Re: [Ideas] Comments on draft-ccm-ideas-identity-use-cases-02
Uma Chunduri <uma.chunduri@huawei.com> Wed, 18 October 2017 16:44 UTC
Return-Path: <uma.chunduri@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E35D132031 for <ideas@ietfa.amsl.com>; Wed, 18 Oct 2017 09:44:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AHeR4m6vZzBc for <ideas@ietfa.amsl.com>; Wed, 18 Oct 2017 09:44:41 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BEC81321CB for <ideas@ietf.org>; Wed, 18 Oct 2017 09:44:40 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml703-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DXZ74826; Wed, 18 Oct 2017 16:44:12 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml703-cah.china.huawei.com (10.201.108.44) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 18 Oct 2017 17:44:11 +0100
Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.92]) by SJCEML703-CHM.china.huawei.com ([169.254.5.27]) with mapi id 14.03.0361.001; Wed, 18 Oct 2017 09:44:09 -0700
From: Uma Chunduri <uma.chunduri@huawei.com>
To: "ideas@ietf.org" <ideas@ietf.org>
Thread-Topic: [Ideas] Comments on draft-ccm-ideas-identity-use-cases-02
Thread-Index: AQHTR5XBzhTtyxc/w0CsYMOotXbfdqLpxQKw
Date: Wed, 18 Oct 2017 16:44:09 +0000
Message-ID: <25B4902B1192E84696414485F57268541351464E@sjceml521-mbs.china.huawei.com>
References: <CALx6S34veBEvreg7SFVu=YJ9rRmNuk=0GHEtjVKGkTsByD7Y7w@mail.gmail.com>
In-Reply-To: <CALx6S34veBEvreg7SFVu=YJ9rRmNuk=0GHEtjVKGkTsByD7Y7w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.212.244.88]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.59E784F6.01E6, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.2.92, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 43b90be12dc817f85ccc921e5186a203
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/CnIFQfEOelW9NIMFSLpSvOHvQ-E>
Subject: Re: [Ideas] Comments on draft-ccm-ideas-identity-use-cases-02
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2017 16:44:42 -0000
Tom, >Google Cloud for instance operates a huge multi-tenant network and I suspect they use LOAS to authenticate access to Context here is not where to deploy this but how to make a mapping system where it's applicable for multiple environments (enterprise, DC, etc..) with flexibility to work with existing ID/LOC protocols. >In my design for ILA, I'm fond of using TLS for communications which provides both security (encryption) and verifiable identity in certificates. The X.509 identity can be used to against ACLs to control read and write access. Couple of things: 1. ILA is one of the data planes and lot of issues you raised in this thread applicable there too, IMO. What we thoroughly looked into were the existing IETF approved ID/LOC technologies (HIP & LISP), where there are multiple immediate use cases 2. I would note - DC/VM with multi-tenant mobility is only one of the use cases for IDEAS - and AFAIK you contributed a lot from ILA pov. 3. On using TLS/X.509 - we are jumping way ahead of ourselves - we can come back on this if we have *a wg* 4. The above also depends on the type of the device in question too (for low power devices #3 may not be applicable). 5. We also ought to see & learn why EAP-AKA is all over and used for decades in other SDOs (including for non-3GPP access) and continue to play a significant & expanded role in 5G. >If this is the same thing as identity being described in IDEAS then I guess we're on the same page.. After months of discussion on this list on this topic - the above individual pre-pre-wg document was put together to allow structured feedback and to evolve our thinking around what has to be done for various requirements. Any further feedback is welcome... -- Uma C.
- [Ideas] Comments on draft-ccm-ideas-identity-use-… Tom Herbert
- Re: [Ideas] Comments on draft-ccm-ideas-identity-… Alexander Clemm
- Re: [Ideas] Comments on draft-ccm-ideas-identity-… Uma Chunduri
- Re: [Ideas] Comments on draft-ccm-ideas-identity-… Tom Herbert
- Re: [Ideas] Comments on draft-ccm-ideas-identity-… Uma Chunduri
- Re: [Ideas] Comments on draft-ccm-ideas-identity-… Tom Herbert
- Re: [Ideas] Comments on draft-ccm-ideas-identity-… Uma Chunduri
- Re: [Ideas] Comments on draft-ccm-ideas-identity-… Tom Herbert