Re: [Atoca] What information is used for authorization?

Art Botterell <artbotterell@gmail.com> Sat, 15 January 2011 21:45 UTC

Return-Path: <artbotterell@gmail.com>
X-Original-To: earlywarning@core3.amsl.com
Delivered-To: earlywarning@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 796673A6D64 for <earlywarning@core3.amsl.com>; Sat, 15 Jan 2011 13:45:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level:
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GaEpL7SPu+5B for <earlywarning@core3.amsl.com>; Sat, 15 Jan 2011 13:45:16 -0800 (PST)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id 0D00E3A6D63 for <earlywarning@ietf.org>; Sat, 15 Jan 2011 13:45:15 -0800 (PST)
Received: by qwi2 with SMTP id 2so3912800qwi.31 for <earlywarning@ietf.org>; Sat, 15 Jan 2011 13:47:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:references:in-reply-to:mime-version :content-type:message-id:content-transfer-encoding:cc:x-mailer:from :subject:date:to; bh=QYRInVwW6b5hsWR/l8Mih2E0A2dnuumEnQyZdU3MwKE=; b=DMbneJOaC/9g9OuWj0p+1f3mfj6hLOLWSjRSqV3YjYp7NZcrMT9l7urBphkXZMIG/L RuIvRihpem7ybeNyAZojAWdoR2sObtS7ggrA6HxtTLrCDtSPEWFRDb9pKYWj7p+Om+LF 8RxG8XKqgGv/vxDNU9YjEzTrb7/48/Cb3Z4wg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=references:in-reply-to:mime-version:content-type:message-id :content-transfer-encoding:cc:x-mailer:from:subject:date:to; b=jMF0V4w+6GzX99bWodVXV9BhMDI0+9yR0gVY5MFmmKHBLw2ACMdideOUwFDSEHrz9o m2lYkc3u4+4A4LMJt2OmFzHmD/B4C+gukTmQneHYwBkIaNSlC8vi/xVy6KRZMU7WJdkH MQnQcd7z2/NPiaG1sqBan9+VvbPMEb9FjLNmU=
Received: by 10.224.19.207 with SMTP id c15mr2244528qab.50.1295128063381; Sat, 15 Jan 2011 13:47:43 -0800 (PST)
Received: from [172.18.65.6] ([12.185.22.226]) by mx.google.com with ESMTPS id p13sm1790891qcu.29.2011.01.15.13.47.41 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 15 Jan 2011 13:47:41 -0800 (PST)
References: <9C2879D3-CDE1-48A6-B4F0-DC98B6EF1E0C@gmx.net>
In-Reply-To: <9C2879D3-CDE1-48A6-B4F0-DC98B6EF1E0C@gmx.net>
Mime-Version: 1.0 (iPad Mail 8C148)
Content-Type: text/plain; charset=us-ascii
Message-Id: <B3F7DD1C-BD27-4225-816B-3DC24B954289@gmail.com>
Content-Transfer-Encoding: quoted-printable
X-Mailer: iPad Mail (8C148)
From: Art Botterell <artbotterell@gmail.com>
Date: Sat, 15 Jan 2011 13:51:21 -0800
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailman-Approved-At: Sun, 16 Jan 2011 14:55:04 -0800
Cc: Igor Faynberg <igor.faynberg@alcatel-lucent.com>, "earlywarning@ietf.org" <earlywarning@ietf.org>
Subject: Re: [Atoca] What information is used for authorization?
X-BeenThere: earlywarning@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <earlywarning.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/earlywarning>
List-Post: <mailto:earlywarning@ietf.org>
List-Help: <mailto:earlywarning-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jan 2011 21:45:17 -0000

I'd suggest requiring credible identification of the individual and of the credentialling agency.  (Not every gateway will necessarily honor credentials from every issuer.)   Different gateways could then apply different policies based on those and on message contents, including potentially special CAP parameters or other fields as desired locally.

Thanks!

- Art

On Jan 15, 2011, at 11:31 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:

> Hi all, 
> 
> it was Igor again who raised a question regarding authorization at the IETF#79 ATOCA meeting. He was wondering whether we would only consider the identity of the originator for authorization or some other information as well.
> 
> Are we considering trait-based authorization, see http://www.rfc-editor.org/rfc/rfc4484.txt,  to be utilized in this context? 
> 
> So, what model do we envision? 
> What other information is useful in the context of an authorization decision? 
> 
> Ciao
> Hannes
> 
> _______________________________________________
> earlywarning mailing list
> earlywarning@ietf.org
> https://www.ietf.org/mailman/listinfo/earlywarning