Attendees:
Sunil Mehta smehta@nimblecat.com (Nimblecat), John Panzer jpanzer@google.com (Google), Rohit Khare, mathieu.ramage@bnpparibas.com, Henry Jen <henryjen at ztune.net>
Problems:
- Facebook profiles are hugely inflated, no way to verify
- Sharing identity across research vessels
- APIs that depend on identity data, lots of information processing (quality highly suspect, no way to tell if source is reputable), want to aggregate, left w/junk
- Go to web app, want to share information with friends, have relationship, but need richer permissions/relationship model to reflect real life -- need reliable identity format to present to services; OpenID/OAuth working towards, not there yet.
- Interested in online reputation of companies, banking group, online reputation highly important, how to get info
- EBay problem: How do I trust this person I'm buying from, how do I feed back into this without the EBay problem of tit for tat black marks; how do you manage?
- Prime Life/Privacy: EU/data quality, security, data management (obstruct aggregation as above) -- keep companies from profiling -- have developed credential systems for anonymous credentials + third parties vouching for id. OAuth, OpenID empty shell -- need semantics (globally agreed upon). Using (XACML?) to do data governance on back end.
- Integration of client and web authentication.
- Identify themselves online; being able to reuse content, see where it comes from. Want assurance in some cases, not in others. Decentralized.
Credibility: Criteria for credibility? Who judges credibility? Hard to define credibility based on how someone looks? On what axes?
Distinguish credibility from reputation - FICO scores is an example of reputation -
Credibility: Probability that you will do what you say? Reputation is data from the past behavior? Problems: Data quality problems, attackers. Offline world -- credentials? Cannot use online because can't transport credentials.
People have a right to lie? Can withhold a connection request.
Salmon discussion - problem. Signed XML-DSig -> Salmon session. (Bit of a diversion.)
Outcomes:
Want to know: What are the missing pieces on the web? What do we need?
Systems for asking about credibility of sources - Reputation Services
Components of identity, credibility, etc.
Detect hacks/hijacks
Problem - proliferation of identity standards - problem, we haven't done what is really needed. FOAF, vcard, P3P, CardSpace, OpenID, XACML, SAML, ...
(No lightweight profile/kernel that can be used for all.)
Sistema de revisão feito pela Weblocal hospedagem de sites!