Subject RE: VO challenges - article
From "Jones, Mark B" <Mark.B.Jones@xxxxxxxxxxx>
Date Wed, 28 Oct 2015 14:08:03 +0000

I thought the argument was that there was no risk, just a lack of

> -----Original Message-----
> From: Warren Anderson [mailto:wganderson12@xxxxxxxxx]
> Sent: Wednesday, October 28, 2015 8:57 AM
> To: Tom Scavo <trscavo@xxxxxxxxxxxxx>
> Cc: Paul Caskey <pcaskey@xxxxxxxxxxxxx>; Nick Roy <nroy@xxxxxxxxxxxxx>;
> Jones, Mark B <Mark.B.Jones@xxxxxxxxxxx>; Cantor, Scott
> <cantor.2@xxxxxxx>; Niels van Dijk <niels.vandijk@xxxxxxxxxx>;
> refeds@xxxxxxxxxx
> Subject: Re: [refeds] VO challenges - article
> My guess is that I will have great difficulty accepting the risk in a way
> satisfies IdPOs, because my research VO is NOT a legal entity and cannot
> legally binding contracts itself. Which means that some institution that
> the research is going to have to sign it on behalf of SPs throughout the
> most of which are operated at other institutions. But that is almost the
> model to what we have now - some campus is accepting perceived risk
> by the actions of persons they have no control over or any real interest
> Or is there some other way for me to accept risk that would provide
> reassurances.
> On Oct 27, 2015, at 17:38 , Tom Scavo <trscavo@xxxxxxxxxxxxx> wrote:
> > On Tue, Oct 27, 2015 at 3:24 PM, Warren Anderson
> <wganderson12@xxxxxxxxx> wrote:
> >>
> >> So, is there something we can have the R&S SPs do to mitigate the
> risk?
> >
> > Yes, I think there is. The current model forces the IdP operator to
> > assume the risk but clearly the SP owner is the benefactor of
> > attribute release. It seems to me that the SP owner must *explicitly*
> > accept the risk of attribute release. That requires a different model,
> > I'm afraid.
> >
> > Tom

Attachment: smime.p7s
Description: S/MIME cryptographic signature