[e2md] Comments/questions on Requirements

Bernie Hoeneisen <bernie@ietf.hoeneisen.ch> Sun, 23 May 2010 11:28 UTC

Return-Path: <bernie@ietf.hoeneisen.ch>
X-Original-To: e2md@core3.amsl.com
Delivered-To: e2md@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A22B43A6BA5 for <e2md@core3.amsl.com>; Sun, 23 May 2010 04:28:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.137
X-Spam-Level:
X-Spam-Status: No, score=0.137 tagged_above=-999 required=5 tests=[AWL=-1.178, BAYES_60=1, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Ltl58UXb7Zu for <e2md@core3.amsl.com>; Sun, 23 May 2010 04:28:46 -0700 (PDT)
Received: from softronics.hoeneisen.ch (softronics.hoeneisen.ch [62.2.86.178]) by core3.amsl.com (Postfix) with ESMTP id 3E0263A6BA3 for <e2md@ietf.org>; Sun, 23 May 2010 04:28:42 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by softronics.hoeneisen.ch with esmtp (Exim 4.69) (envelope-from <bernie@ietf.hoeneisen.ch>) id 1OG9M9-0005T4-6O for e2md@ietf.org; Sun, 23 May 2010 13:28:33 +0200
Date: Sun, 23 May 2010 13:28:33 +0200
From: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
X-X-Sender: bhoeneis@softronics.hoeneisen.ch
To: "E.164 To MetaData BOF discussion list" <e2md@ietf.org>
Message-ID: <alpine.DEB.2.00.1005231314540.20477@softronics.hoeneisen.ch>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="37663318-76441418-1274613977=:20477"
Content-ID: <alpine.DEB.2.00.1005231327030.20477@softronics.hoeneisen.ch>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: bernie@ietf.hoeneisen.ch
X-SA-Exim-Scanned: No (on softronics.hoeneisen.ch); SAEximRunCond expanded to false
Subject: [e2md] Comments/questions on Requirements
X-BeenThere: e2md@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "E.164 To MetaData \(E2MD\) BOF discussion list" <e2md.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/e2md>, <mailto:e2md-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/e2md>
List-Post: <mailto:e2md@ietf.org>
List-Help: <mailto:e2md-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/e2md>, <mailto:e2md-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 May 2010 11:28:47 -0000

Hi E2MD:ers

As a preparation to our next confernce call I went through the
requirements we collected so far on the wiki page:

   http://trac.tools.ietf.org/bof/e2md/trac/wiki/RequirementsList

Please find my questions/comments also inline below.

cheers,
  Bernie

PS: Thanks Jay Daley and Dean Wills for their work on the first set of 
requirements!


> 1 Generic requirements
>
> 1.1 Access to data
>
> 1.1.1 Public and private use cases
>
> Each proposal has a public use case. That is to say there is a
> valid requirement for that data to be published in public
> database unencumbered by access control. Most proposals have a
> private use case. That is to say there are valid requirements
> for that data to be subject to access control. For example:
>
>     * CNAM has an obvious private use case when the data
>       personally identifies a private individual. It also has a
>       public use case, when the CNAM refers to a company and
>       local regulation exists that requires companies to
>       accurately identify themselves as the originator of
>       telephone calls.

How about the dimension User ENUM vs. Infrastructure ENUM? See also:

http://trac.tools.ietf.org/bof/e2md/trac/attachment/wiki/RequirementsList/ENUM_forest.png


> 1.1.2 Mechanisms for controlling access
>
> The alternate mechanisms for controlling access to data include:
>
>    1. indirection - some data is made public but only acts as a
>       key, possibly along with other known data, into a private
>       database.
>
>    2. source differentiation - a public or private database that
>       validates the source that makes the requests and returns
>       specific data for that source
>
>    3. private database - a wholly private database that access is
>       only granted to by contractual agreement and on which all
>       the data is the same (so no source differentiation).
>
>    4. selective encryption - private records are encrypted with a
>       key known to the authorized node.
>
> 1.1.3 Relationships between parties
>
> The relationships between the various parties that produce and
> consume data, leading to access control requirements, are
> summarised as:
>
>    1. A producer may choose to provide different information to
>       different consumers.
>
>    2. A producer may choose to provide no usable information at
>       all to some consumers.
>
>    3. A producer cannot expect a consumer to keep data secret
>       from itself. (So if a consumer asks the same question of
>       the producer and receives two different answers, for
>       whatever reason such as source differentiation, then the
>       consumer is trusted to use that data as the producer
>       intends, it is not a requirement for a mechanism to prevent
>       the consumer misusing that data.)

This needs clarification!

>    4. A producer may not wish for one consumer to know that it
>       has published different data to another consumer. (So it
>       may not want it obvious to a consumer that there is other
>       data that it does not have access to.)
>
> 1.2 Relevance
>
> There are two known relevancy domains for the data:
>
>     * for originating a call
>     * for receiving a call
>
> It is a requirement that the client that makes the lookup can
> separate out the data for the relevancy domain that it is
> interested in.

Do we really need this?
(e.g. if a call is originated in the PSTN, both might be relevant.)

> 1.2.1 Mechanisms for separating out relevancy domains
>
> This may be achieved by:
>
>     * a single query only returning information from one
>       relevancy domain
>
>     * the client filtering the returned values to extract those
>       it requires
>
> 1.3 Performance requirements
>
> The database needs the following performance characteristics:
>
>    1. A real-time response (in the order of milliseconds).
>
>    2. Scalable to hundreds of millions of keys.
>
>    3. Scalable to millions of querying clients.
>
>    4. Scalable to accommodate millions of changes per day.
>
> It does not need the following performance characteristics:
>
>    1. Deliver data greater that a few kilobytes in size.
>
>    2. Guaranteed consistency.
>
> 2 DNS Protocol considerations
>
> 2.1 Access to data
>
> The various 'pure' DNS mechanisms for controlling access are:
>
>    1. Private trees.

Private trees as such do not implement access control.

>    2. Only publishing an indirect key in DNS.
>
> The various DNS+ mechanisms for controlling access are:
>
>    1. Source-URI

This term needs to be defined!

>    2. Replicating DNS on a different port and confining it to
>       this data [Is this really what that proposal is about?]
>
> 2.2 Relevancy ΒΆ
>
> The various mechanisms for separating out relevancy domains are:
>
>    1. Private trees
>
>    2. Different branches of the same tree. So e164m.arpa for data
>       needed to 'make' a call and e164r.arpa for data needed to
>       'receive' a call.
>
>    3. Source-URI