Hi Martin, All,

On 21 January 2011 15:30, Martin Guetlein <martin.guetlein at googlemail.com>wrote:

> On Thu, Jan 20, 2011 at 5:12 PM, chung <chvng at mail.ntua.gr> wrote:
> >   Dear All,
> >      After a meeting we had today with Nina, Martin and Andreas M. we
> >   arrived to a first approach to the use case of model validation against
> >   confidential data. The proposal is attached and seems to be a good
> >   basis for a first implementation. This will
> >   Best Regards,
> >   Pantelis
>
>
> Hello All,
>
> I just had a discussion with Andreas K. on validation against
> confidential data, and he was a bit concerned about our use case. So
> before proceeding, I would like to outline two use cases and would
> like to here what people think. The first one might be the most
> obvious use case that we have to get done:
>
> USE CASE
> * User has confidential data. He wants to use this data within the
> framework for building models (or use existing models), making predictions,
> and validation without letting someone else see the data.
>
> Implementation within the framework:
> * Get the services working together, and get A&A up and running.
> * For paranoid users: install all services locally on your computer.
>
> The second use case is the one Nina, Pantelis and I were working on
> yesterday:
>
> USE CASE
> * User wants to perform a validation on someone elses confidential
> data. He has no access to the actual data, but should be able to
> initialize a validation. He gets the validation results/report
> returned, not the predictions of the model/s that were used. The owner
> of the confidential data has to grant access to the data for
> validation purposes (to certain users) beforehand.
>
> Implementation within the framework:
> * See summary from Pantelis last email
>
> I think we had a good discussion with nice ideas on how to solve this.
> My question is, do people think that the second use case is realistic
> and should be implemented?
>


There are two questions here :)

1) Yes I think it is quite realistic, and may show the added value of the
framework .
One can typically  find models published without accompanying data,
referring to confidential database within a company. It is practically
impossible nowadays to validate such models, unless one signs some form of
NDA and gain access to the data.

This is what is our second use case - the proxy server acts as a trusted
intermediate to access the data, do the calculations and get the report
back, without revealing the data. So OpenTox may claim providing automatic
solution for this case.

2) Whether it should be implemented - it depends on the resources/priorities
and whether we consider implementing the first case only, is sufficient for
the deliverable.  In any way, I would say it will be valuable at least
describing this second case and the potential solution (via proxy service or
some other solution).

Best regards,
Nina


> Best regards,
> Martin
>
>
>
>
> >   PS. doc file also attached for backwards compatibility with deprecated
> >   software.
> >
> > _______________________________________________
> > Development mailing list
> > Development at opentox.org
> > http://www.opentox.org/mailman/listinfo/development
> >
> >
>
>
>
> --
> Dipl-Inf. Martin Gütlein
> Phone:
> +49 (0)761 203 8442 (office)
> +49 (0)177 623 9499 (mobile)
> Email:
> guetlein at informatik.uni-freiburg.de
> _______________________________________________
> Development mailing list
> Development at opentox.org
> http://www.opentox.org/mailman/listinfo/development
>