IETF Logo Mail Archive

Re: [Ideas] Diasambugating Identifier and Identity

Michael Menth <menth@uni-tuebingen.de> Tue, 25 April 2017 21:57 UTC

Return-Path: <menth@uni-tuebingen.de>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B09AE128CDB for <ideas@ietfa.amsl.com>; Tue, 25 Apr 2017 14:57:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LEGkTDPw5qHk for <ideas@ietfa.amsl.com>; Tue, 25 Apr 2017 14:57:22 -0700 (PDT)
Received: from mx03.uni-tuebingen.de (mx03.uni-tuebingen.de [134.2.5.213]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 609051275AB for <ideas@ietf.org>; Tue, 25 Apr 2017 14:57:22 -0700 (PDT)
Received: from [192.168.1.101] (hsi-kbw-5-56-217-255.hsi17.kabel-badenwuerttemberg.de [5.56.217.255]) by mx03.uni-tuebingen.de (Postfix) with ESMTPSA id BEB8B83C7C; Tue, 25 Apr 2017 23:57:19 +0200 (CEST)
To: Alexander Clemm <alexander.clemm@huawei.com>, Robert Moskowitz <rgm-ietf@htt-consult.com>, "ideas@ietf.org" <ideas@ietf.org>
References: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com> <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com> <082a1bcc-d79a-75b0-18e6-6db705627ce5@uni-tuebingen.de> <afbac9ba-0b9c-c479-8db5-8abc4e8a998a@htt-consult.com> <c260d5f8-d349-8a33-5bc6-8cbf375cf908@uni-tuebingen.de> <644DA50AFA8C314EA9BDDAC83BD38A2E0DF92CB0@SJCEML701-CHM.china.huawei.com>
From: Michael Menth <menth@uni-tuebingen.de>
Message-ID: <161f2434-d3ab-efdc-2b5b-5582d80c6b9c@uni-tuebingen.de>
Date: Tue, 25 Apr 2017 23:57:03 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <644DA50AFA8C314EA9BDDAC83BD38A2E0DF92CB0@SJCEML701-CHM.china.huawei.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/3u5F-dDj4UUqkFEbvNkySy2uU3A>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2017 21:57:26 -0000

Hi Alex,

thanks for your comments. I see your points. We possibly should avoid
specifying what exactly constitutes the identity as anything but its
identifier may change. We said, one identity may have several
identifiers, e.g., after a merging identities, but different identities
certainly have different identifiers.

When I think about an entitiy having multiple identities, a human being
with multiple email addresses comes to my mind. An email address may be
an identity to some extent, but we know that several of them may belong
to the same person. I don't think we need to consider that because that
is beyond the considered context of email addresses. We could just live
with different identities that are different in a certain context.

Another try:

An identity (Idy) is a distiguishable entity within a context.

An identifier (Idf) is a unique label.

An Idy may have multiple Idfs but different Idys have different Idys so
that Idys can be distinguished by their Idfs. Idfs often follow
construction rules.

Is that closer to a core definition or are mort important aspects missing?

Regards,

Michael



Am 25.04.2017 um 02:48 schrieb Alexander Clemm:
> Coming back to this thread... I do agree with the notion of identifier.  However, I am not sure I agree with the notion of identity as discussed below.
> 
> When you state "An identity (Idy) is a collection of data that distinguishes an entity  within its domain. An entity may have different Idy for different domains.", I see several issues:
> - For one I don't think an identity is merely a collection of data.  That would be a data record.  Also, if you change any of the data, you don't automatically change the identity - while some metadata may indeed be an inseparable characteristic of an identity, other may not.  So, at a minimum there needs to be some distinction about that, which is not captured in the definition.  
> - Why do we need to bring a notion of "domain" into this definition.  I don't think this is necessary.  Identifiers can be relative to a domain, but identity?  At a minimum, this requires clarification.  Maybe there is a notion of "also known as" by which the same entity is identified differently in different domains.  If we do bring "domain" into the picture, this needs to be clearly explained as well.  In that case, the question also arises what it means for the same "object" to be part of two "domains" - is there something that links the "identities" across those domains "together" - this could be considered the very identity; if not, something is missing and a third concept (for "entity" or the real "self") may be needed, which we should really avoid.  
> - I am not sure that a single entity should have multiple identities.  In this case, identity really means not much else than yet-another-identifier.  
> 
> --- Alex
> 
> -----Original Message-----
> From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Michael Menth
> Sent: Friday, April 14, 2017 11:35 AM
> To: Robert Moskowitz <rgm-ietf@htt-consult.com>; ideas@ietf.org
> Subject: Re: [Ideas] Diasambugating Identifier and Identity
> 
> Looks good to me.
> 
> Michael
> 
> Am 14.04.2017 um 20:26 schrieb Robert Moskowitz:
>>
>>
>> On 04/14/2017 02:45 AM, Michael Menth wrote:
>>> Hi Robert, hi all,
>>>
>>> thanks for your thought-provoking mail. Reading the definitions gave 
>>> me the impression that identities can have very different properties 
>>> depending on their domains. I feel the text is stimulating but too 
>>> long for a definition.
>>>
>>> What about:
>>>
>>> An identity (Idy) is a distinguishable entity within its domain.
>>>
>>> An identifier (Idf) is a label for an Idy. An Idy may have multiple 
>>> Idfs.
>>
>> An identity (Idy) is a collection of data that distinguishes an entity 
>> within its domain. An entity may have different Idy for different domains.
>>
>> An identifier (Idf) is a label for an Idy, often following 
>> construction rules. An Idy may have multiple Idfs.
>>
>>
>>>
>>> Anything beyond this definition are valid observations that show the 
>>> diverse properties of domain-specific Idys. A discussion including 
>>> examples for entities and domains is helpful for illustration. This 
>>> also pertains to the relation between objects and Idys.
>>>
>>> Regards,
>>>
>>> Michael
>>>
>>> Am 14.04.2017 um 01:58 schrieb Robert Moskowitz:
>>>> I am finally getting back to this subject.
>>>>
>>>>
>>>> On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
>>>>> The Identifier/Identity definitions in 
>>>>> draft-padma-ideas-problem-statement-01.txt is a good start, it 
>>>>> fails in the appreviations used. (There is NO abbreviation for 
>>>>> Identity!)
>>>>>
>>>>> ID should NOT be the appreviation of Identitfier.  People will 
>>>>> default to thinking 'Identity' when they see it.  Think about 
>>>>> people outside our discussion group.
>>>>>
>>>>> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>>>>>
>>>>> I will be working on proposed wording to improve these definitions.
>>>> I have worked up definitions, sent it out to a few reviewers, got 
>>>> some comments and questions.  First my current draft, then a few questions:
>>>>
>>>> Replacement text for:    draft-padma-ideas-problem-statement
>>>>
>>>> Identity (Abbr: IDT or IDt):    A collection of information that is
>>>> unique to an object and differentiates it from all other objects.
>>>>
>>>> An identity consists of information that is stated about the object 
>>>> by itself or a governing authority. It consists of a set of 
>>>> attributes and/or actions the object can take.  An Identity may be 
>>>> assigned a lifetime (e.g., a time period), which is determined by 
>>>> either the object or the governing authority responsible for 
>>>> defining the identity of the object, or a designated third party. An 
>>>> object can have multiple Identities and can create and discard 
>>>> Identities at will.  An Identity may be 'indestructible'. That is, 
>>>> it is so unique and non replicatible that no other object could ever 
>>>> duplicate it, nor can the object discard it within its lifetime 
>>>> without being a 'clone' object.  Identity is used in authentication registration and policy ownership proofs.
>>>>
>>>>
>>>> Identifier (Abbr: IDF or IDf):    A label that is unique for an object a
>>>> particular scope.
>>>>
>>>> The label follows strict construction rules for the objects and the 
>>>> context that the label is applied to.  For a particular context, an 
>>>> Identifier is used to reference an Identity for the object.  In most 
>>>> cases, an Identifier is bound to an Identity through some trusted 
>>>> mechanism.  An Identity can have different Identifiers, potentially 
>>>> following different construction rules, for different contexts 
>>>> and/or domains of applicability.
>>>>
>>>>
>>>> ==========
>>>>
>>>> Now onto a few questions:
>>>>
>>>> Per: "An object can have multiple Identities" clause, I am 
>>>> challenged with
>>>>
>>>> "This is VERY dangerous. In most software systems, it is the 
>>>> responsibility of the management system to assign a single identity 
>>>> to an object when it is created. If an object has multiple 
>>>> identities, it could suffer from 'multiple personality syndrome'.
>>>>
>>>> More importantly, if the object is allowed to create and discard 
>>>> identities at will, how do other objects know that the object is who 
>>>> it attests to be?"
>>>>
>>>> I think it is very important for some situations for support of 
>>>> multiple Identities.  No all.  There are domains as indicated above 
>>>> where it causes big problems.
>>>>
>>>> Per: "An Identity may be 'indestructible'." clause, I am challenged 
>>>> with
>>>>
>>>> "This doesn't make any sense. Why would anyone care if the identity 
>>>> is indestructible or not?"
>>>>
>>>> I can think of examples of such Identities, or claim of such 
>>>> Identities, like DNA.
>>>>
>>>> And finally, Per: "Identity is used in authentication registration 
>>>> and policy ownership proofs." clause, I am challenged with
>>>>
>>>> "What does this mean?"
>>>>
>>>> I will have to work on this some more, or perhaps it does not belong 
>>>> in the definition section.
>>>>
>>>> Comments please
>>>>
>>>> _______________________________________________
>>>> Ideas mailing list
>>>> Ideas@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/ideas
>>
> 
> --
> Prof. Dr. habil. Michael Menth
> University of Tuebingen
> Faculty of Science
> Department of Computer Science
> Chair of Communication Networks
> Sand 13, 72076 Tuebingen, Germany
> phone: (+49)-7071/29-70505
> fax: (+49)-7071/29-5220
> mailto:menth@uni-tuebingen.de
> http://kn.inf.uni-tuebingen.de
> 
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
> 
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
> 

-- 
Prof. Dr. habil. Michael Menth
University of Tuebingen
Faculty of Science
Department of Computer Science
Chair of Communication Networks
Sand 13, 72076 Tuebingen, Germany
phone: (+49)-7071/29-70505
fax: (+49)-7071/29-5220
mailto:menth@uni-tuebingen.de
http://kn.inf.uni-tuebingen.de

v2.23.0 | Report a Bug | By Email