[foaf-protocols] Fwd: W3C Provenance Incubator Group Final Report

Wed Dec 15 23:35:23 CET 2010

> I didn't like its explicit theory of trust, but I've never found trust 

> to be a tractable concept. Is best left as a conversational allusion. 

> Or, if one must, it's an implication of assurance theory. One can 

> speak of trustworthiness, however.

We're still right at the beginning of trust.  I think we can do some trust
with with WebID and FOAF over the course of 2011.  Maybe bootstrap some of
the existing tool chains too.

The use of the term "artifact" in the first sentence of the provenance paper
set my neurons into search mode for where else that term had been used, in a
trust setting. Perhaps read
http://cisr.nps.edu/downloads/04paper_subversion.pdf (where folks used
"artifice").

20 years ago, based on what folks learned in making secure *software*
systems for key distribution modules in what we would now call IPsec
modules, trust was the absence of the "threat of subversion" + the
application of multi-level security policies that labeled facts in such as
the triples model using the like of quads. This of course bind the labels
and enforce the labeling during inference.

3 things were required to ENGENDER [such] trust:-

personnel were cleared - NOT to have the formation or intellectual means to
conceive or inject advanced code for subversion (that may be triggered only
10 years after placement in the compiler's optimization algorithm, the
microcode's fetch execute cycle., the ISAKMP Kerberos module's reliance on
GSS-API plugin _binding processes_ when doing token generation..).

The highly-indoctrinated, not particular reflective design team should be
isolated in cleared facilities - with (a) little socialization with "normal
engineers" and (b) compartmentalization of the knowhow (think Colossus
design). The art of ensuring n or m insider collusions could not reveal X.
assuming they even had contact with outsider Y ..is of course the model of
anti-subversion itsel.

Apply multi-level security models (auyds with labels that is), that provide
for mandatory access controls (the opposite of https' "discretionary"
concept for civilian/web users).

So, in W3C land, if focused on systemic trust notions facing the web
community as a whole, one needs to get beyond mere provenance - and
characterize how the software (and its tool chain) are built in such a
cultural fashion that software itself is not the enemy of trust. Its by
introducing deviance in the computer science itself that one hides the
attack.

For the WebID concept, one MIGHT attach such trust studies to the incubation
agenda (to see if anyone cares enough to keep it around, for later phases of
work). This would be stating (to the security professional), WebIDs are not
just about IBAC (identity based access control), they are about letting
identity then support "trustworthy key management" - which *must* address
the threat of subversion.

Quite how one address the threat of subversion in classical web culture. I
don't know. Obviously, certain notions (such as cleared facilities, with
particular staffing) .go out the door. But. that's the challenge.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20101215/3caf9306/attachment-0001.htm 