Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt
Gabriel Lopez <gabilm@um.es> Wed, 13 March 2013 16:39 UTC
Return-Path: <gabilm@um.es>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BED721F8935 for <abfab@ietfa.amsl.com>; Wed, 13 Mar 2013 09:39:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ohKwcchZoH4g for <abfab@ietfa.amsl.com>; Wed, 13 Mar 2013 09:39:56 -0700 (PDT)
Received: from xenon12.um.es (xenon12.um.es [155.54.212.166]) by ietfa.amsl.com (Postfix) with ESMTP id C35DE21F8614 for <abfab@ietf.org>; Wed, 13 Mar 2013 09:39:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon12.um.es (Postfix) with ESMTP id 435D04C5B6 for <abfab@ietf.org>; Wed, 13 Mar 2013 17:39:54 +0100 (CET)
X-Virus-Scanned: by antispam in UMU at xenon12.um.es
Received: from xenon12.um.es ([127.0.0.1]) by localhost (xenon12.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 21XgyVrcl6gr for <abfab@ietf.org>; Wed, 13 Mar 2013 17:39:53 +0100 (CET)
Received: from [155.54.205.186] (inf-205-186.inf.um.es [155.54.205.186]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: gabilm) by xenon12.um.es (Postfix) with ESMTPSA id 5B1A54C619 for <abfab@ietf.org>; Wed, 13 Mar 2013 17:39:52 +0100 (CET)
Message-ID: <5140ABDC.6080000@um.es>
Date: Wed, 13 Mar 2013 17:39:56 +0100
From: Gabriel Lopez <gabilm@um.es>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: "abfab@ietf.org" <abfab@ietf.org>
References: <20130311222528.12212.74.idtracker@ietfa.amsl.com> <A9AA33E1-00E7-40D8-9805-125666ACF11D@cardiff.ac.uk>
In-Reply-To: <A9AA33E1-00E7-40D8-9805-125666ACF11D@cardiff.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 16:39:57 -0000
Hi,
Just a few comments about the ps
Section 1. Introduction
- "two entities are able to verify that each other is who they think
they are" --> the term "think" is quite ambiguous here, probably better
"two entities are able to verify that each other is who they claim they
are""
Section 2. Terminology
- Authentication Policy Community (APC): "A set of entities that
share a common trust infrastructure" It is just a "federation"? Why the
term policy is used here? It is just for authentication not for
authorization?
- Community of Interest (CoI): Does it refers to idPs and SPs (and
principals/clients?)
- Entity: A general term for IdPs and RPs.
In documents like
http://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdf,
the general term for idPs and RPs is "Provider", in fact, "Entity" is a
more general concept"
- Trust Arbitrator: What is a "trust rating"?
- Trust Advisor:
- CoR is not defined
- Agree with David, "Root of Trust" is a well known term for
that, or even "Trust Anchor"
-
Section 3.
3.2 - Authors remark the term "Communities of Trust", which is not
included in Section 2.
3.2 - "and users of it typically need to pay for the service". Does
it refer to the fact of paying for trust? I usually connect to my bank
account, trust is established based on a Trust Anchor (probably
something like Verisign), but I have never paid for this trust? Or have
I misunderstood the sentence? Could you add some examples?
3.2 - " Trust Arbitrators are less commonly seen, and are usually
found where a Trust Arbitrator stands to make financial gain" Is it this
sentence right?
3.3 - Does this section describe something similar to the term
"confederation" or "alliance"?
Section 5.1 - Have you take into account cross-certification? Bridge
CA? etc....
- "Works well but only when governance and management is
done properly" --> Well I think it is true for any kind of
infrastructure/technology/scenario I can imagine ...
- "Which it isn't, generally" -- > Agree with David. This is
a very strong sentence.
Section 6 -
It is still difficult to me to see the real problem to be solved. I
expected a description about how technologies like ,for example, PKI
does not fulfils the requirements of section 4. I'm not saying it does,
I'm just saying it would improve the problem statement...
Sorry if I'm saying nonsenses, just trying to understand the
terminology ....
Regards, Gabi.
On 12/03/13 18:35, Rhys Smith wrote:
> Hi all,
>
> FYI, a new version of a problem statement driving the reasoning for needing trust router has been posted. There's still a lot of work needing doing on it. Compared to previous versions, this is trying to articulate the problem in a more general sense than has previously been done, to see if that helps in explaining the problem.
>
> Rhys.
>
> Begin forwarded message:
>
>> From: internet-drafts@ietf.org
>> Subject: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt
>> Date: 11 March 2013 18:25:28 EDT
>> To: i-d-announce@ietf.org
>> Reply-To: internet-drafts@ietf.org
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>
>> Title : Trust Requirements in a Federated World
>> Author(s) : Josh Howlett
>> Rhys Smith
>> Margaret Wasserman
>> Filename : draft-howlett-abfab-trust-router-ps-03.txt
>> Pages : 14
>> Date : 2013-03-11
>>
>> Abstract:
>> TODO: This document outlines the requirements for trust in a
>> federated environment, and enumerates the requirements for a trust
>> infrastructure. It also examines existing trust infrastructures
>> given these requirements and concludes that none fulfil all of the
>> requirements, and suggests that maybe a new one is required that
>> does.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-howlett-abfab-trust-router-ps
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-howlett-abfab-trust-router-ps-03
>>
>> A diff from the previous version is available at:
>> http://www.ietf.org/rfcdiff?url2=draft-howlett-abfab-trust-router-ps-03
>>
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> I-D-Announce mailing list
>> I-D-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> Internet-Draft directories: http://www.ietf.org/shadow.html
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> _______________________________________________
> abfab mailing list
> abfab@ietf.org
> https://www.ietf.org/mailman/listinfo/abfab
- [abfab] Fwd: I-D Action: draft-howlett-abfab-trus… Rhys Smith
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Hannes Tschofenig
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Sam Hartman
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Hannes Tschofenig
- Re: [abfab] I-D Action: draft-howlett-abfab-trust… Rhys Smith
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… David Chadwick
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Josh Howlett
- Re: [abfab] I-D Action: draft-howlett-abfab-trust… Margaret Wasserman
- Re: [abfab] I-D Action: draft-howlett-abfab-trust… hannes.tschofenig
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Gabriel Lopez