> -----Original Message-----
> From: Moonshot community list [mailto:MOONSHOT-
> [log in to unmask]] On Behalf Of Josh Howlett
> Sent: Saturday, February 16, 2013 2:04 PM
> To: [log in to unmask]
> Subject: Re: It's Trust Routers all the way down: obtaining RADSEC
credentials
> for TRs and TIDRs
>
> >
> > Jim> I have decided that while I have a good idea of what a COR is
> > Jim> (but not necessarily what you had previously labeled as one), I
> > Jim> have absolutely no idea what the actual definition of an APC
> > Jim> is. Please tell me the difference between an APC and a
> > Jim> federation.
> >
> >Thinking of an APC as a federation is not entirely wrong. I could
> >imagine a federation operating two APCs at different levels of
> >assurance. I think of a federation as a legal entity like thing and as
> >an APC as a business/technical entity belonging to a federation. Josh
> >would certainly argue I'm over-simplifying and urge we never use the
> >term federation.
>
> My problem with the F word is that it is hopelessly overloaded, and this
results
> in confusion.
My problem with the APC is that it is hopelessly underloaded, and this
results in confusion.
>
> The 'technical' and 'behavioural' trust distinction is well-known (where
> 'technical trust' refers to the classic security assurances from which we
derive
> a level of confidence in that we know who we're talking to and that our
> communications are secure and so forth; and 'behavioural' trust relates to
our
> expectations of how the other party is likely to behave, e.g., we have
this
> contract in place with certain promises).
>
> The APC (a.k.a. CoR) and CoI are terms that describes operational
> instantiations of these, respectively. There may be legal entities
associated
> with these, but this is clearly not a technical requirement.
This statement seems to imply that an APC is 'technical' and a COI is
'behavioral' is that what you want to say? This is not something that I
remember seeing in the past.
>
> To put this more tangibly, in the short term I suspect that Janet is
likely to
> operate a single APC (making technical trust assertions about the
> organisations that connect to us) and possibly a small number of CoIs
(making
> broad statements such as, e.g., this is a university or a school).
> I believe that the overwhelming majority of CoIs will be operated by other
> actors (research projects, service providers, etc), either through our
managed
> service or Trust Routers that they choose to operate themselves.
In the terms that Sam is using are you expecting people to run these Trust
Routers in separate APCs or just separate APC realms?
>
> What is particularly satisfying about the 'all the way down' validation,
which
> started this thread, is that it demonstrates that an APC is 'just' a very
terse CoI.
> And from this singularity we construct a rather rich system... At least in
theory,
> running code in a few weeks :-)
Now you have me even more confused about what the difference between an APC
and a COI is. Here you are implying that an APC is a subset of a COI which
would be a surprise to me.
Jim
>
> HTH, Josh.
>
>
> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-
> profit company which is registered in England under No. 2881024 and whose
> Registered Office is at Lumen House, Library Avenue, Harwell Oxford,
Didcot,
> Oxfordshire. OX11 0SG. VAT No. 614944238
|
