Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt
Gabriel Lopez <gabilm@um.es> Wed, 13 March 2013 16:39 UTC
Return-Path: <gabilm@um.es>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BED721F8935 for <abfab@ietfa.amsl.com>; Wed, 13 Mar 2013 09:39:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ohKwcchZoH4g for <abfab@ietfa.amsl.com>; Wed, 13 Mar 2013 09:39:56 -0700 (PDT)
Received: from xenon12.um.es (xenon12.um.es [155.54.212.166]) by ietfa.amsl.com (Postfix) with ESMTP id C35DE21F8614 for <abfab@ietf.org>; Wed, 13 Mar 2013 09:39:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon12.um.es (Postfix) with ESMTP id 435D04C5B6 for <abfab@ietf.org>; Wed, 13 Mar 2013 17:39:54 +0100 (CET)
X-Virus-Scanned: by antispam in UMU at xenon12.um.es
Received: from xenon12.um.es ([127.0.0.1]) by localhost (xenon12.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 21XgyVrcl6gr for <abfab@ietf.org>; Wed, 13 Mar 2013 17:39:53 +0100 (CET)
Received: from [155.54.205.186] (inf-205-186.inf.um.es [155.54.205.186]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: gabilm) by xenon12.um.es (Postfix) with ESMTPSA id 5B1A54C619 for <abfab@ietf.org>; Wed, 13 Mar 2013 17:39:52 +0100 (CET)
Message-ID: <5140ABDC.6080000@um.es>
Date: Wed, 13 Mar 2013 17:39:56 +0100
From: Gabriel Lopez <gabilm@um.es>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: "abfab@ietf.org" <abfab@ietf.org>
References: <20130311222528.12212.74.idtracker@ietfa.amsl.com> <A9AA33E1-00E7-40D8-9805-125666ACF11D@cardiff.ac.uk>
In-Reply-To: <A9AA33E1-00E7-40D8-9805-125666ACF11D@cardiff.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 16:39:57 -0000
Hi, Just a few comments about the ps Section 1. Introduction - "two entities are able to verify that each other is who they think they are" --> the term "think" is quite ambiguous here, probably better "two entities are able to verify that each other is who they claim they are"" Section 2. Terminology - Authentication Policy Community (APC): "A set of entities that share a common trust infrastructure" It is just a "federation"? Why the term policy is used here? It is just for authentication not for authorization? - Community of Interest (CoI): Does it refers to idPs and SPs (and principals/clients?) - Entity: A general term for IdPs and RPs. In documents like http://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdf, the general term for idPs and RPs is "Provider", in fact, "Entity" is a more general concept" - Trust Arbitrator: What is a "trust rating"? - Trust Advisor: - CoR is not defined - Agree with David, "Root of Trust" is a well known term for that, or even "Trust Anchor" - Section 3. 3.2 - Authors remark the term "Communities of Trust", which is not included in Section 2. 3.2 - "and users of it typically need to pay for the service". Does it refer to the fact of paying for trust? I usually connect to my bank account, trust is established based on a Trust Anchor (probably something like Verisign), but I have never paid for this trust? Or have I misunderstood the sentence? Could you add some examples? 3.2 - " Trust Arbitrators are less commonly seen, and are usually found where a Trust Arbitrator stands to make financial gain" Is it this sentence right? 3.3 - Does this section describe something similar to the term "confederation" or "alliance"? Section 5.1 - Have you take into account cross-certification? Bridge CA? etc.... - "Works well but only when governance and management is done properly" --> Well I think it is true for any kind of infrastructure/technology/scenario I can imagine ... - "Which it isn't, generally" -- > Agree with David. This is a very strong sentence. Section 6 - It is still difficult to me to see the real problem to be solved. I expected a description about how technologies like ,for example, PKI does not fulfils the requirements of section 4. I'm not saying it does, I'm just saying it would improve the problem statement... Sorry if I'm saying nonsenses, just trying to understand the terminology .... Regards, Gabi. On 12/03/13 18:35, Rhys Smith wrote: > Hi all, > > FYI, a new version of a problem statement driving the reasoning for needing trust router has been posted. There's still a lot of work needing doing on it. Compared to previous versions, this is trying to articulate the problem in a more general sense than has previously been done, to see if that helps in explaining the problem. > > Rhys. > > Begin forwarded message: > >> From: internet-drafts@ietf.org >> Subject: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt >> Date: 11 March 2013 18:25:28 EDT >> To: i-d-announce@ietf.org >> Reply-To: internet-drafts@ietf.org >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> >> >> Title : Trust Requirements in a Federated World >> Author(s) : Josh Howlett >> Rhys Smith >> Margaret Wasserman >> Filename : draft-howlett-abfab-trust-router-ps-03.txt >> Pages : 14 >> Date : 2013-03-11 >> >> Abstract: >> TODO: This document outlines the requirements for trust in a >> federated environment, and enumerates the requirements for a trust >> infrastructure. It also examines existing trust infrastructures >> given these requirements and concludes that none fulfil all of the >> requirements, and suggests that maybe a new one is required that >> does. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-howlett-abfab-trust-router-ps >> >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-howlett-abfab-trust-router-ps-03 >> >> A diff from the previous version is available at: >> http://www.ietf.org/rfcdiff?url2=draft-howlett-abfab-trust-router-ps-03 >> >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> I-D-Announce mailing list >> I-D-Announce@ietf.org >> https://www.ietf.org/mailman/listinfo/i-d-announce >> Internet-Draft directories: http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > _______________________________________________ > abfab mailing list > abfab@ietf.org > https://www.ietf.org/mailman/listinfo/abfab
- [abfab] Fwd: I-D Action: draft-howlett-abfab-trus… Rhys Smith
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Hannes Tschofenig
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Sam Hartman
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Hannes Tschofenig
- Re: [abfab] I-D Action: draft-howlett-abfab-trust… Rhys Smith
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… David Chadwick
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Josh Howlett
- Re: [abfab] I-D Action: draft-howlett-abfab-trust… Margaret Wasserman
- Re: [abfab] I-D Action: draft-howlett-abfab-trust… hannes.tschofenig
- Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-… Gabriel Lopez