Re: [i2rs] Call for Adoption by WG: draft-atlas-i2rs-architecture-01 (ends Aug 12)

The virtual router question is an interesting one.  I believe that the 
answer is "it depends".
On the one hand there is a base device.  There may or may not need to be 
capability for I2RS access to that entity.
Then there are the individual virtual routers.  My inclination would be 
to use separate I2RS clients, each with a separate I2RS identity and 
identifier.  But there appears to be enough flexibility in the modeling 
that we are discussing that one could probably model it as one I2RS 
agent with various pieces and parts.  In which case that one agent has 
only one identity and one identifier.

Yours,
Joel

On 8/14/13 5:24 AM, t.petch wrote:
> ----- Original Message -----
> From: "Alia Atlas" <akatlas@gmail.com>
> To: "Joe Marcus Clarke" <jclarke@cisco.com>
> Cc: <i2rs@ietf.org>
> Sent: Tuesday, August 13, 2013 9:01 PM
>
>
>> Hi Joe,
>>
>> Thanks for the detailed review and suggestions.  Responses are
> in-line.
>>
>> Alia
>>
>> On Wed, Jul 31, 2013 at 6:57 AM, Joe Marcus Clarke
> <jclarke@cisco.com>wrote:
>>
> <snip>
>>> Section 6.4:
>>>
>>> Each I2RS Client will have an identity; it can also have secondary
>>>     identities to be used for troubleshooting.
>>>
>>> JMC: Each application will have a _unique_ identity.
>>>
>>
>> [Alia] Hmm, this ties into the discussion about how we want to handle
>> redundancy and recovery for clients.   It's also a bit of a
> tautology - a
>> client is solely identified by its identity.    I have changed it to
> say
>> that "Each I2RS Client will have a unique identity" - but  that just
> helps
>> clarify the intent.
>
> I think that this nicely encapsulates a confusion between identity and
> identifier.  Identifiers identify.  Objects, in a very generic sense,
> have identity.  Thus if a human being is an instance of an object, they
> may be identified, based on context, by SSN, passport number, name, name
> and date of birth, cell phone number etc; all could be valid
> identifiers: but equally, a cell phone number could be the identifier of
> a cell phone, which is associated with a function and multiple people,
> while the cell phone could also be identified by its IMEI so the
> determination of what is an identity, may take some consideration.  This
> is often critical in security; you have a secure channel but with what?
> Is the identifier sufficient proof of the identity?
>
> Working with routers, you usually have multiple identifiers; the SNMP
> sysName is not (usually) the OSPF 32 bit router id, while the BGP
> Identifier (note, identifier) is different again.
>
> Identifiers exist within a namespace, with rules about syntax,
> uniqueness and so on (even if this are not made explicit).
>
> The revised I-D contains
> " A secondary  identity is merely a unique, opaque identifier ..."
> and
> "An I2RS Client may supply a secondary opaque  identity .."
>
> I think that most uses of the word "identity" in this I-D are actually
> referring to "identifier" but at the same time, given that almost all
> routers have multiple identifiers (as above), then this issue, of the
> difference between identity and identifier needs making explicit in this
> I-D.
>
> Tom Petch
>
> (p.s. if you have multiple virtual routers in one physical router, how
> many identities are there? Discuss.)
>
>
> _______________________________________________
> i2rs mailing list
> i2rs@ietf.org
> https://www.ietf.org/mailman/listinfo/i2rs
>