On 21 January 2011 19:41, Christoph Helma <helma at in-silico.ch> wrote:

>
> > On Thu, Jan 20, 2011 at 5:12 PM, chung <chvng at mail.ntua.gr> wrote:
> > >   Dear All,
> > >      After a meeting we had today with Nina, Martin and Andreas M. we
> > >   arrived to a first approach to the use case of model validation
> against
> > >   confidential data. The proposal is attached and seems to be a good
> > >   basis for a first implementation. This will
> > >   Best Regards,
> > >   Pantelis
> >
> >
> > Hello All,
> >
> > I just had a discussion with Andreas K. on validation against
> > confidential data, and he was a bit concerned about our use case. So
> > before proceeding, I would like to outline two use cases and would
> > like to here what people think. The first one might be the most
> > obvious use case that we have to get done:
> >
> > USE CASE
> > * User has confidential data. He wants to use this data within the
> > framework for building models (or use existing models), making
> predictions,
> > and validation without letting someone else see the data.
> >
> > Implementation within the framework:
> > * Get the services working together, and get A&A up and running.
> > * For paranoid users: install all services locally on your computer.
> >
> > The second use case is the one Nina, Pantelis and I were working on
> yesterday:
> >
> > USE CASE
> > * User wants to perform a validation on someone elses confidential
> > data. He has no access to the actual data, but should be able to
> > initialize a validation. He gets the validation results/report
> > returned, not the predictions of the model/s that were used. The owner
> > of the confidential data has to grant access to the data for
> > validation purposes (to certain users) beforehand.
> >
> > Implementation within the framework:
> > * See summary from Pantelis last email
> >
> > I think we had a good discussion with nice ideas on how to solve this.
> > My question is, do people think that the second use case is realistic
> > and should be implemented?
>
> My personal observations/opinions:
>
> I am not aware of any company/authority that would allow sensitive
> information to pass their firewall. This is not a rational decision, but
> lawyers and management simply wont allow it and I do not have the
> impression that their mindset is going to change in the near future.
>
> So I would suggest not to invest too much time into fancy A&A solutions
> (even if they make sense), because thy are not going to be accepted by
> potential users.
>
> The only solution thats accepted (and frequently requested) is an
> in-house installation of programs and services. Making this process as
> painfree as possible would give OpenTox much more acceptance than
> sophisticated A&A which is rarely going to be used.
>


I agree a local installation would be the most acceptable solution. We can
leave the second use case as purely theoretical construct and include the
description & figures in the final document , without investing time into
implementation.

Best regards,
Nina


>
> Best regards,
> Christoph
>
> _______________________________________________
> Development mailing list
> Development at opentox.org
> http://www.opentox.org/mailman/listinfo/development
>
>