See also: IRC log
<trackbot> Date: 01 August 2011
<jeffsayre> Who's on the phone
is there a URL web service URL for the irc channel?
<MacTed> Zakim. ??p16 is bergi
<MacTed> bblfish - by web service URL, do you mean a public web-served IRC client?
yes MacTed
if so could you please add a link from the wiki and post me the link to the wiki here
so I can give this to our guest speaker
<MacTed> this may work -- http://lists.w3.org/Archives/Public/public-semweb-lifesci/2008Aug/0038.html
<MacTed> (that page has details specific to a different group, but points out mibbit)
zaim, agenda?
<Francisco> Web site of NSTIC: http://www.nist.gov/nstic/
agendum next
+!
+!
+1
<jeffsayre> +1
<bergi> +1
<MacTed> +1
"National Strategy for Trusted Identities in Cyberspace"
and "Proposed NSTIC Architecture"
http://pomcor.com/whitepapers/ProposedNSTICArchitecture.pdf"
RESOLUTION: Minutes approved
pomcor is small research institution in San Diego (2 people)
Nascar was started in April 15th
RESOLUTION: Minutes approved
NSTIC started in April 20th is open to many people and was only $20 to participate
is trying to solve the password problem
next meeting is in September probable be September 19 in bay area
300 people at first meeting, 150 at MIT next meeting
francisco likes the emphasis on privacy at NSTIC
one should not be able to track the user
3 requirements of NSTIC
- should not be able to track the user form one session to the next
- should not be able to exchange information between Relying Party
(UProof Microsoft, IBM Idemix)
- different use cases of authentication require different types of trust. Many use cases require multiple credentials and multiple elves of trust
eg: going to buy wine at a wine merchants
needs 2 credentials:
- requires proof of age, without revealing date of brith
- credit card certificate (not sure what info is in the cert)
Other situation:
- your bank needs you id
- your social security number
(this is the bank scenario from the architecture)
There is also a part of the paper consider for session
and how one could use a public key there
The notion of a login certificate
so the notion of a personal data site
which would allow you to not have to re-enter the information in every site you log in
How much change to the browser is needed for this to be enabled?
Ie: what are the mechanisms
oops lost contact
zakim ??P3 is me
I am back
<gaedke> yes
<gaedke> discussion on idea: From the login button to cgi to tls connection
<gaedke> problem when does connection start
<gaedke> server has to ask client for tls connection (part of the handshake)
<gaedke> question to address - can we do this at any time or without changing the state of the art
<gaedke> one way could be breaking session on the server side (bblfish is working this)
<gaedke> another approach (as we are currently working on) would to take the power of the semantic web / FOAF - but this comes with privacy issues
<gaedke> interesting scenario: setting up a site for collaboration
<gaedke> requires to set all roles in the early beginning (has also privacy implications)
<gaedke> US citizen trust in US banks, French trust in in their banks etc. - for most banks this might be ok on a global scale, but not for all.
<gaedke> Scenario: Different groups trust different authorities
<gaedke> Question: Relying party takes social graph into account
<gaedke> So, authorities could define groups whom to trust (or whom they rate as trustworthy), just by setting up groups of URIs to these trusted parties
qiuestions?
<gaedke> Privacy is a main concern at the US approach. BUT Paper says if you have three attributes of someone - you can identify that person. Reference required (can someone add this please)
some paper says that yes
M$
I have lost connection
<gaedke> So, is privacy an issue that is possible to address at all?
someone ask a question
<gaedke> Question: how much privacy is possible - or is it just a topic to put on paper, but is not possible from the technological way
<gaedke> Approaches must be flexible for the different scenarios, including also different privacy aspects
<gaedke> scenario very close to privacy: Login. The login service does not need to know **where** you login
have you seen http://www.azarask.in/blog/post/identity-in-the-browser-firefox/
bergi?
<gaedke> different approaches for cookie / certificate / session handling. need to have a user-friendly approach that makes clear what identity the user is using
<jeffsayre> I must run to another meeting
<gaedke> tracking is difficult problem - need to discuss this in more detail
<gaedke> another approach: A Web Server integrated in every browser. Than you could address the certificate/attributes with a global namespace/URI http://myserver.in.the.browser.example.org
2 privacy enhanced protocol problems
UProof is trackable
(says Francisco)
<gaedke> same token used in multiple parties
Francisco: idemix has a different problem - it is not revocable by traditional means
more recent credentials … (lost connection)
oops can't get back in
<MacTed> we're over time -- may have to end
please say thanks from me
looks like one can't join the conf call after time
<gaedke> zakim unmute me
This is scribe.perl Revision: 1.136 of Date: 2011/05/12 12:01:43 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) No ScribeNick specified. Guessing ScribeNick: bblfish Inferring Scribes: bblfish WARNING: No "Present: ... " found! Possibly Present: Francisco Ie MacTed OpenLink_Software P16 P20 P3 Scenario aaaa aabb bblfish bergi eg gaedke jeffsayre joined trackbot webid You can indicate people for the Present list like this: <dbooth> Present: dbooth jonathan mary <dbooth> Present+ amy WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 01 Aug 2011 Guessing minutes URL: http://www.w3.org/2011/08/01-webid-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]