Re: [Atoca] What information is used for authorization?

Hannes Tschofenig <hannes.tschofenig@gmx.net> Sun, 16 January 2011 15:17 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: earlywarning@core3.amsl.com
Delivered-To: earlywarning@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D2A813A6D4C for <earlywarning@core3.amsl.com>; Sun, 16 Jan 2011 07:17:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.609
X-Spam-Level:
X-Spam-Status: No, score=-102.609 tagged_above=-999 required=5 tests=[AWL=-0.010, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXTKs2sD4Kgx for <earlywarning@core3.amsl.com>; Sun, 16 Jan 2011 07:17:38 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by core3.amsl.com (Postfix) with SMTP id 23D5B3A6BD7 for <earlywarning@ietf.org>; Sun, 16 Jan 2011 07:17:37 -0800 (PST)
Received: (qmail invoked by alias); 16 Jan 2011 15:20:08 -0000
Received: from a88-115-222-204.elisa-laajakaista.fi (EHLO [192.168.1.7]) [88.115.222.204] by mail.gmx.net (mp061) with SMTP; 16 Jan 2011 16:20:08 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19v53Zop3pv53UNgSpF2+7a/fT6T0RgQOJ81yviHG +oF15+sUzv+wIg
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <B3F7DD1C-BD27-4225-816B-3DC24B954289@gmail.com>
Date: Sun, 16 Jan 2011 17:20:07 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE8554E7-F980-4FF5-ABE8-7792841B5B84@gmx.net>
References: <9C2879D3-CDE1-48A6-B4F0-DC98B6EF1E0C@gmx.net> <B3F7DD1C-BD27-4225-816B-3DC24B954289@gmail.com>
To: Art Botterell <artbotterell@gmail.com>
X-Mailer: Apple Mail (2.1082)
X-Y-GMX-Trusted: 0
Cc: Igor Faynberg <igor.faynberg@alcatel-lucent.com>, "earlywarning@ietf.org" <earlywarning@ietf.org>
Subject: Re: [Atoca] What information is used for authorization?
X-BeenThere: earlywarning@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <earlywarning.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/earlywarning>
List-Post: <mailto:earlywarning@ietf.org>
List-Help: <mailto:earlywarning-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jan 2011 15:17:40 -0000

Hi Art, 

I think it would be useful to have an example here. 

For example, it would be important to know to whom the individual (in our terminology the Author of the Alert message) would authenticate himself to.

Also, it might be useful to know what a gateway, relay or even a Receiver (not to talk about a Recipient) would do with this information. 

Then, with 'credentialling agency' you mean the entity that issued the credentials to the individual (the Author). For example, in a public key based system we are talking about the certificate authority here. Right?

Ciao
Hannes

On Jan 15, 2011, at 11:51 PM, Art Botterell wrote:

> I'd suggest requiring credible identification of the individual and of the credentialling agency.  (Not every gateway will necessarily honor credentials from every issuer.)   Different gateways could then apply different policies based on those and on message contents, including potentially special CAP parameters or other fields as desired locally.
> 
> Thanks!
> 
> - Art
> 
> On Jan 15, 2011, at 11:31 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
>> Hi all, 
>> 
>> it was Igor again who raised a question regarding authorization at the IETF#79 ATOCA meeting. He was wondering whether we would only consider the identity of the originator for authorization or some other information as well.
>> 
>> Are we considering trait-based authorization, see http://www.rfc-editor.org/rfc/rfc4484.txt,  to be utilized in this context? 
>> 
>> So, what model do we envision? 
>> What other information is useful in the context of an authorization decision? 
>> 
>> Ciao
>> Hannes
>> 
>> _______________________________________________
>> earlywarning mailing list
>> earlywarning@ietf.org
>> https://www.ietf.org/mailman/listinfo/earlywarning