14:48:17 <RRSAgent> RRSAgent has joined #prov-xg
14:48:17 <RRSAgent> logging to http://www.w3.org/2010/05/07-prov-xg-irc
14:48:19 <trackbot> RRSAgent, make logs world
14:48:19 <Zakim> Zakim has joined #prov-xg
14:48:21 <trackbot> Zakim, this will be 98765
14:48:21 <Zakim> ok, trackbot; I see INC_PROVXG()11:00AM scheduled to start in 12 minutes
14:48:22 <trackbot> Meeting: Provenance Incubator Group Teleconference
14:48:22 <trackbot> Date: 07 May 2010
14:48:50 <olaf> Zakim, this will be inc_provxg
14:48:50 <Zakim> ok, olaf; I see INC_PROVXG()11:00AM scheduled to start in 12 minutes
14:51:59 <SamCoppens> SamCoppens has joined #prov-xg
14:52:00 <olaf> Agenda: http://lists.w3.org/Archives/Public/public-xg-prov/2010May/0001.html
14:52:19 <olaf> chair: Yolanda Gil
14:52:30 <olaf> Scribe: Olaf Hartig
14:52:38 <olaf> ScribeNick: olaf
14:52:50 <olaf> rrsagent, make logs public
14:53:11 <raphael> raphael has joined #prov-xg
14:54:34 <ivan> ivan has joined #prov-xg
14:54:40 <pgroth> pgroth has joined #prov-xg
14:55:10 <pgroth> hi ivan
14:55:32 <Irini> Irini has joined #prov-xg
14:56:03 <pmissier> pmissier has joined #prov-xg
14:56:23 <Zakim> INC_PROVXG()11:00AM has now started
14:56:30 <Zakim> +??P0
14:56:48 <Zakim> + +1.310.560.aaaa
14:57:06 <Zakim> +??P2
14:57:59 <Yolanda> Yolanda has joined #prov-xg
14:58:23 <Yolanda> thank you Olaf for scribing!
14:58:28 <smiles> smiles has joined #prov-xg
14:58:34 <Zakim> +??P7
14:58:35 <Zakim> + +49.308.937.aabb
14:58:45 <Yolanda> zakim, who is on the phone?
14:58:45 <Zakim> On the phone I see ??P0, +1.310.560.aaaa, ??P2, ??P7, +49.308.937.aabb
14:58:53 <afreitas> afreitas has joined #prov-xg
14:59:00 <michaelp> michaelp has joined #prov-xg
14:59:00 <pgroth> Zakim, ?P2 is pgroth
14:59:00 <Zakim> sorry, pgroth, I do not recognize a party named '?P2'
14:59:07 <pgroth> Zakim, ??P2 is pgroth
14:59:07 <Zakim> +pgroth; got it
14:59:09 <Zakim> +??P3
14:59:14 <Zakim> + +30281039aacc
14:59:15 <Yolanda> zakim, +1.310.560.aaaa is really me
14:59:15 <Zakim> +Yolanda; got it
14:59:17 <Zakim> + +1.614.764.aadd
14:59:29 <Zakim> + +49.300.aaee
14:59:46 <Irini> Zakim,+30281039aacc is Irini
14:59:46 <Zakim> +??P9
14:59:46 <Zakim> +Irini; got it
14:59:52 <olaf> zakim, aabb is olaf
14:59:52 <Zakim> +olaf; got it
14:59:59 <smiles> zakim, ??P9 is really me
14:59:59 <Zakim> +smiles; got it
15:00:03 <ivan> zakim, dial ivan-voip
15:00:03 <Zakim> ok, ivan; the call is being made
15:00:04 <Zakim> +Ivan
15:00:18 <Zakim> +??P12
15:00:21 <SamCoppens> zakim, ??P0 is SamCoppens
15:00:21 <Zakim> +SamCoppens; got it
15:00:33 <Zakim> -??P7
15:00:38 <pmissier> zakim,  ??P1 is pmissier
15:00:38 <Zakim> +pmissier; got it
15:00:41 <Zakim> + +1.619.223.aaff
15:00:50 <Zakim> +??P5
15:01:02 <jcheney> jcheney has joined #prov-xg
15:01:09 <JimM> JimM has joined #prov-xg
15:01:23 <pmissier> zakim,  ??P12 is pmissier
15:01:23 <Zakim> I already had ??P12 as pmissier, pmissier
15:01:59 <Mark> Mark has joined #prov-xg
15:02:03 <Christine> Christine has joined #prov-xg
15:02:41 <Zakim> +??P13
15:02:44 <Mark> did not find US tel # on site for today...
15:02:59 <Zakim> +??P15
15:03:14 <JimM> Zakim, ??P13 is JimM
15:03:14 <Zakim> +JimM; got it
15:03:29 <olaf> Yolanda: we want to learn more about security related issues in our use cases
15:03:30 <Zakim> +??P14
15:03:43 <jcheney> zakim, ??p15 is me
15:03:43 <Zakim> +jcheney; got it
15:03:51 <olaf> Yolanda: new members ...
15:03:59 <dgarijo> me
15:04:13 <olaf> dgarijo: from UPM
15:04:32 <Mark> yolanda - pls fwd the US bridge tel # - is not on site
15:04:49 <olaf> dgarijo: student project on provenance
15:05:14 <olaf> paulo: what provenance projects?
15:05:22 <Yolanda> Bridge US: +1-617-761-6200 (Zakim) Bridge UK: +44.117.370.6152 Bridge FR: +33.4.89.06.34.99 Conference code: 98765
15:05:31 <tlr> tlr has joined #prov-xg
15:05:35 <tlr> zakim, call thomas-781
15:05:35 <Zakim> ok, tlr; the call is being made
15:05:36 <Zakim> +Thomas
15:05:45 <Mark> zakim??? ?
15:06:06 <Zakim> + +1.518.608.aagg
15:06:36 <DeborahMcG> DeborahMcG has joined #prov-xg
15:06:51 <olaf> tlr: most of the time we will be going through list of sec.issues in the use cases
15:07:21 <Mark> srry zakim...518-608-2244 does not work
15:08:06 <Mark> this is mark sartor
15:08:22 <olaf> tlr: associating message with identity
15:08:34 <Yolanda> Mark: were you able to get on the phone?
15:08:48 <Mark> no...do not have correct US bridge #
15:08:54 <olaf> tlr: ivan's signature assoc. with message -> conclude message was signed by ivan
15:09:09 <Yolanda> +1-617-761-6200 then conference code 98765
15:09:41 <Zakim> + +1.609.936.aahh
15:09:47 <Mark> ok, am in.... thx
15:10:46 <olaf> tlr: complicated about RDF: mixing data
15:11:11 <olaf> tlr: what of these piece are reliable?
15:11:23 <Mark> aahh...Mark
15:11:38 <olaf> tlr: early work by J.Carroll
15:11:55 <olaf> tlr: efficient canonicalization
15:12:10 <olaf> tlr: only for a subset of RD graphs
15:12:40 <olaf> tlr: blank nodes are a big issues
15:13:14 <olaf> tlr: signatures give useful additional information about the data
15:13:54 <olaf> tlr: what annotations can be made to graphs and subgraphs?
15:15:21 <olaf> tlr: discussion ...
15:15:38 <Mark> how about the overhead metadata (size and BW issue) related to this? what portion of the original data size..
15:15:55 <olaf> Yolanda: can one be reliably rely on having a signature forever?
15:16:35 <olaf> tlr: associating signature to everything not useful
15:16:40 <olaf> this won't scale
15:16:49 <tlr> s/signature/public key/
15:17:07 <Mark> what about backing out problems...e.g., when we find out that the provenance was incorrect/bad (bad character...)
15:17:12 <olaf> cert.authority is a 3rd party I trust
15:18:15 <Mark> call this transferred provenance..perhaps we can use this as a secondary level
15:18:18 <olaf> tlr: relying on another party to verify the binding between the key and the party assoc. with it
15:18:34 <Yolanda> paul: i have to step out for a min, can you take on?
15:18:55 <olaf> tlr: CAs allow for hierarichal structures
15:19:04 <Mark> my view is that we assign provenance to data, and to relationships (which may affect the data); should handle differently?
15:19:21 <olaf> tlr: hence only a small amount of authorities required
15:19:35 <pgroth> sure
15:20:06 <Mark> need to assign levels of trust...i trust "person" 50%...
15:20:33 <olaf> tlr: issues: don't trust "old" key
15:21:01 <olaf> tlr: ... based on outdated algorithms
15:21:40 <Mark> time may change things in relationships between entities (thereby trust); how do we acccount for this
15:22:14 <JimM> q+
15:22:14 <pgroth> any questions?
15:22:46 <tlr> +1 to that
15:23:35 <olaf> JimM: comment: electr.signatures relevant for records also as a timestamp
15:23:55 <olaf> JimM: sign series of pages - hierarchy of signings
15:25:40 <olaf> JimM: learning from attacks on electronic records for RDF
15:26:50 <olaf> tlr: how express signature semantics ? requires work
15:27:11 <smiles> q+
15:28:22 <olaf> tlr: library community has worked on these issues
15:28:35 <olaf> JimM: difference with RDF is OWA
15:29:05 <JimM> q-
15:29:11 <olaf> JimM: RDF has not a hierarchy that can be facilitated
15:29:37 <olaf> smiles: complication with provenance ..
15:30:35 <olaf> smiles: experiment data cannot always be signed
15:30:49 <olaf> smiles: b/c the potential signer is not available anymore
15:31:22 <olaf> smiles: experiment results are based on lots of input
15:31:25 <Mark> q+
15:31:40 <olaf> smiles: only some of which are relevant (for signing / provenance)
15:32:06 <olaf> tlr: make statement on your own data - the data you have available
15:32:14 <pgroth> q+
15:32:39 <olaf> tlr: don't rely on signatures of others
15:33:19 <olaf> tlr: what does is the semantics of the provenance metadata - what does it mean? (signatures are just a tool)
15:34:31 <olaf> tlr: sign a summary statement instead of the whole data
15:35:18 <JimM> I think it is always straight forward to have a third party sign subsets if the originator signs the'whole thing' - 
15:35:36 <tlr> jimM, right -- if the consumer trusts that third party ;-)
15:35:37 <JimM> I read Newton's notebook and he said "F=ma"
15:35:41 <JimM> yep
15:36:01 <olaf> Mark: once we find signatures and have a trail of provenance - what if the signature sources are gone?
15:36:30 <olaf> tlr: that's an issue
15:36:51 <olaf> tlr: if the priv.key is public - everybody could have created the signatue
15:37:11 <Yolanda> i'm back paul, tnx
15:37:13 <JimM> only the public ey is needed to verify sigs, so the private key could be lost w/o causing trouble
15:38:04 <olaf> tlr: be prepared for these possibilities if you want reliable provenance information
15:38:31 <Yolanda> ack smiles
15:38:34 <pgroth> great
15:38:36 <Yolanda> ack mark
15:38:36 <tlr> It can get lost without causing trouble. It can't be disclosed without causing trouble. ;-)
15:40:13 <pgroth> that's why we need provenance, no?
15:40:25 <JimM> +1 :-)
15:41:18 <olaf> tlr: to trust provenance statements  a security system is required
15:41:49 <olaf> tlr: that system must be more complex
15:41:57 <tlr> s/must/will/
15:42:49 <JimM> identity of what?
15:42:59 <JimM> person or the thing being signed?
15:43:09 <pgroth> person
15:43:12 <olaf> pgroth: some sort of identity other than using signature
15:44:01 <JimM> signatures don't eally identify a person - it is their posession of something (key material in this case) that is the ID part
15:44:11 <olaf> tlr: other measures are possible
15:44:18 <JimM> signature is the way to bind that ID to this purpose applied to those bits
15:44:31 <olaf> tlr: but signature provides a binding that an attacker cannot game with
15:44:47 <JimM> for the latter purpose, there aren't many good options. 
15:45:12 <JimM> For ID, you can actually combine user/password, cryptocard, etc. with signatures to make managing them 'easier'
15:45:22 <pgroth> i guess then openid has this on the end
15:46:25 <olaf> JimM: signature is a binding mechanism - not aware of other good mechanisms
15:48:30 <olaf> tlr: openId let's me proof to another Website that I have access/conrol to another Web site
15:48:47 <pgroth> thanks!
15:49:22 <olaf> JimM: similar to grid authority mechanism
15:50:16 <olaf> Yolanda: Thomas please go through the use cases
15:50:19 <Yolanda> http://www.w3.org/2005/Incubator/prov/wiki/Security_issues_in_provenance_use_cases
15:50:48 <olaf> tlr: review? or discussion?
15:50:57 <olaf> Yolanda: 1st use case
15:51:24 <olaf> Yolanda: anonymized statements
15:52:19 <JimM> Shiboleth - an examle of an authority that will sign a statement about your qualifications w/o giving your name/all info known about you
15:53:01 <olaf> tlr: hash a string
15:53:08 <olaf> attach that hashed string to the message
15:53:20 <olaf> if someone wants you proof ownership
15:53:31 <olaf> tlr: show the string
15:55:31 <olaf> tlr: there is cryptography mechanisms that let's you do this
15:57:03 <olaf> Yolanda: is a notarization service differnt from ... ?
15:58:34 <olaf> tlr: these services may publish hashes of signatures and attach these to other signatures
15:58:44 <olaf> tlr: so that the chain cannot be broken easily
15:58:56 <Yolanda> q?
15:59:13 <pgroth> nope
15:59:16 <pgroth> that's from before
16:00:03 <DeborahMcG> DeborahMcG has joined #prov-xg
16:00:27 <Zakim> -??P5
16:00:56 <olaf> Yolanda: how to handle the issues that are raised?
16:02:51 <Zakim> -raphael
16:03:00 <Zakim> -Yolanda
16:03:00 <ivan> zakim, drop me
16:03:01 <Zakim> Ivan is being disconnected
16:03:01 <Zakim> -pmissier
16:03:01 <Zakim> -Ivan
16:03:02 <Zakim> -Thomas
16:03:02 <Zakim> -??P14
16:03:04 <Zakim> -smiles
16:03:04 <jcheney> jcheney has left #prov-xg
16:03:05 <Zakim> -JimM
16:03:07 <Zakim> -pgroth
16:03:07 <ivan> ivan has left #prov-xg
16:03:09 <Zakim> - +1.609.936.aahh
16:03:11 <Zakim> - +1.619.223.aaff
16:03:13 <Zakim> -michaelp
16:03:15 <Zakim> -Irini
16:03:17 <Zakim> - +1.518.608.aagg
16:03:19 <Zakim> -??P3
16:03:21 <Zakim> -olaf
16:03:23 <Zakim> -jcheney
16:03:25 <Zakim> -SamCoppens
16:03:27 <Zakim> INC_PROVXG()11:00AM has ended
16:03:29 <Zakim> Attendees were +49.308.937.aabb, pgroth, Yolanda, +49.300.aaee, raphael, Irini, olaf, smiles, Ivan, michaelp, SamCoppens, pmissier, +1.619.223.aaff, JimM, jcheney, Thomas,
16:03:32 <Zakim> ... +1.518.608.aagg, +1.609.936.aahh
16:04:34 <olaf> rrsagent, set log public
16:04:45 <olaf> rrsagent, draft minutes
16:04:45 <RRSAgent> I have made the request to generate http://www.w3.org/2010/05/07-prov-xg-minutes.html olaf
16:04:58 <olaf> trackbot, end telcon
16:04:58 <trackbot> Zakim, list attendees
16:04:58 <Zakim> sorry, trackbot, I don't know what conference this is
16:04:59 <trackbot> RRSAgent, please draft minutes
16:04:59 <RRSAgent> I have made the request to generate http://www.w3.org/2010/05/07-prov-xg-minutes.html trackbot
16:05:00 <trackbot> RRSAgent, bye
16:05:00 <RRSAgent> I see no action items