> On Thu, Jan 20, 2011 at 5:12 PM, chung <chvng at mail.ntua.gr> wrote:
> >   Dear All,
> >      After a meeting we had today with Nina, Martin and Andreas M. we
> >   arrived to a first approach to the use case of model validation against
> >   confidential data. The proposal is attached and seems to be a good
> >   basis for a first implementation. This will
> >   Best Regards,
> >   Pantelis
> 
> 
> Hello All,
> 
> I just had a discussion with Andreas K. on validation against
> confidential data, and he was a bit concerned about our use case. So
> before proceeding, I would like to outline two use cases and would
> like to here what people think. The first one might be the most
> obvious use case that we have to get done:
> 
> USE CASE
> * User has confidential data. He wants to use this data within the
> framework for building models (or use existing models), making predictions,
> and validation without letting someone else see the data.
> 
> Implementation within the framework:
> * Get the services working together, and get A&A up and running.
> * For paranoid users: install all services locally on your computer.
> 
> The second use case is the one Nina, Pantelis and I were working on yesterday:
> 
> USE CASE
> * User wants to perform a validation on someone elses confidential
> data. He has no access to the actual data, but should be able to
> initialize a validation. He gets the validation results/report
> returned, not the predictions of the model/s that were used. The owner
> of the confidential data has to grant access to the data for
> validation purposes (to certain users) beforehand.
> 
> Implementation within the framework:
> * See summary from Pantelis last email
> 
> I think we had a good discussion with nice ideas on how to solve this.
> My question is, do people think that the second use case is realistic
> and should be implemented?

My personal observations/opinions: 

I am not aware of any company/authority that would allow sensitive
information to pass their firewall. This is not a rational decision, but
lawyers and management simply wont allow it and I do not have the
impression that their mindset is going to change in the near future. 

So I would suggest not to invest too much time into fancy A&A solutions
(even if they make sense), because thy are not going to be accepted by
potential users.

The only solution thats accepted (and frequently requested) is an
in-house installation of programs and services. Making this process as
painfree as possible would give OpenTox much more acceptance than
sophisticated A&A which is rarely going to be used.

Best regards,
Christoph