Windows LiveWindows Live
 
 
Jean-Michel's profileIt's all about Groove Bo...PhotosBlogLists Tools Help

Blog
    August 18

    Trust - P2P - Invitation Process

     
     
    In my previous post, I was speaking about an "invitation process" without describing it clearly. You will find below in quotes Mark Ryan's way to present it. In green, you will find my comment(s).
     

    "

    Groove invitations are more than you think!  If the person you are inviting is not a known "Groover" to you what actually happens is an exchange of credentials and a "three way handshake" so you can bi-directionally authenticate each other.  Also it is worthwhile to remember that while the new member is getting the workspace the invitor and the invitee must be on line at the same time - so IM or pick up the phone!!

     

    Here's some more minutiae:

     

    Inviting someone to a workspace

    To invite someone to a workspace:

    1.        Go to the workspace.

      2.     In the Workspace Members panel, enter the name or e-mail address of the recipient in the Invite to Workspace box.

    Invitation addressing details: When you a type a name, Groove searches for a Groove contact that matches the letters you're typing. You can also select  a contact from the drop-down menu, which includes all Groove contacts recognized by your account: this includes contacts you've added to your personal list in the Launchbar, as well as contacts who are members of other workspaces.

    If Groove can't find a match for the name you type, you're prompted to search for the contact.

    Click More to see more options for adding or finding recipients in the Add Recipients dialog box.

      3.     Click Go to open the Send Invitation dialog box.

    4.     Assign a role to the recipient(s) from the drop-down list.

    If you are inviting multiple contacts and want to assign different roles, you must send separate invitations per role.

    In addition, unless you're a Manager in the workspace, you can only assign invitees the same role assigned to you (Participants assign the role of "Participant" and Guests assign the role of "Guest").  This is an important concept on which I will come later on.

      5.     If you want to confirm the invitees' invitation acceptance, check Require acceptance confirmation.

     Note: This feature is automatically enabled for all invitations sent via e-mail.

     6.      Add message text if desired.

     7.      Click Invite to send the invitation.

    Groove does the following depending on the type of recipient(s) you selected:

    • For Groove contacts, Groove sends the invitation as a Groove message.
    • For e-mail addresses, Groove sends the invitation via Microsoft Outlook as an e-mail message with a file attachment.

    The message contains instructions both for people who already have Groove, and for those who don't. People who already have Groove click a link in the message that opens the invitation. People who don't have Groove click a different link that goes to the Groove download page. Once an e-mail recipient installs and starts up Groove, the workspace invitation should open automatically. If the invitation fails to open automatically, the recipient can return to the e-mail message and open the file attachment to respond to the invitation.

    All invitations sent via e-mail require the sender to confirm acceptance before the workspace is sent to the recipient's computer.

    Note: If you don't have a Microsoft Outlook e-mail client, a message displays informing you that you cannot send the invitation using this feature. The message describes an alternative e-mail invitation process, which is to copy the invitation to the clipboard and then paste it into another e-mail or messaging client.

    You can also start the invitation process from any workspace list. Select the workspace and click Invite to Workspace in the Common Tasks pane to open the Send Invitation dialog box.

    Invitation alerts

    When you send an invitation, Groove keeps you informed about its progress by posting alerts.

    Note: For e-mail recipients, you don't see progress alerts until they open file attachment. From the table below, the first alert you might see is "Inviting Invitee": Opened, waiting for reply..."

    The table below summarizes the invitation progress alerts:

     

    Notification

    Meaning

    Inviting "Invitee": Waiting to send...

    Groove cannot yet send the invitation. The sender's computer may be offline or may not currently have a live network or relay service connection.

    Inviting "Invitee": Sending, % complete...

    Groove is sending the invitation either to the invitee's computer or to the relay service (if the invitee's computer is offline).

    Inviting "Invitee": Sent, waiting for delivery...

    The invitation left the sender's computer and will get delivered if the invitee is online. If the invitee is offline, the invitation is routed to the relay service.

    Inviting "Invitee": Delivered, waiting for invitee to open...

    The invitation has reached the invitee's computer.

    Inviting "Invitee": Opened, waiting for reply...

    The invitee has opened the invitation, and now must decide whether to accept or decline it.

    Inviting "Invitee": Invitation Accepted.

    The invitee has accepted the invitation but Groove is not yet sending the workspace because the inviter and all other workspace members are offline. Note that if the invitee accepts the invitation at a time when the inviter has gone offline, Groove will attempt to download the workspace from another member who is currently online, giving preference to members who are online but idle.

    Inviting "Invitee": Invitation Accepted: Sending workspace, % complete...

    The invitee has accepted the invitation and the workspace is now being sent.

    Inviting "Invitee": Workspace sent, waiting for delivery...

    The workspace has left the inviter's computer, though the invitee is still receiving it.

    Inviting "Invitee": workspace delivered!

    The workspace is successfully delivered to the invitee.

    Note: If the invitee goes offline before receiving the entire workspace, the workspace gets sent to the relay service. The next time the invitee goes online, the workspace is routed from the relay service to his or her computer.

    Requiring acceptance confirmation

    Requiring acceptance confirmation is useful for security purposes. It gives you a chance to verify each recipient's identity before you send the workspace. If you check this option, then when the message recipient(s) accept your invitation, Groove displays an alert that prompts you to confirm the invitation.

    In the Confirm Acceptance dialog box, do any of the following activities and then click Confirm:

    • Click From to open the recipient's contact to verify their identity before sending the workspace.
    • Include a message to send when you either confirm or deny the acceptance.

    Copying an invitation to the Clipboard

    Groove includes standard features for sending workspace invitations as e-mail messages via a Microsoft Outlook client. If you do not use a Microsoft Outlook client for your e-mail, then Groove invitations with e-mail addresses cannot use automated features. If you receive a failure message after attempting to send an invitation to an e-mail address, you can still send the invitation by copying the invitation to the clipboard, and then pasting it into the e-mail client or messaging system of your choice.

      1.     Without closing the Groove invitation, select File-Copy Invitation to Clipboard...

      2.     Select the invitation settings you want and click OK.

      3.     Cancel the Groove invitation.

      4.     Open your e-mail or messaging client.

      5.     Paste the copied invitation into a new message.

    The pasted message includes the standard boilerplate text sent to recipients that includes information on downloading Groove, as well as link for accepting the invitation.

    "

    10:52 AM | Add a comment | Permalink | Blog it | It's all about persons
    August 08

    Trust and P2P... P2P and Business

     
     
    To follow up my previous post "Trust, trust and trust ... It's all about Relationship" , it is important to write about "Trust and P2P" and then the impact between "P2P and Business".
     
    So trust is about a relationship between two persons and relationships between persons. All persons are hence one another in a peer-to-peer (P2P) relationship.
     
    Each person acts in an "unmanaged mode". which means, in theory, that each person controls herself and that no one else can control her and hence can not control her relationships. If that person is the identity creator, that person controls what she does, how she works...
    What about the relationship with the second person? Who creates her identity ...? Herself? So there must be a mecanism which allows to share in trust only between these two persons. Hence the mecanism must be based on an invitation mode with a set of controls.
     
    So person A invites person B and altogether A and B share and have the exact identical information. If person B trust person C and invites C in the common space that she shares with A, then person C gets a direct relationship with A and the data shared with A and B. You imagine that the content must be relevant for a common purpose between A,B and C. If you continue like that with new persons D, E , F and so on, you understand very well what "unmanaged" means. You can control the spread/propagation of that data but at a given moment how  can you ensure the trust given to Z? Take also in consideration that within the distance of 7 nodes, everybody in the world is able to contact anybody...
     
    In such an "unmanaged mode", if you work in a business environment and work with people you can rely on (trust), experience tells that each person is more or less able to control her P2P relationships up to 10 persons. Some people will lower this to 5 persons, some others will tell that they can manage without problem 25 persons.
     
    In practice, in an organisation, you have an "identity initiator" and hence, even in an "unmanaged mode", someone is able to control the root which is the identity. You can also imagine that someone can get a tracability of "connections", a tracability of "usages" ... You can also imagine how "root certificates" can be crossed certified between two organisations... You can also simply imagine that a worldwide trust authority can certify to another third company that the certificates of the two companies are indeed those who they pretend to be.
     
    With Groove software,
    - Each person provides her own trust certificate or her company personal company certificate to selected persons.
    Should the company not authorize some type of contacts, that person would be unable to communicate with the initially selected person.
    That is what we can tell "Managed Identities"
    - Each person builds her own space(s) and data is owned and replicated accross each invited and authorized member.
     
     
    P2P business, which refers to Partner to Partner or Person to Person business, implies trust between these persons or partners.
    Groove, with the way it is implemented, is a P2P Tool which can adapt to security levels between persons and organisations.
     
    A P2P tool like Groove avoids to ask the question "where do I put the server?", "is the data on the server securely stored?"... With an infrastructure like Groove with and only with collaborative rules to work together, you can build easily "Trust zones", "Neutral Zones", ... "War Zones" ...
      
    11:47 PM | Add a comment | Read comments (1) | Permalink | Blog it | It's all about persons
    August 04

    Trust, trust and trust ... Persons Always First ...

     
    Quite everybody uses today email as their first non-oral communication tool.
     
    Most of you even know that standard email is not really secure but you continue to deal with it.
    Some of you because you don't really have the choice, some others because you trust anough the system for what you need to do.
     
    A set of technical people, with a set of technical tools, can of course make "email based communication" more secure...
     
    The side effect of this security enhancement is that the persons who will use this more secured email based system will have less and less people to communicate with... Everybody must indeed be at the same security level which is not really simple to guaranty especially when your skills are more business, project, marketing driven ... that technical.
     
    So rather than to have a complex system to deal with, which must be valid cross-company, which requires a set of IT's to discuss and work, let's start with what counts the most : the person/trust/trust/person or trust/person/person/trust paradigm. What or who is first?
     
    In a person to person relationship, trust is critical and key. You can not really communicate with persons you don't trust. If you do it, you might be superficial or it might take a long time to achieve a common objective together. In the real world, giving trust is sometimes complex but you are assisted by a set of physical sensors and even feelings.
     
    In a digital world you need to rely on a communication system which provides you a set of means to be able to trust another person.
    Hence you tend to start first with "trust" from a technical point of view and you tend to forget the persons : 
    - you need to ensure that the other person is the person she is telling she is.
    - you need to ensure that only the person you communicate with will be able to open it, unless she is already informed (pre-informed) that another person she trusts will be informed simultaneously.
    - you need to ensure that no-one else you aready know will appear to you with the same name but with another digital identity.
     
    Groove communication system is "person centric". Persons "are" Alway First (PAF). This means that each person is the center of her relationship with the other persons she trusts... Each person has a "digital identity card" which is unique and highly crypted. Contrary to e-mail, security is "always on" with Groove :
    - you only work with persons you know
    - your exchanges are crypted on the wire
    - your data is crypted locally
    - your data is crypted everywhere you share it with other known and trusted persons.
     
    So, it's not about "access rights given by someone else", it's about "the rights I give myself, as a person, to another person".
    So, it's not about a "password" which provides me access to a network or an application, it's about the security mecanisms associated to my, personnal, digital identity card which allow me to communicate with onother person.
    So, it's not about "access rights given to data", it's about "rules" I provide to someone else to access that data and manipulate it.
     
    It's all about trust I grant to a specific person and that the other person grants equally to me.
    Of course, the other person can work with another person, with other persons ...
     
    In other words, the data you provide to that person is not intended to go somewhere without your conscent because ... you trust that person.
    Of course, in some organisations, you need to provide additionnal "global rules" but the core idea is "you share your trust with another person that shares it equally to you on the subject you mutually decided".
     
     
     
    8:42 AM | Add a comment | Permalink | Blog it | It's all about relationships