IETF Logo Mail Archive

Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)

Eric Rescorla <ekr@rtfm.com> Mon, 17 July 2023 16:07 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C796C169508 for <architecture-discuss@ietfa.amsl.com>; Mon, 17 Jul 2023 09:07:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQ4YFhdgIUTh for <architecture-discuss@ietfa.amsl.com>; Mon, 17 Jul 2023 09:07:46 -0700 (PDT)
Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C8AEC15270E for <architecture-discuss@ietf.org>; Mon, 17 Jul 2023 09:07:46 -0700 (PDT)
Received: by mail-yb1-xb2e.google.com with SMTP id 3f1490d57ef6-cb37a0ea5b3so6185564276.0 for <architecture-discuss@ietf.org>; Mon, 17 Jul 2023 09:07:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20221208.gappssmtp.com; s=20221208; t=1689610065; x=1692202065; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=DTYdrqTys1R51BTrJJZHZGksXBWDmULVRO3WoOCMB1U=; b=yMLR+s3vLS4sKVByB3FezqV/7QlnwrgjkGFAM7ZuGbqTqNIqjrTCcPyDqJjWyvHEat MSqIC/pSQBqErPRkBlLO6QmJaz+lwqHU8jMfuIv8bC/s8Hhh7xLOf5PzgXvy+AvxEUNT et7rnEocEZ4dGy72az+2t5ZgUNy3QhzR0+xjkfRi+2YWau5LVsmmNMMhKrIYU057x41R 1qIJXFEHQORP1dbKGy5WW2aGFfR/DpIgeN2bbIF5aGbmJigaO6UZ7+aaBqXaiuchYn0p CLx+u41z6RTv/Y2HkAuN8+CcVmdU6ePhDih35k87x2oTS98hAjbIWRKvTT9zfI8fh3mq gT4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689610065; x=1692202065; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DTYdrqTys1R51BTrJJZHZGksXBWDmULVRO3WoOCMB1U=; b=LYWfizucIm7gVRkkjDUHGwVtIFX512sBC9VlLtFVIaHl/LKm1VKs6EbXtqhhTHGEcc 0ErhBZ5wVaS9jxUbYKX5AMlXO0VXJMhy1oIOFslYvfwBKIMUgPlpMENLxCG2dFlv8SHt gEoDZLo7qCrn1q+xJfGU0z7N1yTpW+X0HNjrU7+ZDjCnqUgu3OG6wXKEOmbCaJ3vsaAk Fqo643weTvwcpxMnNZMVEv78pbKYW+Btr1XhXSkVnTiz38yNdj7YY9ItGvHywD06Bn1w uXuco1ZxBu/YtR/Wh0xiYmAwjph2JjprL9JczlCfmxbfswBZ6wV7tJCfcJ9J4xZQkCjV 4wDA==
X-Gm-Message-State: ABy/qLYJdfspTy0iBqPBZ0hFoVydi2Elt18qcVdlmrem2ewEQ06yYqqT NLCsU3/a/iyGi4SxJPZvNslBqmm7uytI/hYfHRZGcZl8SCqk5cT6
X-Google-Smtp-Source: APBJJlGZ4jc5XugJht+YVs16h7uxkxrNVtYoFy3LmCETFANh6rTGKX+9tUKtdxQ3o2AGVr/92/M9PMvIMw9rzNJgpqY=
X-Received: by 2002:a25:ac12:0:b0:c42:2b05:17a5 with SMTP id w18-20020a25ac12000000b00c422b0517a5mr10887954ybi.11.1689610065315; Mon, 17 Jul 2023 09:07:45 -0700 (PDT)
MIME-Version: 1.0
References: <17514E09-F39D-425C-970C-BC14C70F15B9@heapingbits.net> <CABcZeBPOuZt9uvPzwzFmONtr9f9Baa+pZV7edXFuL+FTwqCD7g@mail.gmail.com> <E5DC75E7-DD6C-4B70-80A2-37294B94568A@heapingbits.net>
In-Reply-To: <E5DC75E7-DD6C-4B70-80A2-37294B94568A@heapingbits.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 17 Jul 2023 09:07:09 -0700
Message-ID: <CABcZeBMhkgG=x11oW718ACw1+k794wYhhuGMP19QjE2o1qxo=w@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: architecture-discuss@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c0a6090600b0ffe0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/afmmeNZ2P2_pRbaZqtpsoSHOkVo>
Subject: Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2023 16:07:48 -0000

On Mon, Jul 17, 2023 at 9:02 AM Christopher Wood <caw@heapingbits.net>
wrote:

>
> > Second, I think that you should probably try to focus on some subset
> > of the landscape, which, as you say, is vast. As a super-rough
> categorization,
> > you might think of identity being broken down into:
> >
> > - Primary authentication via public keys, passwords, passkeys, etc.
> > - Secondary (often called federated) identity systems like FedCM,
> >   Google Auth, Facebook Connect (or whatever it's called now), etc.
> >
> > These seem superficially similar, and of course RPs will often accept
> > both (e.g., log in with your password or Google Auth), but technically
> > they are quite different. I would focus on the second category and
> > eschew the first.
>
> This is an interesting take. Is your suggestion to focus on the second due
> to the well-defined nature of the first group?
>

Yes, and that there is already very active standards work in that area.

-Ekr


> >
> >   In working towards these goals, the program could collect important
> >   use cases addressed by existing identity mechanisms, discuss
> >   functional requirements (e.g., trust model, access control, support
> >   for roles, etc.) essential for these use cases, and showcase how
> >   existing identity mechanisms meet or exceed these requirements.
> >
> > This seems to expand the scope quite a bit beyond identity. I would
> > try to hit just identity first.
>
> I think you’re right that the surface area with this list is enormous. Our
> thinking was that these adjacent topics provide context for the credential
> (and identity) mechanisms used in practice, and that context may be helpful
> in practice. Given that it’s optional work, I wouldn’t consider this a hard
> requirement for the program. It’s merely a suggestion.
>
> Best,
> Chris

v2.23.0 | Report a Bug | By Email