Michael,
During the Ontology Summit 2015 brainstorming session last Thursday, and as you noted briefly at 10:05 in the chat extract below, I verbally made a proposal for a Summit topic addressing what I see as the opportunities for ontology in the elaboration of the White House’s NSTIC strategy. Ontology could be the key to a grand NSTIC success, while NSTIC opens enormous scope for applied ontology. I promised to set out the case more systematically to this list, so here is a first instalment, starting to build up to a motivation for inclusion of the topic in Summit 2015. As the subject-line above implies, there is a lot more to the proposal than “mere” NSTIC. So the practicality of the proposal is a major theme in what follows.
The immediate context is the unsnipped remainder below of the brainstorming session chat that you sent out, with some postscripta from me:
Chat transcript from room: summit_20141009
2014-10-09 GMT-08:00
[09:27] MichaelGruninger: Welcome everyone to the Ontology Summit 2015 Community Brainstorming Session!
[snip]
[10:05] MichaelGruninger: ChristopherSpottiswoode: Possible topic related to the activities of the National Strategy for Trusted Identities in Cyberspace
[10:06] Mark Underwood1: http://www.nist.gov/nstic/
[snip]
[10:10] Ram D. Sriram1: Here is a link to an animated video of NSTIC: http://www.nist.gov/nstic/animation.html
[10:10] Mark Underwood1: https://www.idecosystem.org/
[CS postscript:] Some further links:
The original NSTIC founding document of 2011: http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf
A recent introduction: http://www.c-span.org/video/?321145-1/communicators-jeremy-grant
[snip]
[10:11] Ram D. Sriram1: Regarding NSTIC, I think you might want a more general topic about the role of ontologies in privacy and cybersecurity. Not clear whether we can get enough people to take about this.
[CS postscript:] Ram, yes indeed, I agree on the more general topic, as you will see throughout what follows. I may however assert once again that NSTIC/IDESG would stand to gain to a critical degree from a Summit deliverable as proposed here. The opening paragraph above qualified the anticipated effect as “key”. But the present proposal does not yet have the kind of maturity they and the market are looking for right now. Moreover, they are at present too preoccupied with short-term objectives for me to want to disturb them to the degree needed, though the ball is in my court at the moment. However, after several interactions and collaborations with them, at least some of them are well aware of my work and its potential value in an identity ecosystem. Hence my initiative here, working towards better preparedness and communicability later.
[snip]
[10:40] MichaelGruninger: There seem to be four possible topics that have emerged from the discussion so far: 1) Applied Ontology Body of Knowledge; 2) Internet of Things; 3) Sociotechnical Aspects of Applied Ontology; 4) Artefacts
[snip]
[10:43] MichaelGruninger: Decision: Identify one or two champions for each of the above potential topics. We will have a follow-up meeting sometime in November to select the topic
[10:44] MichaelGruninger: so that the Org Committee has time to prepare for the Pre-launch in december
[10:44] MichaelGruninger: 1) Applied Ontology Body of Knowledge. Champions: MatthewWest and KenBaclwaski
[10:45] MichaelGruninger: 2) Internet of Things. Champions: MarkUnderwood and RamSriram and JoelBender
[10:47] MichaelGruninger: 3) Sociotechnical Aspects of Applied Ontology. Champions: TerryLongstreth, ChristopherSpottiswoode
[snip]
[10:48] MichaelGruninger: 4) Artefacts. Champions: LeoObrst
[10:50] LeoObrst: I'm also interested in topic (1)and (2).
[snip]
[10:53] MichaelGruninger: Next meeting on November 6, 2014. Objective of this meeting will be the final selection of the Ontology Summit 2015 theme
[10:53] MichaelGruninger: We will also identify the Organizing Committee at that time
[CS postscript:] The entire NSTIC-related proposal fits comfortably within topic 3. Almost any other subject within topic 3 would benefit from this proposal’s perspectives, as I look forward to being able to show. Further, and as I mentioned during the session, topic 2 on IoT has core needs on the identity and access control fronts that this proposal addresses too. And this proposal has many fascinating implications re abstract artefacts, their emergence, use and supersession, including relevant archiving, which could be of interest to topic 4. Finally, the archiving-with-context facilities, which as you will see are rather core to the envisioned platform, could be of great help to any designer and deployer of topic 1’s BoK deliverables.
Brief introduction to the main points, with only points 1 and 2 started in this post (more instalments to follow):
1. If the NSTIC is to achieve its goals, Information System (IS) security urgently needs a revamp. It would follow from an appropriate conception of ontology, presented as a “minor tweak” of it in the NSTIC Security Working Group chat quoted below.
2. But such a revamp would also imply an ontology-based revamp of Software Engineering (SE). Hence the subject-line of this post. The point of departure here is a Pat Hayes talk from 2011, most relevantly on identity, asking why something so simple as “same as” is so hard.
3. The resolution of that hard issue (and enabler of Trusted Identities with privacy) lies in the socially-evolving hence always imperfect nature of knowledge. Hence the relevance to Social Apps, as also noted in the subject-line. The NSTIC-envisioned Identity Ecosystem (in its more evolved future form) will be a core aspect of that social scene. This is our inescapable world of the “bounded rationality” or situation- and context-dependence of economic and social actors.
4. Fortunately, there is a nicely-coherent collection of patterns and anti-patterns for our addressing and stepwise transcending of such imperfections. Bizarrely though understandably and usefully, they were collected millennia ago by Homer in the form of his Odyssey as a whole, as appropriate demythologization shows so accessibly. The epic poem’s venerable origins underscore the enduring quality and ubiquitous applicability of The (Homeric) Mainstream of our never-ending but ever-enticing joint conceptual simplification of our given complexity. (Hint: Homer is a fresher read on Being and Logos than all later philosophy!)
5. Those patterns’ modern realization will I expect be something not very unlike “Ontology Chemistry”, a proposed Software Engineering mechanism for architecting ontological components and fluently composing applications. The design of architecture and mechanism is naturally suited to the people-driven openness, scale and complexity of cyberspace and our lives in it. There are however a number of areas in the architecture and its fully scalable realization that call for the contributions of logicians and formal analysts. (The market bootstrapping product I have been working on is very much a product of a plain IS developer!)
6. The mechanism’s deployment would impressively facilitate identity management, privacy, access control, system resilience and other qualities core to NSTIC, so its credible prospect could soon put all NSTIC-related work on the right track for qualitatively better deliverables.
7. There is a practical, stepwise, migration path from the present towards the new dispensation envisioned. The free market may be expected to embark on it enthusiastically, as it will be more effective, practical, attractive and yet clearer than presently available alternatives.
8. I suggest that the Summit could usefully analyze the above plan, refine and elaborate it, and quite possibly be the catalyst in its eventual realization in the wild. A formal or informal Grand Challenge, for example, from the Summit could be the requisite impetus for such a transformation of Software Engineering, Information Systems and much future social activity. I reassure that I claim no IPR in any of this work. It will all be seen to be very Mainstream, in due course at least. The market will gradually either reject or reform and absorb all presently dominant “mainstreams”, for an inclusive and attractive, genuinely democratic future.
9. But if it is all so Mainstream, why has all the above not already taken place? Is the picture not a mere gleam in my seriously deluded eye? Some largely ad hominen SWOT analysis is offered in respect of myself. But at this stage, for this programmer on the ground, working in a bottom-up way, the top-down applicability of the Homeric epistemology and ontology is already proof enough of its well-foundedness and guarantee of its wide practicality. That will I hope become clear from point 4, on the usefully coherent unity of The (Homeric) Mainstream.
1. Information System (IS) security urgently needing a revamp
To set the scene, here is an extract from the chat at the Security Working Group meeting at the IDESG’s 3rd Plenary meeting held in Phoenix in February 2013 (at which I was one of the remote attendees, hence the UTC+2 times shown). It was my first non-trivial contribution to IDESG activities.
[18:09] ChristopherSpottiswoode: Here is a slightly amplified version of the proposal I have submitted for a Birds of a Feather session tomorrow:
[18:09] ChristopherSpottiswoode: Are the highly admirable NSTIC plans for identity not ignoring an elephant in the room?
The monstrous lack of reliable security in systems- and application-programming maybe needs to be sorted out before identity and privacy can be tackled on a comprehensive basis? For example, do present software architectures make it practical on the Internet to deeply implement the principle of least privilege? Or, how manageable and reliable are ACLs in the dynamic Internet environment? To summarize, there would still be plenty dangers after a malicious user, such as a man-in-the-middle or a spearphisher, or a dumb bona fide user, with an IDESG credential has stepped through the authentication door.
My take on that whole scene is that some quite easy but key tweaks to the notion of IS ontologies can enable a comprehensive component, system and application architecture that is at once epistemologically appropriate, industrial-strength RAD, and practically deployable. A surprisingly small project of the right kind could soon have that elephant fade away and make way for the realization of the NSTIC ideals. I am busy setting up a new website arguing for just such a project. I'll keep this list posted. But does the above, as it stands, make any sense to you?
[18:15] Charles Palmer (IBM): I agree with your thesis Christopher. However, some of us have been saying similar things for years ... start with a secure foundation, a "secure place to stand", before investing in all the higher level security capabilities. Perhaps due to market forces (which will work against a thorough certification regime like CC) and the vast existing base, these ideas have gone mostly unheeded.
[18:19] Charles Palmer (IBM): But I do agree with the "reliable systems" first approach, since improved reliability enables improved security.
[18:19] ChristopherSpottiswoode: Sure, Charles, legacy apps, data and mindsets would seem a problem. So maybe I should open on that subject by commenting that "Ride The Mainstream!" has been the slogan of this project since its outset.
[18:21] Charles Palmer (IBM): Indeed, and it is that same tide that will work against anything like CC for identity, which impacts time to market, product cycles, etc.
[18:21] ChristopherSpottiswoode: It's not just "reliable systems", it's more fundamental: it's a matter of the appropriate component and system architecture first.
[18:24] Charles Palmer (IBM): agreed
[End of chat extract].
As you can see on http://researcher.watson.ibm.com/researcher/view.php?person=us-ccpalmer, Charles Palmer seems outstandingly well qualified to comment on such matters.
2. The ontology-based revamp of Software Engineering
Pat Hayes in 2011 gave a talk entitled “On being the same as.” See http://www.udcds.com/seminar/2011/media/slides/UDCSeminar2011_PatrickHayes.pdf. (Thank you, Simon Spero, for pointing us to it, and to the recording of the talk itself, in an Ontolog Forum post now archived at http://ontolog.cim3.net/forum/ontolog-forum/2013-02/msg00050.html). The talk is subtitled “why something so simple is so hard.” And indeed, Pat does put his finger on a serious problem for machine inference in a variegated world with supposed equivalences between frames of reference.
Such a question might at first seem too abstruse to be relevant to software engineering. But here it represents the key opportunity for “The Mainstream Architecture for Common Knowledge” (TMA), that is the framework of this proposal. At the end of the talk Pat himself makes a good move in the right direction: the many non-SameAs identities for the “same thing” correspond to respective contexts.
But Pat has long chided those who try to exploit that concept for the inadequate definitions of context that they come up with. For example, in July 2013 on the Ontolog Forum, now archived at http://ontolog.cim3.net/forum/ontolog-forum/2013-07/msg00108.html, Hans Polzer put in one of his usual good pleas for building more on context. Its final sentence was:
[HP:] So the first order of business should be an ontology for describing context and scope assumptions.
Pat responded with characteristic brevity:
[PH:] And the trouble with *that* idea is, there are as many distinct notions of
"context" as there are people saying that we need to describe contexts.
The TMA notion of context was briefly introduced in my incomplete “MACK Basics” series of posts to the Ontolog Forum in Feb-April 2008 (“MACK” being the old name for TMA), in the 4th instalment now archived at http://ontolog.cim3.net/forum/ontolog-forum/2008-04/msg00109.html, with links to the prior instalments.
The 2nd instalment elicited discussion with Pat Hayes very much reminiscent of his 2011 talk re SameAs, and per-context identity - or personas! - is the gist of the resolution. Hence also great relevance to NSTIC issues, including basic prerequisites such as privacy and The Principle of Least Privilege that are at present so neglected by current architectures.
That final point coincidentally fits in nicely with Ram Sriram’s suggestion, at 10:11 in the chat transcript that made up my point 1 above, for a topic on “the role of ontologies in privacy and cybersecurity.” And indeed, the 2nd instalment was already in 2008, long prior to the 2011 launch of NSTIC, building up explicitly to the requisite qualities, promising:
“to address all aspects of application development within the business and general administrative world, and in an industrial-strength way despite vexed issues such as identity, privacy, security, data integrity, processing correctness and application resilience and evolvability in general.”
The above is already too much for a single post, so I’ll drop this in your laps while I prepare some more material, including on how developments after those 2008 posts have greatly confirmed their direction, from both theoretical and practical points of view. My plan is set out in the 9 points listed above, but I would be delighted to alter it in response to any feedback from you at this point. (Meanwhile please do remember that I will be addressing the issues of point 9!)
Thank you.
Christopher