IETF Logo Mail Archive

Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch

David Chadwick <d.w.chadwick@kent.ac.uk> Mon, 23 September 2013 20:53 UTC

Return-Path: <d.w.chadwick@kent.ac.uk>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 972B821F9DC9 for <abfab@ietfa.amsl.com>; Mon, 23 Sep 2013 13:53:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kF8M5iZYhTZ2 for <abfab@ietfa.amsl.com>; Mon, 23 Sep 2013 13:52:58 -0700 (PDT)
Received: from mx7.kent.ac.uk (mx7.kent.ac.uk [129.12.21.38]) by ietfa.amsl.com (Postfix) with ESMTP id D13A521F9DB0 for <abfab@ietf.org>; Mon, 23 Sep 2013 13:52:56 -0700 (PDT)
Received: from [197.3.0.25] (helo=[172.16.33.134]) by mx7.kent.ac.uk with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72) (envelope-from <d.w.chadwick@kent.ac.uk>) id 1VOD7g-0002P1-2l; Mon, 23 Sep 2013 21:52:48 +0100
Message-ID: <5240AA1C.3060409@kent.ac.uk>
Date: Mon, 23 Sep 2013 21:52:44 +0100
From: David Chadwick <d.w.chadwick@kent.ac.uk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Sam Hartman <hartmans@painless-security.com>
References: <tsl61ug7n72.fsf@mit.edu> <052301ceb814$54e4caa0$feae5fe0$@augustcellars.com> <523FE430.4040106@kent.ac.uk> <tsl61trg1jz.fsf@mit.edu>
In-Reply-To: <tsl61trg1jz.fsf@mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Jim Schaad <ietf@augustcellars.com>, 'Sam Hartman' <hartmans-ietf@mit.edu>, abfab@ietf.org
Subject: Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 20:53:14 -0000

Hi Sam

On 23/09/2013 13:33, Sam Hartman wrote:
>>>>>> "David" == David Chadwick <d.w.chadwick@kent.ac.uk> writes:
>
>      David> Section 1.  i) Data Minimization and User Participation:
>      David> "There is currently no direct client participation in this
>      David> decision." (i.e. release of identity attributes). We should
>      David> say at this juncture that this is a major deficiency in
>      David> existing federated systems, since the user does not have full
>      David> consent or control over which of his identity attributes are
>      David> released. This should be fixed in Abfab
>
> I do not support this change.

Which change do you not support
a) saying that this is a major deficiency in existing federated systems
b) saying that Abfab should fix this
c) both


>
> There are some cases where this is a major deficiency, but it's not
> entirely clear whether fixing this at the ABFAB layer is the right
> approach.

So it appears that you support a) but not b). So can you simply add a).

>
> I'd argue that trying to fix the concent problem in a general manner at
> the federation layer may have done more harm over the years than the
> privacy problem that is trying to be addressed.

Actually in my previous research we fixed this in a layer above the 
federation layer, which we called the attribute aggregation layer. So I 
agree that it is best to not fix it in the federation layer.

>
>
>      David> iii) I dont buy into your whiteboard example of single entity
>      David> authentication, because a hacked whiteboard could trick the
>      David> user into opening the wrong file, which could be disasterous
>      David> during an important business meeting. SO mutual
>      David> authentication is needed here as well. If you want an example
>      David> where mutual authentication is not important, its one where
>      David> either the information being accessed is of very little value
>      David> to the accessor so that it does not matter if it is erroneous
>      David> information or not, or one where it does not matter who the
>      David> accessor is i.e. its public information.
>
> Most of the tools I'm familiar with for screen sharing etc would not
> allow the white board to pick the presentation/file.

Meaning that the user sends an already chosen file to the whiteboard?
In which case I agree with you.

> I'd support adding a comment that you don't want to run UI on the white
> board, but no I think I completely disagree with your proposed
> constraints on when this is useful.

I would be interested to learn of another generic type of use case where 
you think that mutual authn is not needed

regards

David
>
> --Sam
>

v2.23.0 | Report a Bug | By Email