IETF Logo Mail Archive

Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch

Leif Johansson <leifj@sunet.se> Mon, 23 September 2013 14:05 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BDA021F9BEF for <abfab@ietfa.amsl.com>; Mon, 23 Sep 2013 07:05:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.599
X-Spam-Level:
X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6fcm3Bb4gH2s for <abfab@ietfa.amsl.com>; Mon, 23 Sep 2013 07:05:38 -0700 (PDT)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) by ietfa.amsl.com (Postfix) with ESMTP id 3B1C921F9A5F for <abfab@ietf.org>; Mon, 23 Sep 2013 07:05:36 -0700 (PDT)
Received: from smtp1.sunet.se (smtp1.sunet.se [IPv6:2001:6b0:8:2::214]) by e-mailfilter01.sunet.se (8.14.3/8.14.3/Debian-9.4) with ESMTP id r8NE5KmZ027394 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <abfab@ietf.org>; Mon, 23 Sep 2013 16:05:20 +0200
Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.4/8.14.4) with ESMTP id r8NE5HQ0010236 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <abfab@ietf.org>; Mon, 23 Sep 2013 16:05:20 +0200 (CEST)
X-Footer: c3VuZXQuc2U=
Received: from [10.0.0.244] ([62.102.145.131]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.1.2) (using TLSv1/SSLv3 with cipher AES256-SHA (256 bits)) for abfab@ietf.org; Mon, 23 Sep 2013 16:05:16 +0200
Message-ID: <52404A9C.5050803@sunet.se>
Date: Mon, 23 Sep 2013 16:05:16 +0200
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: abfab@ietf.org
References: <tsl61ug7n72.fsf@mit.edu> <052301ceb814$54e4caa0$feae5fe0$@augustcellars.com> <523FE430.4040106@kent.ac.uk> <tsl61trg1jz.fsf@mit.edu>
In-Reply-To: <tsl61trg1jz.fsf@mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Bayes-Prob: 0.495 (Score 0, tokens from: outbound, sunet-se:default, base:default, @@RPTN)
X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09KsC5kjs - 2bb532fd31a4 - 20130923 (trained as not-spam)
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
X-Scanned-By: CanIt (www . roaringpenguin . com)
Subject: Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 14:05:43 -0000

On 09/23/2013 02:33 PM, Sam Hartman wrote:
>>>>>> "David" == David Chadwick <d.w.chadwick@kent.ac.uk> writes:
>     David> Section 1.  i) Data Minimization and User Participation:
>     David> "There is currently no direct client participation in this
>     David> decision." (i.e. release of identity attributes). We should
>     David> say at this juncture that this is a major deficiency in
>     David> existing federated systems, since the user does not have full
>     David> consent or control over which of his identity attributes are
>     David> released. This should be fixed in Abfab
>
> I do not support this change.
>
> There are some cases where this is a major deficiency, but it's not
> entirely clear whether fixing this at the ABFAB layer is the right
> approach.
>
> I'd argue that trying to fix the concent problem in a general manner at
> the federation layer may have done more harm over the years than the
> privacy problem that is trying to be addressed.
With my chair-switch secured in the OFF position: I agree with Sam
100% here.
>
>
>     David> iii) I dont buy into your whiteboard example of single entity
>     David> authentication, because a hacked whiteboard could trick the
>     David> user into opening the wrong file, which could be disasterous
>     David> during an important business meeting. SO mutual
>     David> authentication is needed here as well. If you want an example
>     David> where mutual authentication is not important, its one where
>     David> either the information being accessed is of very little value
>     David> to the accessor so that it does not matter if it is erroneous
>     David> information or not, or one where it does not matter who the
>     David> accessor is i.e. its public information.
>
> Most of the tools I'm familiar with for screen sharing etc would not
> allow the white board to pick the presentation/file.
> I'd support adding a comment that you don't want to run UI on the white
> board, but no I think I completely disagree with your proposed
> constraints on when this is useful.
>
> --Sam
> _______________________________________________
> abfab mailing list
> abfab@ietf.org
> https://www.ietf.org/mailman/listinfo/abfab

v2.23.0 | Report a Bug | By Email