Christoph & All:
I would like to support this point strongly: IMHO it would be much more 
beneficial at this stage to invest in making local installations of 
OpenTox easier to carry out and well supported, than in too much effort 
on complicated A&A solutions, although we certainly keep working on the 
latter as an innovation development for the future.

It would be very helpful to hear opinions on the list, and challenges 
faced, on people who have started or who plan to start an OpenTox setup, 
and what they think they need from us as key enablers.

Barry

Am 21.01.2011 18:41, schrieb Christoph Helma:
>> On Thu, Jan 20, 2011 at 5:12 PM, chung<chvng at mail.ntua.gr>  wrote:
>>>    Dear All,
>>>       After a meeting we had today with Nina, Martin and Andreas M. we
>>>    arrived to a first approach to the use case of model validation against
>>>    confidential data. The proposal is attached and seems to be a good
>>>    basis for a first implementation. This will
>>>    Best Regards,
>>>    Pantelis
>>
>> Hello All,
>>
>> I just had a discussion with Andreas K. on validation against
>> confidential data, and he was a bit concerned about our use case. So
>> before proceeding, I would like to outline two use cases and would
>> like to here what people think. The first one might be the most
>> obvious use case that we have to get done:
>>
>> USE CASE
>> * User has confidential data. He wants to use this data within the
>> framework for building models (or use existing models), making predictions,
>> and validation without letting someone else see the data.
>>
>> Implementation within the framework:
>> * Get the services working together, and get A&A up and running.
>> * For paranoid users: install all services locally on your computer.
>>
>> The second use case is the one Nina, Pantelis and I were working on yesterday:
>>
>> USE CASE
>> * User wants to perform a validation on someone elses confidential
>> data. He has no access to the actual data, but should be able to
>> initialize a validation. He gets the validation results/report
>> returned, not the predictions of the model/s that were used. The owner
>> of the confidential data has to grant access to the data for
>> validation purposes (to certain users) beforehand.
>>
>> Implementation within the framework:
>> * See summary from Pantelis last email
>>
>> I think we had a good discussion with nice ideas on how to solve this.
>> My question is, do people think that the second use case is realistic
>> and should be implemented?
> My personal observations/opinions:
>
> I am not aware of any company/authority that would allow sensitive
> information to pass their firewall. This is not a rational decision, but
> lawyers and management simply wont allow it and I do not have the
> impression that their mindset is going to change in the near future.
>
> So I would suggest not to invest too much time into fancy A&A solutions
> (even if they make sense), because thy are not going to be accepted by
> potential users.
>
> The only solution thats accepted (and frequently requested) is an
> in-house installation of programs and services. Making this process as
> painfree as possible would give OpenTox much more acceptance than
> sophisticated A&A which is rarely going to be used.
>
> Best regards,
> Christoph
>
>
> _______________________________________________
> Development mailing list
> Development at opentox.org
> http://www.opentox.org/mailman/listinfo/development