Meeting notes, Authority Recognition Research Group, October 6, 2003 1. IPR statement and agenda 2. Going through the submitted document. David presented the ideas and content on the Authority Recognition document. - The basic processes for establishing trust and QIK was explained. Ken: Dangerous. In SAML you don't carry the information of the proper use of a credential inside the credential itself. David: But the trust will be established in a particular context. The aim of QIK is to make trust a non-binary and dynamic risk assessment issue. - The pictured of "Layers of trust and indirection" was discussed at length. Ken: this models the real world today, where long-term trust tends to only be established on the enterprise / university campus level. The organizations will in turn assert the identities of all end users. David: Don't know if QIK this is a really good name (any longer). Perhaps it should be renamed. 3. Ongoing activities and discussion - Continue to explore QIK - Examine Liberty Authentication Context for process oriented mechanism - Explore 3rd party rating systems - Mapping to Grid Federation work Leon: Maybe you should also think of delegation of trust David: Reputation brokers would be useful Sasha: What's the fundamental difference between this and cross certification? (Discussed at length) Markus: I wonder if the overhead/cost of establishing trust has simply been moved elsewhere: It now becomes a much more difficult process to resolve liability issues when a contract is eventually breached. David: The model works thanks to all of the additional information that you have around the QIK statement (reputation, name, context, ISO certifications). However, goodwill and reputation is not yet formally in the model. David: Do you see any use for all of this? [mumble from the audience] Sasha: In real life you have insurance companies that reimburse you when things go wrong (example: you trust the bus to take you to the airport in time, but it breaks down). How does such things fit in the model? David: Another thing to think about and add to the model. Steve: How do you make sure you have all the reputation about some entity, especially in case that the statements disagree (some says "OK", others says "Crook")? David: I also have to evaluate the trust in the person that makes such a reputation statement. Sasha: This model assumes long relationships, as the reputation and trust will increase in time (hopefully). Is this what the Grid community need? (Others commented on seeing future needs for dynamic one-time interactions between entities on the Grid.) end.