Re: [Ideas] Your Input requested: Charter Proposal New Version
Padma Pillay-Esnault <padma.ietf@gmail.com> Mon, 07 August 2017 18:11 UTC
Return-Path: <padma.ietf@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A379D132641 for <ideas@ietfa.amsl.com>; Mon, 7 Aug 2017 11:11:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWnIkflxO1Ow for <ideas@ietfa.amsl.com>; Mon, 7 Aug 2017 11:11:47 -0700 (PDT)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83D3B1325DD for <ideas@ietf.org>; Mon, 7 Aug 2017 11:11:47 -0700 (PDT)
Received: by mail-pg0-x233.google.com with SMTP id y129so4523148pgy.4 for <ideas@ietf.org>; Mon, 07 Aug 2017 11:11:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yDqxwxyKnfFLtdhgVt5wZSTXzGGedYM7SUEPKFyTxEg=; b=NxHSKFLUJH1uc7kCCoX32PU66r5a2bvUX5Ib0cK1+wyes/6KPONfEdRe1WEiP/HFOK QvvHq4Gvd64MsqeV90JxH+dIvWnVLd3xJKeLXLvFJkXYVlWtO9Xl3Ykr7tPLsChgCEB6 vFL+peUzaImJvMyuAvyuyDVAOaFe8EVFSCt2MpGPvK4uJam+eTIE1Nxy/84NVnnuDvDC 8xDSBCAZG1Au7ZAPL9P0cy9otNbdffv19E+KPMQdmzL90JrirtA3MvrQ+SSfk4TUFOdG kIVt3oaWuq06HKQCbNMPPLbfo3zxP9Tuk2iH/04juUGJUnM3mND+0IGFLe/SNqzcjSeG DP0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yDqxwxyKnfFLtdhgVt5wZSTXzGGedYM7SUEPKFyTxEg=; b=NUvq52r7qLhJ6muAioS3SGnti59vrt8tKyVHKA99mvumd8AkGNTctHbFh+HHvjAjO8 Fm31uKNKxvEtQy/6kPgzahG8yQeeyi+stH+2mZOqFOMinv9b3IzxaVBUWEcz74Anz2Rv SmBK0whcDIvWYDWg9VcvpJgl8Pm117/VhgWYCIupaE5jOcD5M24KEs0P8hwBSV9a0CDf 1qxFdAxl8BU6SKcSqYeX1YWYXeYnJAoU/yW/qTJwp6z1WOTdSA1PG0N9s8kUIrF9VnOS Li5BLLu6YvR/W93vYevS5+ZRBE1ucmNK8193qOQ2EcVRYEqhgaGV+m+2Wf6a/cbsMhf/ mRlA==
X-Gm-Message-State: AHYfb5jkZAruyMhrEbw9VX3YK0F9UdYhByU9GGmMWotCBPCsEiLCSgCx +RX6wVkkGTJliS+d9PI=
X-Received: by 10.98.149.215 with SMTP id c84mr1468356pfk.95.1502129506302; Mon, 07 Aug 2017 11:11:46 -0700 (PDT)
Received: from ?IPv6:2600:380:857d:2312:dc4d:77f3:9261:864b? ([2600:380:857d:2312:dc4d:77f3:9261:864b]) by smtp.gmail.com with ESMTPSA id r87sm16632432pfb.112.2017.08.07.11.11.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Aug 2017 11:11:45 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Padma Pillay-Esnault <padma.ietf@gmail.com>
X-Mailer: iPhone Mail (14G60)
In-Reply-To: <CALx6S34hbV5D84RZQ1+V3zFz+VNeJsDn0rsr-PN6Wg4b1gdSpA@mail.gmail.com>
Date: Mon, 07 Aug 2017 11:11:44 -0700
Cc: ideas@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <169E8D0E-62E6-4680-AB75-5F080BAC357F@gmail.com>
References: <CAG-CQxpxDXxLXdu0a2GdBRfTFLM_C+jqCz58HoNim52C7Yzr8g@mail.gmail.com> <CALx6S34hbV5D84RZQ1+V3zFz+VNeJsDn0rsr-PN6Wg4b1gdSpA@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/0om1mtkO8MJ3Gy-898Uvn6soKGY>
Subject: Re: [Ideas] Your Input requested: Charter Proposal New Version
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 18:11:50 -0000
Hi Tom Thanks for your comments. See below <Padma> Sent from my iPhone > On Aug 7, 2017, at 08:23, Tom Herbert <tom@herbertland.com> wrote: > > On Sun, Aug 6, 2017 at 10:20 PM, Padma Pillay-Esnault > <padma.ietf@gmail.com> wrote: >> Dear IDEAS, >> >> Thanks to everyone who sent their comments and feedback both on the list and >> off the list. >> >> This new version should address comments from: >> - Michael Menth. Michael, please let us know if this revision address some >> of your comments on clarity. >> - Alex Clemm. Alex , please chime on the revision regarding your addition. >> - Tom Herbert. Tom, Some of your suggestions are incorporated in this >> version. >> -Tom and Alex, this version include specific working that the framework is >> modular. The set of areas to be covered has been reordered to put the basic >> identifier protocol common infrastructure first and then the new identity >> concept and functionalities. >> - Georgios Karagiannis, Uma Chundhuri. Georgios, Uma, there is still an >> ongoing discussion about the framework. This version is flexible enough to >> accommodate the work to be done on defining the framework. >> - Uma Chundhuri. Uma, the pub/sub reference should cover the inter-grids >> aspect if needed. >> >> Please find the new version below: >> >> IDEAS: “IDentity EnAbled networkS” >> >> >> >> Proposed Charter >> >> >> >> Network solutions based on the concept of Identifier-Locator separation are >> increasingly considered to support mobility and multi-homing across >> heterogeneous access networks. Identifier-locator separation protocols >> require infrastructure that allows nodes to discover the network topological >> location(s) of its peer(s) for packet delivery. A common infrastructure and >> protocol could be used by identifier/locator protocols as well as network >> virtualization. However, additional infrastructure and new protocol >> extensions are needed to address new requirements that go well beyond the >> traditional discovery service and mapping of identifier-to-location for >> packet delivery. >> >> >> >> At the same time, end users require greater privacy for their networking >> information and protection from outside threats, while operators demand >> greater operational efficiency. Identity-enabled networks aim to enable >> networking applications and services that provide a high degree of privacy >> and control of end points over their networking data, coupled with greater >> inherent security than provided by today’s networks. >> >> >> >> To this end, the working group shall: >> >> - define a framework for the development of an identifier/locator mapping >> system that provides a common solution for all identifier/locator mapping >> protocols and network virtualization. >> >> >> >> - in addition, introduce the concept of identity-identifier split and new >> mechanisms that let endpoints dynamically change identifiers. These new >> functionalities may, for example, facilitate anonymity through obscurity >> while preventing security issues that might result from abuse, ensuring that >> information about actual endpoints and their location is revealed only on a >> need-to-know basis. >> > Padma, > > I don't think this goes far enough in terms of protections for users > against the potential abuse of something that might be able to > individually and persistently identify them on the Internet. First, > it's not clear what network layer identity means in this context. I > hope it refers to an ad hoc collection of identifiers as opposed to > the identity of individual users or devices. In any case maybe a > definition of identity might be in order here. <Padma> Good point! This portion needs more clarity. > Secondly, I think it > should be stated up front that identity cannot in any way be used to > identify individual users, it cannot be used to create a global > database of Internet users, in no way can it be used by networks or > governments to track or block individuals, nor can it ever be required > for communications. That implies network layer identities cannot > contain PII (personally identifiable information) and cannot be > permanently assigned to users or devices (in the same spirit that > Ethernet addresses were removed from IIDs because of privacy > concerns). > <Padma> The network identity does not equate to an individual user. A crisp definition will greatly help clarify this. I am not sure we can state some of the requirements as is. Anything of this sort must be worded very carefully.... Padma > Thanks, > Tom > >> >> >> Some examples of the problem space are: >> >> - Common infrastructure and primitives: The lack of a common infrastructure >> is a barrier for the application of common and consistent basic networking >> policies. Likewise, mapping services and infrastructure that apply to >> identity-identifier as well as identifier-locator mappings reduces >> operational and deployment complexity. >> >> >> >> - Access control: Unrestricted look up on an identifier may reveal >> information such as the locator to eavesdroppers. Today, there is no way to >> prevent the look up of an identifier with some user defined policy or finer >> grain rules. >> >> >> >> - Privacy: The use of long-lived and public identifiers may be desirable >> for looking up a peer, however it causes privacy issues as well. Indeed, >> when identifier-location pairs can be looked up without restriction, flows >> can be pinned by anybody to specific end systems. The endpoint >> communications should be able to change their identifier while retaining >> their identity and associated policies. The use of temporary identifiers and >> access control on lookups should help discourage undesired traffic and >> conceal sensitive network information of end devices to eavesdroppers. >> >> >> >> The Identity Enabled Networks (IDEAS) working group is chartered to develop >> a common framework that can be used by identifier-based protocols and >> provides services to address their requirements. We refer to the common >> framework providing the set of services as Generic Identity Services >> (GRIDS). >> >> >> >> The working group will identify gaps and make recommendations on changes >> needed for interactions between the framework and identifier-enabled >> protocols. >> >> >> >> Specifically, the IDEAS WG is chartered to work on these areas for the >> modular framework: >> >> >> >> - Definition of primitives for interworking with identifier-location split >> protocols >> >> - Identifier/locator mapping and resolution (e.g. discovery, pub/sub, >> multihoming, ...) >> >> - Registration and lifecycle management of identities and their associated >> identifiers. >> >> - Identity authentication and authorization (e.g. access to framework, >> update of information for identifiers..) >> >> - Definition and enforcement of basic networking policies (e.g. ability to >> look up an identifier-locator pair, permit forwarding traffic for particular >> endpoints on a per-identity basis…) >> >> - Identity and Identifier Metadata (fixed or slow changing) >> >> - Management aspects and Data Models where appropriate. >> >> >> >> The IDEAS WG will collaborate with other Working Groups to ensure >> interoperability with LISP, HIP, ILA and other relevant work. Furthermore, >> it will try to reuse technologies already developed when appropriate. >> >> >> >> WG deliverables include the definition: >> >> Generic Identity Services Framework >> >> >> >> WG sustaining/informational documents may include: >> >> These documents may not necessarily be published, but may be maintained in a >> draft form or on a collaborative Working Group wiki to support the efforts >> of the Working Group and help new comers: >> >> - Problem statement >> >> - Use cases >> >> - Requirements >> >> - Applications of the architecture for use cases >> >> >> >> Milestones >> >> March 2018 Adopt WG draft for the Generic Identity Services framework >> >> August 2018 WGLC for the Generic Identity Services framework >> >> December 2018 Send Generic Identity Services framework draft to the IESG >> >> >> _______________________________________________ >> Ideas mailing list >> Ideas@ietf.org >> https://www.ietf.org/mailman/listinfo/ideas >>
- [Ideas] Your Input requested: Charter Proposal Ne… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Yingzhen Qu
- Re: [Ideas] Your Input requested: Charter Proposa… Michael Menth
- Re: [Ideas] Your Input requested: Charter Proposa… Tom Herbert
- Re: [Ideas] Your Input requested: Charter Proposa… Diego R. Lopez
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Tom Herbert
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Alexander Clemm
- Re: [Ideas] Your Input requested: Charter Proposa… Padmadevi Pillay Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Alexander Clemm
- Re: [Ideas] Your Input requested: Charter Proposa… Padmadevi Pillay Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Sam Sun
- Re: [Ideas] Your Input requested: Charter Proposa… Padmadevi Pillay Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Alexander Clemm
- Re: [Ideas] Your Input requested: Charter Proposa… Uma Chunduri
- Re: [Ideas] Your Input requested: Charter Proposa… Uma Chunduri
- Re: [Ideas] Your Input requested: Charter Proposa… Diego R. Lopez
- Re: [Ideas] Your Input requested: Charter Proposa… Uma Chunduri
- Re: [Ideas] Your Input requested: Charter Proposa… Lan Gao
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Robert Moskowitz
- Re: [Ideas] Your Input requested: Charter Proposa… Dino Farinacci
- Re: [Ideas] Your Input requested: Charter Proposa… Shreyasee Mukherjee
- Re: [Ideas] Your Input requested: Charter Proposa… Di Ma
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Dino Farinacci
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Padma Pillay-Esnault
- Re: [Ideas] Your Input requested: Charter Proposa… Alexander Clemm
- Re: [Ideas] Your Input requested: Charter Proposa… Dipankar Raychaudhuri
- Re: [Ideas] Your Input requested: Charter Proposa… Robert Moskowitz
- Re: [Ideas] Your Input requested: Charter Proposa… Liubingyang (Bryan)
- Re: [Ideas] Your Input requested: Charter Proposa… Dipankar Raychaudhuri
- Re: [Ideas] Your Input requested: Charter Proposa… Albert Cabellos