control and publish their own metadata. --> good, but why should I believe any of it?
should distribution and trust be sp
contexts in which trusts exists on the internet around identity providers and resource providers, not the any-person on the internet2
Q: Is this organizational trust or personal trust conversation?
it is about organizational trust.
Statement:
"trust is binary" & software needs to present a decision to the user.
The conversation is scoped to:
Observation: There are issues with distributing trust around with files.
Why files? Because DNS could not been used
Important aspects of trust distribution
- Move information from point A to point B with integrity
- Identity is not bound to location
-
enumeration of possible methods:
Discovery:
about find & get there
users do not want 'us' to tell them what or where they can go.
Q.ChrisP(online only)Is this a currated environment?
Observation TomB: have a way to prevent this from being subverted.
Observation: Scott C: this conversation needs to take into consideration non web as well.
Scott C: eduroam has a model that is being used <netid>@<realm> and maybe that 'is it'. What can be learned from this area
Observation: will domain based hinting be beneficial
Steve Carmody: can we split the path?
between
- user knows something and then access things
- Traditional shib has a list of known idPs
Tim Johnson: What about ipv6?
Observation: Does not give identity based networking
Trust anchor part of the conversation
What is the underlying trust model
What kind of flow are we seeking?
Selfpublishing is distributed
Organizational publishing
How to trust change in the ecosystem
Managing authority and access
items are delegation and attestation, forming a decision is the union of these and the evaluation of them by software is the problem
Do we have the right authorities
What is the trust anchor model for the endpoints in the system?
systems at the endpoints don't want to deal with multiple trust paths because it's hard and let the path figure out.
ACTIVITIES GOING FORWARD / NEXT STEPS
-
REFEDS is the venue & more face to face involvement.
If slides are used in the session, please ask presenters to convert their slides to PDF and email them to acamp-info@incommon.org
Thank you!