IETF Logo Mail Archive

Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt

David Chadwick <d.w.chadwick@kent.ac.uk> Tue, 12 March 2013 18:48 UTC

Return-Path: <d.w.chadwick@kent.ac.uk>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FF1411E811D for <abfab@ietfa.amsl.com>; Tue, 12 Mar 2013 11:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cvrWLXanVubK for <abfab@ietfa.amsl.com>; Tue, 12 Mar 2013 11:48:54 -0700 (PDT)
Received: from mx2.kent.ac.uk (mx2.kent.ac.uk [129.12.21.33]) by ietfa.amsl.com (Postfix) with ESMTP id B7DF611E8117 for <abfab@ietf.org>; Tue, 12 Mar 2013 11:48:54 -0700 (PDT)
Received: from vpnfa4e.kent.ac.uk ([129.12.250.78]) by mx2.kent.ac.uk with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72) (envelope-from <d.w.chadwick@kent.ac.uk>) id 1UFUFp-0004Cx-3t; Tue, 12 Mar 2013 18:48:53 +0000
Message-ID: <513F7896.8060603@kent.ac.uk>
Date: Tue, 12 Mar 2013 18:48:54 +0000
From: David Chadwick <d.w.chadwick@kent.ac.uk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130215 Thunderbird/17.0.3
MIME-Version: 1.0
To: Rhys Smith <smith@cardiff.ac.uk>
References: <20130311222528.12212.74.idtracker@ietfa.amsl.com> <A9AA33E1-00E7-40D8-9805-125666ACF11D@cardiff.ac.uk>
In-Reply-To: <A9AA33E1-00E7-40D8-9805-125666ACF11D@cardiff.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "abfab@ietf.org" <abfab@ietf.org>
Subject: Re: [abfab] Fwd: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 18:48:56 -0000

Hi Rhys

having read your draft could I suggest

1. some changes in terminology

Trust Arbitrator - > Reputation Service or Reputation Service Operator 
depending upon context

Trust Advisor - > Root of Trust

These two entities are quite different, but by using very similar 
notation for both, as you do, it tends to conflate them into being 
almost the same. I would prefer it if different terms could be used, 
that a) better describe their functionality, and b) better differentiate 
between them. It would also remove the tautology from this sentence

A Trust Arbitrators/Advisors can attempt to become the arbiter of
        trust for multiple communities.


2. that you have downplayed the complexity in establishing technical 
trust between entities. Joining an Authentication Policy Community might 
actually be quite time consuming and tedious, if you have to prove that 
you conform to a certain set of policies (e.g. LOA 3).

3. wrt section 5.1, the scientific EGI community might strongly disagree 
with your conclusions here. I think they think that PKI works just fine, 
is infinitely scalable and very secure. But you should check with them.

regards

David

On 12/03/2013 17:35, Rhys Smith wrote:
> Hi all,
>
> FYI, a new version of a problem statement driving the reasoning for needing trust router has been posted. There's still a lot of work needing doing on it. Compared to previous versions, this is trying to articulate the problem in a more general sense than has previously been done, to see if that helps in explaining the problem.
>
> Rhys.
>
> Begin forwarded message:
>
>> From: internet-drafts@ietf.org
>> Subject: I-D Action: draft-howlett-abfab-trust-router-ps-03.txt
>> Date: 11 March 2013 18:25:28 EDT
>> To: i-d-announce@ietf.org
>> Reply-To: internet-drafts@ietf.org
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>
>> 	Title           : Trust Requirements in a Federated World
>> 	Author(s)       : Josh Howlett
>>                           Rhys Smith
>>                           Margaret Wasserman
>> 	Filename        : draft-howlett-abfab-trust-router-ps-03.txt
>> 	Pages           : 14
>> 	Date            : 2013-03-11
>>
>> Abstract:
>>    TODO: This document outlines the requirements for trust in a
>>    federated environment, and enumerates the requirements for a trust
>>    infrastructure.  It also examines existing trust infrastructures
>>    given these requirements and concludes that none fulfil all of the
>>    requirements, and suggests that maybe a new one is required that
>>    does.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-howlett-abfab-trust-router-ps
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-howlett-abfab-trust-router-ps-03
>>
>> A diff from the previous version is available at:
>> http://www.ietf.org/rfcdiff?url2=draft-howlett-abfab-trust-router-ps-03
>>
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> I-D-Announce mailing list
>> I-D-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> Internet-Draft directories: http://www.ietf.org/shadow.html
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> _______________________________________________
> abfab mailing list
> abfab@ietf.org
> https://www.ietf.org/mailman/listinfo/abfab
>

v2.23.0 | Report a Bug | By Email