Re: [Ace] Offline operation of Resource Server
Göran Selander <goran.selander@ericsson.com> Tue, 15 July 2014 07:25 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B830C1B2833 for <ace@ietfa.amsl.com>; Tue, 15 Jul 2014 00:25:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.901
X-Spam-Level:
X-Spam-Status: No, score=-2.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_AFFORDABLE=1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPTY2YOpOhWJ for <ace@ietfa.amsl.com>; Tue, 15 Jul 2014 00:25:48 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C66AF1A031C for <ace@ietf.org>; Tue, 15 Jul 2014 00:25:47 -0700 (PDT)
X-AuditID: c1b4fb30-f79da6d000006b80-8c-53c4d779464b
Received: from ESESSHC020.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 75.52.27520.977D4C35; Tue, 15 Jul 2014 09:25:45 +0200 (CEST)
Received: from ESESSMB303.ericsson.se ([169.254.3.228]) by ESESSHC020.ericsson.se ([153.88.183.78]) with mapi id 14.03.0174.001; Tue, 15 Jul 2014 09:25:45 +0200
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Offline operation of Resource Server
Thread-Index: AQHPn1fLcOspjEhBoEOZJCU6w62WxJugvUmA
Date: Tue, 15 Jul 2014 07:25:44 +0000
Message-ID: <CFEA41D5.15C7A%goran.selander@ericsson.com>
References: <53C3C09A.5090707@gmx.net>
In-Reply-To: <53C3C09A.5090707@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.2.140509
x-originating-ip: [153.88.183.148]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <B04C070AF7107D4486C63CA2DC6247E2@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpjkeLIzCtJLcpLzFFi42KZGfG3Rrfy+pFgg4lvTC2+f+thtli68x6r A5PH4k372TyWLPnJFMAUxWWTkpqTWZZapG+XwJVxtO0wc8FnoYq3zQdYGxjb+bsYOTkkBEwk 1l08wwRhi0lcuLeerYuRi0NI4CijxLE58xkhnCWMEl8uPgWrYhNwlTjw4B2YLSIQJHG48TUb iC0sYC7xcvV3Foi4hcTCk+eZIWwjicbdy8BsFgFViYlfJzKC2LxANZ0L+thBbCEBNYmldyeA zeQUUJf4dfM/mM0IdNH3U2vAbGYBcYlbT+ZDXSogsWQPxHwJAVGJl4//sYLYogJ6Es1dbxgh 4koSjUuesEL06kncmDqFDcK2lvhzaC8LhK0tsWzha2aIewQlTs58wjKBUXwWknWzkLTPQtI+ C0n7LCTtCxhZVzGKFqcWJ+WmGxnppRZlJhcX5+fp5aWWbGIERtzBLb8NdjC+fO54iFGAg1GJ h3eB1JFgIdbEsuLK3EOM0hwsSuK8C8/NCxYSSE8sSc1OTS1ILYovKs1JLT7EyMTBKdXAGJGm WvU2vfnGzPILJXLt3PfC29s0K99OLvu5ScwpRLvnSPmDvYUvQhi2/bi1Y9KePhZ16dt5P09G ZyjrMj9amBV0ajlL3XlPUx7T6hdOVpaFKfGcETNaVmVodVp5Bt7MXfMky+7V76o468gn1UcD ytXf15hm28b5HHJY2BPubSDZH6aqckWJpTgj0VCLuag4EQD3KcoPmQIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/ace/TzC9GvjsK5hX0oU9hkhtlmAbO4Y
Subject: Re: [Ace] Offline operation of Resource Server
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 07:25:51 -0000
Hannes, I believe it is important that the solution allows an offline mode of operation. Here are some other supporting use cases: Although not listed in use case 1, the container monitoring use case, any access requests to the goods at sea may need to work without connectivity to an AS in the cloud. Containers may also be kept other areas e.g. underground where cellular access is not available. One important point is that even if connectivity to AS is technically possible at all times it may not affordable for the particular business case. We discussed previously one company considering designing physical access control using an online system. There are another companies in the physical access control business that profile themselves with offering offline mode, for example Telcred. Their home page provides some more details. http://telcred.com/ One example of offline operations is for field technicians to physical access radio base station sites: If the base station is malfunctioning, there may be no cellular coverage at the site, and the field technician need to access the site to repair the base station (which then may become a catch 22). There are also use cases where the AS functionality is hosted in a smart phone or other end-user operated device (and the client is not in the same device). In these cases we must also expect periods of time when the device is not available or turned off. In draft-seitz-ace-problem-description section 4.5 we formulated the offline requirement/assumption as: o RS may not be able to communicate with AS at the time of the request from C. It would be interesting to know how people think about this (and other statements in section 4). Göran On 14/07/14 13:35, "Hannes Tschofenig" <hannes.tschofenig@gmx.net> wrote: >Hi all, > >in one of my previous mail I said that the requirements rule out an >EAP/AAA solution and this impression was based on reading the following >requirement from http://tools.ietf.org/html/draft-seitz-ace-usecases-01 > >" > o U5.2 The meters must be able to perform fine-grained access > control on the metering data and on the configuration while being > offline. >" > >I was wondering how strong the requirement for not having a real-time >interaction between the resource server and the AS is. > >Ciao >Hannes >
- [Ace] Offline operation of Resource Server Hannes Tschofenig
- Re: [Ace] Offline operation of Resource Server Josh Howlett
- Re: [Ace] Offline operation of Resource Server Hannes Tschofenig
- Re: [Ace] Offline operation of Resource Server Rafa Marin Lopez
- Re: [Ace] Offline operation of Resource Server Michael Richardson
- Re: [Ace] Offline operation of Resource Server Hannes Tschofenig
- Re: [Ace] Offline operation of Resource Server Michael Richardson
- Re: [Ace] Offline operation of Resource Server Ludwig Seitz
- Re: [Ace] Offline operation of Resource Server Göran Selander
- Re: [Ace] Offline operation of Resource Server Kumar, Sandeep
- Re: [Ace] Offline operation of Resource Server Likepeng
- Re: [Ace] Offline operation of Resource Server Ludwig Seitz
- Re: [Ace] Offline operation of Resource Server Hannes Tschofenig
- Re: [Ace] Offline operation of Resource Server Rafa Marin Lopez
- Re: [Ace] Offline operation of Resource Server Josh Howlett
- Re: [Ace] Offline operation of Resource Server Michael Richardson
- Re: [Ace] Offline operation of Resource Server Michael Richardson
- Re: [Ace] Offline operation of Resource Server Rafa Marin Lopez
- Re: [Ace] Offline operation of Resource Server Ludwig Seitz