Re: [Ideas] Diasambugating Identifier and Identity

Alexander Clemm <alexander.clemm@huawei.com> Tue, 25 April 2017 00:49 UTC

Return-Path: <alexander.clemm@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A28C3131987 for <ideas@ietfa.amsl.com>; Mon, 24 Apr 2017 17:49:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1CbSyHOOI31u for <ideas@ietfa.amsl.com>; Mon, 24 Apr 2017 17:49:12 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77F50131986 for <ideas@ietf.org>; Mon, 24 Apr 2017 17:49:10 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml704-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DLR50238; Tue, 25 Apr 2017 00:49:04 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.301.0; Tue, 25 Apr 2017 01:49:01 +0100
Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.8]) by SJCEML703-CHM.china.huawei.com ([169.254.5.195]) with mapi id 14.03.0235.001; Mon, 24 Apr 2017 17:48:53 -0700
From: Alexander Clemm <alexander.clemm@huawei.com>
To: Michael Menth <menth@uni-tuebingen.de>, Robert Moskowitz <rgm-ietf@htt-consult.com>, "ideas@ietf.org" <ideas@ietf.org>
Thread-Topic: [Ideas] Diasambugating Identifier and Identity
Thread-Index: AQHSp916fQ6Ay+5HYEmqQas6XmYXz6HEiTEAgABx9QCAAMPZAIAAAjuAgA+nLqA=
Date: Tue, 25 Apr 2017 00:48:51 +0000
Message-ID: <644DA50AFA8C314EA9BDDAC83BD38A2E0DF92CB0@SJCEML701-CHM.china.huawei.com>
References: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com> <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com> <082a1bcc-d79a-75b0-18e6-6db705627ce5@uni-tuebingen.de> <afbac9ba-0b9c-c479-8db5-8abc4e8a998a@htt-consult.com> <c260d5f8-d349-8a33-5bc6-8cbf375cf908@uni-tuebingen.de>
In-Reply-To: <c260d5f8-d349-8a33-5bc6-8cbf375cf908@uni-tuebingen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.213.48.12]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020206.58FE9D01.011F, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.8, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: a5271462e6ccc4de9b0f102f77736dfd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/3ufMqxh1JjOp7eQhlFQOYnnMa_Q>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2017 00:49:15 -0000

Coming back to this thread... I do agree with the notion of identifier.  However, I am not sure I agree with the notion of identity as discussed below.

When you state "An identity (Idy) is a collection of data that distinguishes an entity  within its domain. An entity may have different Idy for different domains.", I see several issues:
- For one I don't think an identity is merely a collection of data.  That would be a data record.  Also, if you change any of the data, you don't automatically change the identity - while some metadata may indeed be an inseparable characteristic of an identity, other may not.  So, at a minimum there needs to be some distinction about that, which is not captured in the definition.  
- Why do we need to bring a notion of "domain" into this definition.  I don't think this is necessary.  Identifiers can be relative to a domain, but identity?  At a minimum, this requires clarification.  Maybe there is a notion of "also known as" by which the same entity is identified differently in different domains.  If we do bring "domain" into the picture, this needs to be clearly explained as well.  In that case, the question also arises what it means for the same "object" to be part of two "domains" - is there something that links the "identities" across those domains "together" - this could be considered the very identity; if not, something is missing and a third concept (for "entity" or the real "self") may be needed, which we should really avoid.  
- I am not sure that a single entity should have multiple identities.  In this case, identity really means not much else than yet-another-identifier.  

--- Alex

-----Original Message-----
From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Michael Menth
Sent: Friday, April 14, 2017 11:35 AM
To: Robert Moskowitz <rgm-ietf@htt-consult.com>om>; ideas@ietf.org
Subject: Re: [Ideas] Diasambugating Identifier and Identity

Looks good to me.

Michael

Am 14.04.2017 um 20:26 schrieb Robert Moskowitz:
> 
> 
> On 04/14/2017 02:45 AM, Michael Menth wrote:
>> Hi Robert, hi all,
>>
>> thanks for your thought-provoking mail. Reading the definitions gave 
>> me the impression that identities can have very different properties 
>> depending on their domains. I feel the text is stimulating but too 
>> long for a definition.
>>
>> What about:
>>
>> An identity (Idy) is a distinguishable entity within its domain.
>>
>> An identifier (Idf) is a label for an Idy. An Idy may have multiple 
>> Idfs.
> 
> An identity (Idy) is a collection of data that distinguishes an entity 
> within its domain. An entity may have different Idy for different domains.
> 
> An identifier (Idf) is a label for an Idy, often following 
> construction rules. An Idy may have multiple Idfs.
> 
> 
>>
>> Anything beyond this definition are valid observations that show the 
>> diverse properties of domain-specific Idys. A discussion including 
>> examples for entities and domains is helpful for illustration. This 
>> also pertains to the relation between objects and Idys.
>>
>> Regards,
>>
>> Michael
>>
>> Am 14.04.2017 um 01:58 schrieb Robert Moskowitz:
>>> I am finally getting back to this subject.
>>>
>>>
>>> On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
>>>> The Identifier/Identity definitions in 
>>>> draft-padma-ideas-problem-statement-01.txt is a good start, it 
>>>> fails in the appreviations used. (There is NO abbreviation for 
>>>> Identity!)
>>>>
>>>> ID should NOT be the appreviation of Identitfier.  People will 
>>>> default to thinking 'Identity' when they see it.  Think about 
>>>> people outside our discussion group.
>>>>
>>>> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>>>>
>>>> I will be working on proposed wording to improve these definitions.
>>> I have worked up definitions, sent it out to a few reviewers, got 
>>> some comments and questions.  First my current draft, then a few questions:
>>>
>>> Replacement text for:    draft-padma-ideas-problem-statement
>>>
>>> Identity (Abbr: IDT or IDt):    A collection of information that is
>>> unique to an object and differentiates it from all other objects.
>>>
>>> An identity consists of information that is stated about the object 
>>> by itself or a governing authority. It consists of a set of 
>>> attributes and/or actions the object can take.  An Identity may be 
>>> assigned a lifetime (e.g., a time period), which is determined by 
>>> either the object or the governing authority responsible for 
>>> defining the identity of the object, or a designated third party. An 
>>> object can have multiple Identities and can create and discard 
>>> Identities at will.  An Identity may be 'indestructible'. That is, 
>>> it is so unique and non replicatible that no other object could ever 
>>> duplicate it, nor can the object discard it within its lifetime 
>>> without being a 'clone' object.  Identity is used in authentication registration and policy ownership proofs.
>>>
>>>
>>> Identifier (Abbr: IDF or IDf):    A label that is unique for an object a
>>> particular scope.
>>>
>>> The label follows strict construction rules for the objects and the 
>>> context that the label is applied to.  For a particular context, an 
>>> Identifier is used to reference an Identity for the object.  In most 
>>> cases, an Identifier is bound to an Identity through some trusted 
>>> mechanism.  An Identity can have different Identifiers, potentially 
>>> following different construction rules, for different contexts 
>>> and/or domains of applicability.
>>>
>>>
>>> ==========
>>>
>>> Now onto a few questions:
>>>
>>> Per: "An object can have multiple Identities" clause, I am 
>>> challenged with
>>>
>>> "This is VERY dangerous. In most software systems, it is the 
>>> responsibility of the management system to assign a single identity 
>>> to an object when it is created. If an object has multiple 
>>> identities, it could suffer from 'multiple personality syndrome'.
>>>
>>> More importantly, if the object is allowed to create and discard 
>>> identities at will, how do other objects know that the object is who 
>>> it attests to be?"
>>>
>>> I think it is very important for some situations for support of 
>>> multiple Identities.  No all.  There are domains as indicated above 
>>> where it causes big problems.
>>>
>>> Per: "An Identity may be 'indestructible'." clause, I am challenged 
>>> with
>>>
>>> "This doesn't make any sense. Why would anyone care if the identity 
>>> is indestructible or not?"
>>>
>>> I can think of examples of such Identities, or claim of such 
>>> Identities, like DNA.
>>>
>>> And finally, Per: "Identity is used in authentication registration 
>>> and policy ownership proofs." clause, I am challenged with
>>>
>>> "What does this mean?"
>>>
>>> I will have to work on this some more, or perhaps it does not belong 
>>> in the definition section.
>>>
>>> Comments please
>>>
>>> _______________________________________________
>>> Ideas mailing list
>>> Ideas@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ideas
> 

--
Prof. Dr. habil. Michael Menth
University of Tuebingen
Faculty of Science
Department of Computer Science
Chair of Communication Networks
Sand 13, 72076 Tuebingen, Germany
phone: (+49)-7071/29-70505
fax: (+49)-7071/29-5220
mailto:menth@uni-tuebingen.de
http://kn.inf.uni-tuebingen.de

_______________________________________________
Ideas mailing list
Ideas@ietf.org
https://www.ietf.org/mailman/listinfo/ideas