- From: David Orchard <dorchard@bea.com>
- Date: Mon, 3 Mar 2008 09:00:43 -0800
- To: <www-tag@w3.org>
FYI, and note the line "However, the TC will be using the output of
other OASIS TC such as XDS, XRI, DSS, WS*, SAML and WS-Security."
-----Original Message-----
From: Mary McRae [mailto:marypmcrae@gmail.com] On Behalf Of Mary McRae
Sent: Sunday, March 02, 2008 1:25 PM
To: members@lists.oasis-open.org; tc-announce@lists.oasis-open.org
Subject: [members] FW: OASIS Call for Participation: Open Reputation
Management Systems (ORMS) TC
To: OASIS members & interested parties
A new OASIS technical committee is being formed. The OASIS Open
Reputation Management Systems (ORMS) Technical Committee has been
proposed by the members of OASIS listed below. The proposal, below,
meets the requirements of the OASIS TC Process [a]. The TC name,
statement of purpose, scope, list of deliverables, audience, and
language specified in the proposal will constitute the TC's official
charter. Submissions of technology for consideration by the TC, and the
beginning of technical discussions, may occur no sooner than the TC's
first meeting.
This TC will operate under our 2005 IPR Policy [b]. The eligibility
requirements for becoming a participant in the TC at the first meeting
(see details below) are that:
(a) you must be an employee of an OASIS member organization or an
individual member of OASIS;
(b) the OASIS member must sign the OASIS membership agreement [c];
(c) you must notify the TC chair of your intent to participate at
least 15 days prior to the first meeting, which members may do by using
the "Join this TC" button on the TC's public page at [d]; and
(d) you must attend the first meeting of the TC, at the time and date
fixed below.
Of course, participants also may join the TC at a later time. OASIS and
the TC welcomes all interested parties.
Non-OASIS members who wish to participate may contact us about
joining OASIS [c]. In addition, the public may access the information
resources maintained for each TC: a mail list archive, document
repository and public comments facility, which will be linked from the
TC's public home page at [d].
Please feel free to forward this announcement to any other
appropriate lists.
OASIS is an open standards organization; we encourage your feedback.
Regards,
Mary
---------------------------------------------------
Mary P McRae
Manager of TC Administration, OASIS
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
[a] http://www.oasis-open.org/committees/process.php
[b] http://www.oasis-open.org/who/intellectualproperty.php
[c] See http://www.oasis-open.org/join/ [d]
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=orms
CALL FOR PARTICIPATION
OASIS Open Reputation Management Systems (ORMS) TC
OASIS Open Reputation Management Systems (ORMS) Technical Committee
(1)(a) The name of the TC
OASIS Open Reputation Management Systems (ORMS) Technical
Committee
(1)(b) A statement of purpose, including a definition of the problem to
be solved.
The increasing reliance on the Internet as a medium for social
interaction and online collaboration, and the emergence of converged
networks with ubiquitous services that span different wire-line,
wireless, mobile networks, devices, and users are placing new emphasis
for developing reputation mechanisms for electronics based communities.
The use of reputation systems has been proposed for various applications
such
as:
* Validating the trustworthiness of sellers and buyers in online
auctions (which sites like eBay have proved can have large influence on
sellers)
* Detecting free riders in peer to peer networks
* Ensuring the authenticity of signature keys in a web of trust.
* Smarter searching of web sites, blogs, events, products, companies and
other individuals.
Reputation in this context refers to the opinions about an entity, from
others.
Reputation is one of the factors upon which trust can be based through
the use of verifiable claims. Reputation changes with time and is used
within a context.
Trust and reputation are related to a context. For example, my trust
in Sam as
a
doctor can be different from my trust in Sam as my financial advisor.
There are various methods for generating user's reputation data or
trustworthiness.
Some methods are based on user's feedback through appropriate feedback
channels,
such as in eBay. Other methods include having viewers participate in the
reputation-building process through the user's profile at specific sites
and communities. Each method has its limitations in terms of its
susceptibility to bad actors, manipulation of data for specific
purposes, and spammers.
Current thrusts with user-centric Identity solutions place immediate and
urgent importance for the development of online reputation management
systems that could be used for enabling trust and collaboration in a
distributed manner while preserving the privacy of Personally
Identifiable Information (PII).
Reputation models are built using diverse mechanisms to meet specific
needs - such as the feedback system of eBay. In general reputations
systems collect, distribute,
and may aggregate feedback about a principal's past behavior. The
availability of online reputation feedback systems and the use of data
extraction mechanisms will eventually lead to the wide availability of
reputation information about users (human, devices
etc.) on
the Internet. As such, there is a need to have users control how, when
and by whom their reputation data is accessed. At the least, there is a
need for users to be aware and in control of privacy related components
of their reputation data. These issues are also related to how global
reputation is computed based on observed user's interactions.
Reputation based techniques can be used as the basis for building trust
and enhancing cooperation in peer-to-peer networks, either in a
centralized manner or through the use of aggregators and brokers.
Currently, because the majority of existing online reputation based
mechanisms is developed by private companies and use proprietary schemas
for representing reputation data, there is no standard way to query,
store, aggregate, or verify claims between systems. There is no standard
way for users to participate or determine the reputation of the
reputation data providers. Additionally, there is no standard
communication protocol for exchanging reputation data.
Evaluating large sets of different and possibly contradictory opinions
is a non-trivial process. The trust model of a reputation system
represents the core component of the system. It defines all assumptions
on the properties of trust and describes how to calculate reputation
scores (trust values). A trust value cannot be applicable in all
contexts. As such, there is a need for a Reputation Management
Framework that enables users to acquire raw reputation data and
calculate their own reputation scores, either using their personal
experience or with the help of data aggregators.
A good Reputation Management System will separate the reputation of the
evaluator from the data that is used to evaluate a give entity in the
system. The same concept should apply to all entities in the eco-system.
In this fashion, aggregators will have a reputation that can be used to
score how well they do in gathering good data, and feedback providers
will have their own reputation that could be used as a means to purge or
clean feedback that they provide on other entities. Such systems will be
less susceptible to data manipulation and have the ability to provide
constructive reputation or trustworthiness scores.
In order to build an internet-scale trust-infrastructure, reputation
data needs to be readily available for use and sharing in many contexts.
Additionally, there is a
need to ensure that users have a say in who owns their data, how it is
protected
and what mechanisms are available to manage it. Many OASIS and other
open standards
can play an important role in ensuring that reputation data stays open.
The
ORMS
standards will be independent of the Identity Management System.
(1)(c) The scope of the work of the TC.
The purpose of this TC is to develop an Open Reputation Management
System (ORMS)
that provides the ability to use common data formats for representing
reputation data, and standard definitions of reputation scores. The
system will not define algorithms for computing the scores. However, it
will provide the means for understanding the relevancy of a score within
a given transaction. The TC's output will enable the deployment of a
distributed reputation systems that can be either centralized or
decentralized with the ability for aggregators and intermediaries to be
part of the business model.
Scope of the work
1. Analysis, Use Cases and Requirement Gathering
a. Use cases to gather requirements that ORMS will need to meet and
understand the
business and social impact of such a system including security,
privacy, threats
and risks requirements will also be developed. Explore the use of
reputation mechanisms
in novel settings.
b. Document that analyzes performance of existing reputation mechanisms
with
respect to the requirements developed in the previous steps and
identify
current gaps.
2. Develop Framework for Open Reputation Data
a. Development a framework for reputation data gathering including:
* Development of common data models for expressing reputation data
* XML Schema for representing ORMS data
* XML Schema for Reputation Score
* Development of standard way of exchanging reputation claims among
systems.
* Development of means of aggregating reputation data including
delegation of
claims generations and assertions.
* Development of query/response communication protocols for
exchanging
reputation data in a trusted and secure fashion. This step may
develop a
new protocol, or extend current ones such as SAML, OpenID etc.
3. Security, threats and Risk analysis
* Perform Security Risk analysis and profiles for best practice.
4. Out of Scope
Algorithms that can be used for generating a reputation score are out of
scope of this work. The work will define a standard way to infer what a
given score will mean but will not specify how to compute that value.
The work does not exclude methods for asserting equivalence or
relationships between scoring systems. A possible output of the TC work
might include methods to facilitate the calculation of comparisons
between score ratings, or operations that take multiple scores as
inputs.
(1)(d) A list of deliverables, with projected completion dates.
1. Use Cases document; July 2008
2. Requirements document; September 2008
3. Framework for reputation data gathering; January 2009
4. XML Schema for representing ORMS data; March 2009
5. XML Schema for Reputation Score; March 2009
6. Assertions/claims (tokens) profiles; March 2009
7. Protocol(s) for exchanging of reputation data and assertion
tokens; September 2009
8. Security, threats and Risk analysis; January 2010
(1)(e) Specification of the IPR Mode under which the TC will operate.
The TC shall operate under: RF on limited Terms
(1)(f) The anticipated audience or users of the work.
The output of this work will have direct benefits for the use of the
internet as a medium for conducting social internetworking. The work
will have direct impact of the users of the Identity Management, blogs,
OpenID communities and trust establishment in peer to peer and social
networks.
(1)(g) The language in which the TC shall conduct business.
This TC will use English as the language for conducting its
operations.
(2) Non-normative information regarding the startup of the TC:
(2)(a) Identification of similar or applicable work that is being done
in
other OASIS TCs or by other organizations, why there is a need
for another
effort in this area and how this proposed TC will be different,
and what level of
liaison will be pursued with these other organizations.
The ORMS TC will be developing new work items that are currently not
covered by any other OASIS TC. However, the TC will be using the output
of other OASIS TC such as XDS, XRI, DSS, WS*, SAML and WS-Security.
The TC co-chairs will coordinate closely with the above TC in order to
inform them about the progress of the ORMS work and also in order to
count on their expertise in the development of ORMS work.
Currently, there is no other work in any other SDO that overlap with the
work of this TC.
(2)(b) The date, time, and location of the first meeting, whether it
will be held in person or by phone, and who will sponsor this first
meeting. The first meeting of a TC shall occur no less than 30 days
after the announcement of its formation in the case of a telephone or
other electronic meeting, and no less than 45 days after the
announcement of its formation in the case of a face-to-face meeting.
The First meeting of this TC will take place on May 1 and May 2, 2008 to
coincide with the OASIS Symposium at: Santa Clara Marriott, 2700 Mission
College Boulevard, Santa Clara CA 95054.
(2)(c) The projected on-going meeting schedule for the year following
the formation
of the TC, or until the projected date of the final deliverable,
whichever comes
first, and who will be expected to sponsor these meetings.
The TC will conduct its business via weekly teleconference call. The
time of the call will be determined during the first meeting of the TC.
The TC will conduct F2F meeting on as needed bases. Teleconference
facilities and F2F meetings will be sponsored by the TC participants.
(2)(d) The names, electronic mail addresses, and membership affiliations
of at least
Minimum Membership who support this proposal and are committed to
the Charter
and projected meeting schedule.
Tony Rutkowski, VeriSign, trutkowski@verisign.com Tony Nadalin, IBM,
drsecure@us.ibm.com Drummond Reed, Cordance, drummond.reed@cordance.net
Nat Sakimura, NRI, n-sakimura@nri.co.jp Tatsuki Sakushima, NRI,
tatsuki@nri.com Masaki Nishitani, NRI, m-nishitani@nri.co.jp Madhukar,
GOOGLE, madhukar@google.com Phill Windley, Individual, phil@windley.org
Paul Trevithick, Individual, Paul@parityinc.net Arshad Noor, StrongAuth,
arshad.noor@strongauth.com Bill Barnhill, Booz Allen,
barnhill_william@bah.com Rakesh Radhakrishnan, Sun,
Rakesh.Radhakrishnan@Sun.COM
(2)(e) The name of the Convener who must be an Eligible Person.
Abbie Barbir of Nortel will be the TC Convener.
(2)(f) The name of the Member Section with which the TC intends to
affiliate with
The TC intends to affiliate with the IDTrust Member Section.
(2)(g) Optionally, a list of contributions of existing technical work
that the
proposers anticipate will be made to this TC.
[1] OpenID Reputation Service Extension (Proposal), by Nat
Sakimura,
Nomura Research Institute
[2] Trusted Data Exchange Overview, by Nat Sakimura and
Masaki Nishitani, Nomura Research Institute
* wiki version of the two documents can be found at
http://myidproject.net/?OpenIDTrustedDataExchange
http://myidproject.net/?OpenIDReputationService
(2)(h) Optionally, a draft Frequently Asked Questions (FAQ) document
regarding the
planned scope of the TC, for posting on the TC's website.
None
(2)(i) Optionally, a proposed working title and acronym for the
specification(s) to be
developed by the TC.
None
---------------------------------------------------------------------
This email list is used solely by OASIS for official consortium
communications.
Opt-out requests may be sent to member-services@oasis-open.org, however,
all members are strongly encouraged to maintain a subscription to this
list.
Received on Monday, 3 March 2008 17:01:17 UTC