Re: [Txauth] consensus call on WG name: "Authorization and Delegation"

[Dick Hardt <dick.hardt@gmail.com>]

Would you clarify if your concerns have been addressed?
ᐧ

On Fri, May 15, 2020 at 4:18 PM Justin Richer <jricher@mit.edu> wrote:

> Thank you for the clarification on the deadline and the voting process, as
> that was not clear in the initial thread.
>
> I appreciate and understand that we are not a voting organization, it's
> one of the core tenets of the IETF as you know. I hope that the chairs can
> continue to be transparent about all of the information that they use to
> call consensus.
>
> I'm sorry that the fact that I want a fair and clear process is confusing
> to you, though I'm not sure why. Every response and action I have taken
> here has been to that goal. I hope that you can assume good intentions.
>
> - Justin
> ________________________________________
> From: Dick Hardt [dick.hardt@gmail.com]
> Sent: Friday, May 15, 2020 7:02 PM
> To: Justin Richer
> Cc: txauth@ietf.org; rdd@cert.org
> Subject: Re: [Txauth] consensus call on WG name: "Authorization and
> Delegation"
>
> We are not going to make the May 18 deadline. My suggestion of
> "Authorization and Delegation" was a Hail Mary attempt to get consensus
> last minute.
>
> There was not consensus to use "transactional". As Roman stated, we are
> not voting, we are looking for rough consensus.
>
> Per your concern on the process, we are looking for consensus as Roman
> stated, not a majority of votes.
>
> wrt. the votes, I was proposing that people would state their preference
> (1st, 2nd, 3rd), not equal votes (top 3 choices)
>
> Your last comment is confusing given your recent posts.
>
> Have your concerns been addressed?
>
> On Fri, May 15, 2020 at 3:50 PM Justin Richer <jricher@mit.edu<mailto:
> jricher@mit.edu>> wrote:
> I have a concern about the short timeframe needed here, which, as I
> understand it, would require getting everyone to participate over the
> weekend in order to get results in time - the original deadline given was
> Monday May 18. I fear that the timing will make people miss it entirely and
> we will not get a representative sample of the group.
>
> As an aside, I'm also concerned that you would discount the results below
> when the decision to not use "transactional" was a much, much smaller
> sample and margin. And yet that decision seems set and done, since it was
> excluded from the poll options entirely.
>
> I'm also concerned that the process outlined is not fully specified. If we
> are going to do this, I would like to know more about the voting process
> proposed in 3, specifically what the timing will be and how votes will be
> counted. Is this a preference system, where order matters, or is it three
> equal votes per person? I think these things need to be clear before anyone
> submits feedback.
>
> More than anyone, I want this process to be fair and representative. I am
> eager to get on to the real work because I think we have an opportunity to
> make major steps forward for application security on the internet.
>
>  - Justin
> ________________________________________
> From: Dick Hardt [dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>]
> Sent: Friday, May 15, 2020 6:20 PM
> To: Justin Richer
> Cc: txauth@ietf.org<mailto:txauth@ietf.org>; rdd@cert.org<mailto:
> rdd@cert.org>
> Subject: Re: [Txauth] consensus call on WG name: "Authorization and
> Delegation"
>
> Justin: are you saying you have concerns with [3]? Do you have an
> alternative proposal?
>
> FWIW: if the actual results had been what you posted below, I would have
> rerun the poll with less dots per person to see if we would get to have
> rough consensus on one name. I would not consider those results below to be
> consensus.
>
> Additionally, with the significantly larger number of voters compared to
> previous votes, and the large number that all voted the same, together
> indicated the poll was being gamed. It is not possible to know which votes
> where legit, and which were not, which is why the conclusion was to call
> the poll spoiled.
>
>
>
> [
> https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]ᐧ
> <https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]%E1%90%A7>
> <
> https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]%E1%90%A7
> >
>
> On Fri, May 15, 2020 at 3:02 PM Justin Richer <jricher@mit.edu<mailto:
> jricher@mit.edu><mailto:jricher@mit.edu<mailto:jricher@mit.edu>>> wrote:
> Thanks for the transparency, Roman. And thanks to Dick for providing the
> logs.
>
> I did a quick analysis of the results myself. I went through cleaned up
> the log file a little (there were some mixed spaces and tabs that made
> automatic parsing difficult) and disambiguated the several expansions of
> different names:
>
> TXAuth1: Truly eXtensible Authorization
> TXAuth2: Testable eXtensible Authorization
> TxAuth3: Transmission of Authority
> TIDYAuth1: Transference via Intent Driven Yield Auth
> TIDYAuth2: Trust via Intent Driven Yield Auth
>
> By removing every entry where all five points were awarded to TxAuth:
> Transmission of Authority, and tallying all others (including votes for
> other entries that had all five points awarded by one voter but to a
> different option), we get the following results:
>
> Totals:
> TxAuth3: 42
> TXAuth1: 25
> GNAP: 20
> PAuthZ: 19
> TXAuth2: 12
> TINOA: 9
> TIDYauth2: 8
> CTAP: 7
> NIRAD: 6
> ZAuthZ: 6
> GranPro: 4
> TIAAP: 4
> AZARAP: 4
> TIDYauth1: 3
> ReAuthZ: 3
> DIYAuthZ: 3
> IDPAuthZ: 2
> TIDEAuth: 2
> TIEAuth: 2
> RefAuthZ: 2
> BeBAuthZ: 2
> AZARP: 1
> DAZARAP: 1
> AAuthZ: 1
> BYOAuthZ: 1
> CPAAP: 1
>
> As you can see, the winner of the poll is :still: overwhelmingly
> “Transmission of Authority”, even with all of these entries removed. I’ll
> note that this does not include the last seven votes that came in the last
> couple days, so these results are skewed even then.
>
> To be clear, I don’t think it’s fair to throw out all such votes, but
> since they are what’s suspect here I felt it important to see the results
> just those removed and see if it told a different story. It does not, and I
> think that indicates the consensus is actually still pretty clear.
>
> I am attaching both the cleaned-up log file as well as the quick python
> script that I wrote to do the analysis of the results, please check for any
> errors or inconsistencies.
>
>  — Justin
>
>
> On May 15, 2020, at 5:46 PM, Roman Danyliw <rdd@cert.org<mailto:
> rdd@cert.org><mailto:rdd@cert.org<mailto:rdd@cert.org>>> wrote:
>
> Hi!
>
> Full transparency here -- the chairs definitely consulted me with their
> concerns about the poll and with the logs before announcing the results
> [1].  I re-reviewed the logs [2].  It shows around vote #16 – 41, there is
> a number of entries where all votes assigned to a single choice (“TxAuth
> Transmission of Authority: 5”).  Observations (by Dick) of the incoming
> results, pinned these votes in a narrow time window.  Likewise, most of all
> of the other entries split their 5 ballots.  Could that be overwhelming
> support in the community?  Absolutely!  However, the lack of precise
> timestamps and IPs makes it hard to judge in this non-traditional scenario
> for selecting names.
>
> We’re going to have to live with this choice – names matter – and I don’t
> want any sense of skew to linger.  We tried an experiment using a tech that
> allows anonymous input (i.e., Decido) – it didn’t work (no fault of the
> tech).  Let’s do it the old fashion way on the mailing list.  If you have
> objections to [3], please raise your concern.
>
> We’re not in the voting business.  If we end up with two options that are
> “close”, we’re going to talk a little more.  Prior to final selection, WG
> chairs and I will also listen for objections to the name that the mailing
> list feedback suggested.
>
> I appreciate everyone patience.  I too would like to have a name chosen so
> we can get the charter advanced.  However, we’re going to do this name
> selection again so we can all have confidence in the process.
>
> Regards,
> Roman
>
> [1]
> https://mailarchive.ietf.org/arch/msg/txauth/sDG3PJI2FHbeGefW8OqJP1NNqLU/
> [2]
> https://mailarchive.ietf.org/arch/msg/txauth/0BjvqbFk-K3MCqcx388etFzFPz8/
> [3]
> https://mailarchive.ietf.org/arch/msg/txauth/2_oF41Zbfj_-qkkLXo7HwLnMk68/
>
> From: Dick Hardt <dick.hardt@gmail.com<mailto:dick.hardt@gmail.com
> ><mailto:dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>>>
> Sent: Friday, May 15, 2020 5:04 PM
> To: Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu><mailto:
> jricher@mit.edu<mailto:jricher@mit.edu>>>
> Cc: txauth@ietf.org<mailto:txauth@ietf.org><mailto:txauth@ietf.org<mailto:
> txauth@ietf.org>>; Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org
> ><mailto:rdd@cert.org<mailto:rdd@cert.org>>>
> Subject: Re: [Txauth] consensus call on WG name: "Authorization and
> Delegation"
>
> Justin: if you have a concern with how I am chairing the group, the
> appropriate action would be to bring it up with the AD (cc'ed). FYI: I had
> forwarded the log and my conclusions to Roman, and he had agreed that the
> poll had been gamed.
>
> As to my proposal of "Authorization and Delegation", I took the name you
> had proposed, and removed the adjective that people had found concerning. I
> was hoping that a bland name would be acceptable and we could move on to
> the actual work -- but that does not seem to be the case.
>
>
> On Fri, May 15, 2020 at 1:16 PM Justin Richer <jricher@mit.edu<mailto:
> jricher@mit.edu><mailto:jricher@mit.edu<mailto:jricher@mit.edu>>> wrote:
> -1
>
> I think the results of the poll were pretty conclusive and it’s not an act
> of good faith for the chair to propose a poll and then throw out the
> results of that same poll and go with something of their own choosing
> instead.
>
> How are you sure that it’s one person stuffing the ballot box? For my
> part, I put two dots on the winning title and one dot each of three others.
> I had a couple different people contact me off-list and told me they’d put
> their five dots on Transmission of Authority. So I think it’s reasonable to
> believe that’s the actual result, without examining the logs myself.
>
>  — Justin
>
> > On May 15, 2020, at 2:21 PM, Dick Hardt <dick.hardt@gmail.com<mailto:
> dick.hardt@gmail.com><mailto:dick.hardt@gmail.com<mailto:
> dick.hardt@gmail.com>>> wrote:
> >
> > Following on from my email wrt. the results of voting, please indicate
> if you are aligned with calling the working group the "Authorization and
> Delegation" working group with a +1 or -1.
> > --
> > Txauth mailing list
> > Txauth@ietf.org<mailto:Txauth@ietf.org><mailto:Txauth@ietf.org<mailto:
> Txauth@ietf.org>>
> > https://www.ietf.org/mailman/listinfo/txauth
>
> [
> https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=987b7021-db43-4340-b683-c6fa9c372681]ᐧ
> <https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=987b7021-db43-4340-b683-c6fa9c372681]%E1%90%A7>
>