May 03, 2004

Neu5PM

Nueclear from Pelle suggests a variant of the 5PM (which in itself is just a variant of hundreds and even thousands of years of good governance). In Pelle's model, he adds an auditor, and changes the names a bit. Here it is:

6-party model
http://neuclear.org/display/neu/6-party+model
Last changed on Apr 01, 2004 by Sandy

Ian Grigg has formulated a 5-party governance model which provides an excellent starting point for governing electronic assets. We have taken this model and added an additional party, the auditor.

  • Promoter The originator and promoter of an asset. To promote trust he contracts with the 4 following parties and does little else.
  • Issuer Issues assets into the NeuClear System. This could be a trust company or a certified auditor. The main role of the Issuer is to verify that the value implied in the above layer is actually entered into the system and that the Promotor can't falsely inflate the system.
  • Operator The operator is like an Application Service Provider. He maintains the books of the assets and responds to Transfer Orders with Transfer Receipts in such a manner that none of the other parties can interfere or otherwise modify the underlying accounting of the value system.
  • Auditor The auditors run a seperate, parallel set of books to the Operator. He listens to Transfer Orders and Transfer Receipts and is the final authority on balance of accounts.
  • Manager The manager is contracted by the Issuer to do the day-to-day management of the asset. For example, requesting that the Issuer add more assets to the system, or customer service.
  • Users The users are in many ways the real auditors of the system. As long as at least one of the 4 parties directly above is honest, they can monitor the runnings of the Asset live and instantly, to see if anything goes wrong. Users can optionally maintain their own books that can be automatically reconciled with those of the Auditor.

Note we also modified the names of two of the parties from Ian's 5-party model, as they were causing confusion to people outside of the Financial Cryptography world. Ian's Issuer became our Promoter. His Mint became our Issuer.

Examples of the 6-party model

It can be hard to understand the 6-party model without seeing practical examples. Please see the following:

Posted by iang at May 3, 2004 12:03 PM | TrackBack
Comments

(I just posted on Pelle's site; here's a copy)
Nice work. In comparison to Ian Grigg's 5PM it appears that

* the MINT role is renamed, Issuer, and

* the ISSUER role is renamed, Promoter.

That seems reasonable to me... But, as a veteran of naming battles in ebXML Core Components I have gotten sensitized to this problem of the thought leaders in a domain using different naming. Far better, to work together under a neutral umbrella like XML-X project, maybe even bring it under an OASIS TC or something that provides rules about IP, and then agree on what's what. Then agreeing on what to name it is last. After all these years you guys would probably agree quickly on common semantics-- and a lot of them are already agreed by large, competing domains like financial services. Benefits include

* increase interoperability among leading applications within the community.

* enhanced alignment of understanding by downstream users, academics, press, etc. of what things mean.

Regarding the addition of the auditor that's a great topic to discuss. It can be decomposed into two things. A physical replication service, and this decision you've made that the auditor is the final arbiter... It seems to me that a community of competing asset accounting systems may interoperate ok even if each has different technical and business provisions. A little cluster of XML to represent whether there is a replica, its location on the network, etc. and which host is the final arbiter, etc. etc.

In today's financial markets the term "auditor" already exists having a different meaning. That's ok, not a problem, but you want your reader to avoid any mistake or delay in understanding.

I realize the only things that are computable anyway would be the sorts of atomic entities in state machines.

But it is fun to decompose things like "auditor" into their atomic entities.

Shall we play around with a UML model? At least we would end up with nicer powerpoints :-)
I have some artifacts at http://ledgerism.net/dbcTrustModel.htm

Todd

Posted by: Todd Boyle at May 3, 2004 01:21 PM

Within NeuClear we recommend the [the above model], which is based on Ian's 5 party model.

Note, we've changed a few of the names of the parties and added an extra one.

The Issuer (we call him the Promoter) picks the various parties and signs the governing rules. Example see: http://bux.neuclear.org/bux.html
His keys are never stored on the server (most likely they are on a floppy disk in a safe).

The server operator performs the same function within NeuClear that Ian's operator. Thus he manages the transaction keys, which yes are on the server. The model for this is that you wont use a traditional ISP for this, but rather a specialized ISP who maintains a secure server without traditional ftp or ssh access. The Promoter could keep all the regular HTML etc on a different server alltogether, it wouldnt really matter.

With NeuClear as in Ricardo, a separate party actually places currency into circulation. Ian calls him the mint, we call him the Issuer (just to confuse things). This key would in an ideal world be held offline by some trusted third party as well.

To keep tabs on the server operator we have added the concept of real time transaction auditors to the NeuClear model. They basically listen to all the transactions that are going on and maintain their own separate books. These would be generally speaking managed by other hosting providers than those who run the transaction processor.

In a real live system, we would even recommend that the online statements etc viewed by end users be viewed directly off the auditors servers and not the transaction processors.

In the next version of the NeuClear Personal Signer we will also introduce a local portfolio manager, which maintains seperate books for the owner of an account. With this the owner can also audit all his own transactions and monitor that nothing strange is going on.

-P

Posted by: Pelle at May 3, 2004 01:55 PM

Top notch stuff! Obviously, I'm looking at these varations with some interest.

I agree with Todd that naming is a pain, and hard to get right. Each of the names we use causes problems in each domain we move into, and generally, different problems. But, also, by far more important is to understand the roles, so this comment is of minor quibble value, whereas the addition of the auditor is much more important.

Mint (-> Issuer): Yes, this causes problems, but I've not come across a better term. In the "reserves" variant of the 5PM, he is called "cosignatory". Mint is one term that most people are unified in disliking, but can't suggest a better one, perhaps because the notion of having a separated party responsible for creation of float is hard to muster, and most issues tend to be minted by process of dynamic accounting - something that I specifically tried to avoid, as it made *everyone* the mint...

Issuer (-> Promoter): here it is more difficult. If one takes classical issues, such as shares in IBM, or DGC Gold, then applying the term Issuer to those institutions seems to work better. Applying the term Promoter to them doesn't work, IMHO.

OTOH, who is the Issuer of the euro or dollar, and who is the Promoter? I'd say for the former the issuer is the ECB, and the Promoter is the EC or EP. And the dollar is issued by the Fed, while the promoter is the Treasury or USG. But, I admit uncertainty, maybe it is the other way around . . .

In some (not all) circles, Promoter would raise eyebrows. In general, I say the Issuer is the man who stands behind the Issue. I.e., the signatory on the contract, and the main owner of the brand. It's his issue.

Posted by: Iang at May 3, 2004 02:15 PM

Replicating real life in electronic format is counter productive. The advantages of automation should be used to its fullest potential not reduced to what occurs already. Since that which is currently an acceptable framework developed and evolved within defined technological parameters then the next framework should allow what can be done to expand or reduce what is considered acceptable.

All the roles defined can be aggregated within one real time accounting system and thus consolidated under one roof. Even with divided roles one group is responsible to the users or shareholders. That is, the liability of false reporting cannot be divided. So one real time accounting system with reporting fetures for historic informational purposes could remove the Auditor and combine his efforts with that of the Operator.

The Promoter is rarely held as anything other than a salesman, a hired hand, and his role is questionable since his view may or may not represent a true picture. The Issuer role is also adjunct,within the defined terminology, to that of Manager since having an outside Manager may or may not provide protection.

The ultimate protection is real time accounting and assets that cannot be fabricated outside the realm which is considered unsavory. The User is not protected by having additional parties but is better served by having one Issuer that has an air tight accouting system that cannot be fudged. The need for managers, auditors, promoters and operators goes away if what is done is known and not lied about. The only answer is real time accounting that foots to the detail of the system's assets as they are transacted.

A two party model is the strongest. By reducing the roles and increasing the verification of the core functionality as transacted by the Issuer accountability to the user is increased since the liability cannot be passed around by seperate parties that have no recourse to each other or the user base.

Additional roles have been added over time to compensate for the regulatory and legal requirements as they are seen as the compounded wisdom of old. The real time accounting lets the user see what the Issuer/Manager/Operator/Promoter/Auditor is really doing then they can choose if they trust them.

Posted by: Jim Nesfield at May 3, 2004 03:21 PM

I realize that it would be controversial to change from Mint->Issuer and Issuer->Promoter and I didn't do it too happily either.

The main reason was that explaining it to people outside the FC world was very difficult. We (as any other niche group) develop our own language out of need more than anything. But some times a couple of years down the line, this terminology becomes more of a liability.

One other real difference is that with NeuClear we are trying to take it far beyond the narrow world of financial applications. Mint makes sense for money, thats for sure. But if we are talking about minting it gets more confusing "Nike Shoe model #1233aa3". I have done a lot of discussion with people in manufacturing, logistics and telecoms in the past year and for most of them the term "mint" scares them off. Promoter makes a lot more sense.

In reality it doesnt really matter what we call the Promoter. From a standards point of view we need a simple term for the "Minting" process.

In the terms of various branded e currency schemes, that is what we really are talking about. Branding. E-Gold, Goldmoney and Pecunix all are selling the exact same product. Their promoters are each promoting their flavor, by pushing their governance model or other features.

As Jim says it's often unnecessary to have all of the parties. I'd say ideally you would want them all, but for a licensed commercial bank thats well funded and already have a good reputation it would be better to perform most of the functions internally. However with the different parties managed by different staff within the bank, exactly as happens today.

See http://neuclear.org/display/neu/Banking+Governance for an example of how this could be done.

-P

Posted by: Pelle at May 3, 2004 05:21 PM

Pelle, I don't think it's controversial to suggest that names change! There are some good points here, we've also been somewhat dogged by the poor choice of "mint." Nobody likes that one.

Also, the Issuer term has given us some trouble, although less as it literally is the most important term - at the end of the day, Jim is right, it all collapses and there is only the Issuer. Or, in your terms, the Promoter.

I don't yet see that "Issuer" is the one for the Mint spot. Here's what I think for now: 1) there's too much baggage in the name, 2) it has some legal / real world relevance, 3) it seems odd to say that the guy creating new issue is the issuer, you could as well say that the manager distributing primary float to users is the issuer, as he's issuing them their currency. In fact, we used to call the operator the issuer!

Your description of Nikes raises some questions and backs up the move to change the terms. Or at least rethink the process. I guess this may be where you get the notion of Promoter from - in a totally non-financial the original terms might be too financial.

But, I wonder if that also leads to the possibility of no set of terms being universally applicable to all industries. In which case we are back to Todd's suggestion that names don't matter, and roles do.

Maybe we should call them A1, A2, ... Or 5.1, 5.2... and then allocate names on a sector basis?

(I have for the moment steered clear of the debate on how many parties, and what they do... Pelle's addition and Jim's subtractions will have to wait for another day.)

Posted by: Iang at May 3, 2004 07:49 PM

I think we are pretty much all in violent agreement. Lets agree on some techie sounding name, that doesnt sound like an existing word. Maybe a Ian's suggestion of 'A1' is best.

I think the only real important role that causes problems is the Issuer/Mint role. I suggest something that sounds so technical that people wont make direct assumptions. Maybe "certifier", but for now lets just use the rolename "A1"

Then in the currency world we can say in the field A1 put "mint". In some other "underwriter" etc.

Posted by: Pelle at May 4, 2004 06:15 PM

It is useful to compare some conceptual approaches.

Do you want to standardize only the jargon for the industry, for humans?

I assume the answer is "NO", you really want to standardize the *semantics* of business information in the message, and the behaviors of the interfaces.

This is not to enforce anything but just to agree on the vocabulary. Without a common vocabulary between speaker and listener, communication is impossible. And we are still living in a feudalism, in which the kings with their domains only allow the use of their own language, as a strategy for monopoly.

Under ISO 11179 you first agree on conceptual definitions, then it is allowable to discuss and agree on one or more names for the semantic element. Obviously there are different human languages and for international trade, the semantic entity has many names.

Under ISO 11179 there is a role called "registration authority" alas, a naming czar. But ISO 11179 was largely adopted by ebXML Core Components workgroup..

http://www.google.com/search?q=%22Syntax-Neutral%22+%22Business+Semantics%22&num=30&safe=off

There's no technical reason a semantic registry couldn't be run openly and democratically, allowing the general public and indsutries to upload whatever semantic entities they like.
http://ledgerism.net/openSemanticRegistry.htm

However, the Business Process workgroups of ebXML never agreed with or accepted the Core Components work because it was not computable. Most members of both CC and BP teams worked really hard towards a single understanding. But the CC group was overwhelmingly nondevelopers, business domain experts from X12 and EDIFACT. and ultimately the outcome is represented in the design of the RegRep. i.e. computable. John Yunker and Jim Clark were instumental in these which aren't even ontline in ebXML. http://ledgerism.net/BCP_Spec_2002-09-06_draft.zip

Well.. have to run now.
Todd

Posted by: Todd Boyle at May 6, 2004 02:17 PM

> Comments [by Todd]:
>
> It is useful to compare some conceptual approaches.
> Do you want to standardize only the jargon for the industry, for humans?

Hmm... actually I think our starting point is that
we have failed to standardise the jargon for industry
and humans, and includes a recognition that we will
fail if we keep trying. So, NO.


> I assume the answer is "NO", you really want to
> standardize the *semantics* of business information
> in the message, and the behaviors of the interfaces.


Yes. I think the answer is we want to standardise
the semantics of each role, but leave the label free
to vary.


> This is not to enforce anything but just to agree
> on the vocabulary. Without a common vocabulary
> between speaker and listener, communication is
> impossible. And we are still living in a
> feudalism, in which the kings with their domains
> only allow the use of their own language, as a
> strategy for monopoly.


In principle, yes. But, we have difficulties.
For example, we always saw Mint as a difficult
term. It was already overloaded from the bearer
people (who, thankfully, have left the field
barren of competition, so no probs there...).

So I'm happy to see a better term there. But,
Pelle's stab at promoter won't work for us at
all as when we go into finance scenarios, we
have to be careful to establish a veil of
fiduciary duty not circus tricks.


> Under ISO 11179 you first agree on conceptual
> definitions, then it is allowable to discuss
> and agree on one or more names for the semantic
> element. Obviously there are different human
> languages and for international trade, the
> semantic entity has many names.


How does ISO 11179 label each conceptual
definition? With a codenumber? Or are we
right back to the acquisition of a label?

For example, I could see the following:

P1 being the signatory to the contract offering,
the brand owner of the issue, and the ultimate
authority for the issue. The buck stops with P1.

(for me, Issuer, for Pelle, Promoter.)

P2 ...

etc etc. As far as which is which, I'm
happy if the P1 is my issuer - he is the
one where the buck stops - and I'd kinda
like the 5th party to be the Users. The
rest, I have no issue over.

Then, between the poles of Jim's 1 Party
and Pelle's 6 party model, it's simply a
matter of selecting from the smorgasbord.


> Under ISO 11179 there is a role called
> "registration authority" alas, a naming czar.
> But ISO 11179 was largely adopted by ebXML
> Core Components workgroup..
>
> http://www.google.com/search?q=%22Syntax-Neutral%22+%22Business+Semantics%22&num=30&safe=off
>
> There's no technical reason a semantic registry
> couldn't be run openly and democratically,
> allowing the general public and indsutries
> to upload whatever semantic entities they like.
> http://ledgerism.net/openSemanticRegistry.htm

That's hopelessly too much :) All Pelle is
proposing in substance is the addition of a
new party, being the professional auditor.

So, from 5 to 6. I'd hope we can manage
that without any Python helping us ....


> However, the Business Process workgroups of ebXML
> never agreed with or accepted the Core Components
> work because it was not computable. Most members
> of both CC and BP teams worked really hard towards
> a single understanding. But the CC group was
> overwhelmingly nondevelopers, business domain
> experts from X12 and EDIFACT. and ultimately the
> outcome is represented in the design of the RegRep.
> i.e. computable. John Yunker and Jim Clark were
> instumental in these which aren't even ontline in
> ebXML. http://ledgerism.net/BCP_Spec_2002-09-06_draft.zip

If there's one thing worse than a committee,
it's two committees ... thanks, Todd!

iang

Posted by: Iang at May 6, 2004 04:46 PM