Re: [Ideas] Diasambugating Identifier and Identity

["Liubingyang (Bryan)" <liubingyang@huawei.com>]

See inline [Bryan]
I highly suggest that we can leave the term definition aside, and talk about what functionalities we need in IDEAS. If the functions are decided, we can give whatever terms everyone is comfortable with. The functions are really important things, then the terms.

Best
Bingyang (Bryan)

-----Original Message-----
From: Michael Menth [mailto:menth@uni-tuebingen.de] 
Sent: Friday, April 28, 2017 6:12 AM
To: Alexander Clemm <alexander.clemm@huawei.com>; Dino Farinacci <farinacci@gmail.com>; Liubingyang (Bryan) <liubingyang@huawei.com>
Cc: ideas@ietf.org; Robert Moskowitz <rgm-ietf@htt-consult.com>
Subject: Re: [Ideas] Diasambugating Identifier and Identity

Hi Alex,

Am 27.04.2017 um 22:04 schrieb Alexander Clemm:
> Hi Michael,
> 
> In your example, it sounds as if you are effectively having the cidX take on a similar role of an identity - various identifiers are grouped together under the umbrella of their unifying cidX, which is now used in lieu of - but similar role as (minus the authentication) - an identity.
Right. I just want to say that an identity is not necessarily needed to provide joint information for a set of identifiers.

  You can do that, but what you are arguing, then, is in effect to restrict the discussion to identifiers and identifier-enabled networks; identity and identity-enabled networks would be a misnomer unless used as a synonym.  The thread started with disambiguating identifier and identity; if we decided that we want to have as scope for the work identifier-enabled networks (without need for the notion of identity distinct from an identifier), the disambiguation would no longer matter.
I don't want to get rid of the term identity, I'd rather like to filter out the very essence of an identity.
Is it just the authentication part or something else?
  [Bryan] Agreed with all the above. Btw, an identity by itself may not be sufficient to provide authentication unless accompanied with some keys, tokens, etc. And it is not necessary neither since one can do authentication without the definition of identity. 

Certainly not - because we may have a "cidX" whithout authentication features which is still able to bind several identifiers together.
Is an identity just a "collection of data"? No, because if we have another identical collection of data, then we don't know which is which.
  [Bryan] if we want to bind some identifiers together, we just need a set. If we need to give the set a unique reference, that could just be a set ID, which can be just an index in database internal implementation and doesn't have to be given an explicit meaning. 
  However, if the set ID itself has some properties, the set ID can have some meaning. We can use the properties to indicate, e.g., this set maps to a real entity in the real world. 

Can we say it is a distinguishable entity? It may have a collection of data and may also have some means for authentication. If we have equal products without a serial number, we probably wouldn't talk about identities. But with a serial number, they can be distinguished, so that we can talk about identities. However, it's not the serial number or identifier that makes them an identity, it rather the distinguishability which could alternatively be achieved through a collection of data. Hm, too philosophical?
  [Bryan] To my understanding, people have so different understanding of the term "identity". Some may think it is just for authentication of ownership of identifiers, like HI for HIT. Some may think it is an avatar of a real world entity. 
  I highly suggest that we can leave the term definition aside, and talk about what functionalities we need in IDEAS. If the functions are decided, we can give whatever terms everyone is comfortable with. The functions are really important things, then the terms. 

Regards,

Michael


> 
> One other clarification inline, <ALEX>
> 
> Cheers
> --- Alex
> 
> -----Original Message-----
> From: Michael Menth [mailto:menth@uni-tuebingen.de]
> Sent: Thursday, April 27, 2017 7:16 AM
> To: Alexander Clemm <alexander.clemm@huawei.com>; Dino Farinacci 
> <farinacci@gmail.com>; Liubingyang (Bryan) <liubingyang@huawei.com>
> Cc: ideas@ietf.org; Robert Moskowitz <rgm-ietf@htt-consult.com>
> Subject: Re: [Ideas] Diasambugating Identifier and Identity
> 
> Hi Alex,
> 
> Am 27.04.2017 um 04:00 schrieb Alexander Clemm:
>> Hi Michael,
>>
>> For your example: yes, you can do what you describe.  Of course, you need to have the same metadata replicated for each identifier.  
> No, the metadate is mapped only to the single "cidX". But multiplce nidn are mapped to this single contract id.
> 
> When the entity decides to use another identifier, its metadata needs to be copied as well.
> No, we just need another mapping nid3 -> cidX
> 
> When you change the metadata, you need to change it in all records.
> No, we just need to change the metadata associated to the single "cidX".
> 
> And there may be more than one piece of metadata; for example, I may be an entity of a certain type.  With a flat identifier-only scheme, the data must be maintained redundantly.
> Hm, not sure what you mean.
> 
> <ALEX>  What I meant here is there can be other metadata associated with an entity, not just the contract, but for example information of which type a certain endpoint is - for example, if it is a connected vehicle, a server, a mobile CPE.  If an entity has several identifiers, and the same metadata applies to each, it needs to be maintained redundantly (unless you put it under some common umbrella that "unites" the identifiers, such as an identity).  
> </ALEX>
>   
> Regards, Michael
> 
> 
>>
>> --- Alex
>>
>> -----Original Message-----
>> From: Michael Menth [mailto:menth@uni-tuebingen.de]
>> Sent: Wednesday, April 26, 2017 12:56 PM
>> To: Alexander Clemm <alexander.clemm@huawei.com>; Dino Farinacci 
>> <farinacci@gmail.com>; Liubingyang (Bryan) <liubingyang@huawei.com>
>> Cc: Robert Moskowitz <rgm-ietf@htt-consult.com>; ideas@ietf.org
>> Subject: Re: [Ideas] Diasambugating Identifier and Identity
>>
>> Hi Alex,
>>
>> can't a contract be represented by a contract identifier (cidX) to which several networking identifiers (nidn) are mapped?
>>
>> nid0 -> cidX
>> nid1 -> cidX
>> nid2 -> cidX
>> cidX -> someProperty
>>
>> This contract identifier may be mapped to some property yielding a kind of hierarchical mapping. What I want to say is, I don't see the gain of an identity concept in this example.
>>
>> I ask again: what's the value of identities beyond authentication for registration purposes?
>>
>> Regards,
>>
>> Michael
>>
>>
>> Am 26.04.2017 um 21:38 schrieb Alexander Clemm:
>>> Yes, I think we agree on the notion of identifier.  
>>>
>>> Of course, this is not just about identifier- but identity-enabled networking, so there is still that other aspect needing to be fleshed out. Re: Michael's question, authentication is one of its applications, but I think there are others, for example related to metadata (back to the earlier point of whether identity is a data record) - an example would be the "type" of endpoint which applies regardless whether one or many identifiers are being used.  Related to metadata, you could have policies that are applied based on identity (e.g. an entity with a paid contract), not based on which one of several identifiers an entity happens to use.   
>>>
>>> -- Alex
>>>
>>> -----Original Message-----
>>> From: Dino Farinacci [mailto:farinacci@gmail.com]
>>> Sent: Wednesday, April 26, 2017 10:26 AM
>>> To: Liubingyang (Bryan) <liubingyang@huawei.com>
>>> Cc: Michael Menth <menth@uni-tuebingen.de>; Alexander Clemm 
>>> <alexander.clemm@huawei.com>; Robert Moskowitz 
>>> <rgm-ietf@htt-consult.com>; ideas@ietf.org
>>> Subject: Re: [Ideas] Diasambugating Identifier and Identity
>>>
>>>> For example, (one of) the real reason we want identifiers is that we want something that does not change with topology locations to identify mobile communication end point, which functions that cannot be carried by IP addresses. Since (I believe) we all have consensus on this function, we can at least agree that identifier is topology-independent label that identifies a communication end point. 
>>>
>>> Exactly.
>>>
>>> So to extend the definition to be specific. The identifier is used for a host stack transport connection. Its the “thing” (the arguments) you pass to connect(), bind(), sendto(), etc, socket API calls. And what you “get back” from gethostbyname().
>>>
>>> Dino
>>>
>>
>> --
>> Prof. Dr. habil. Michael Menth
>> University of Tuebingen
>> Faculty of Science
>> Department of Computer Science
>> Chair of Communication Networks
>> Sand 13, 72076 Tuebingen, Germany
>> phone: (+49)-7071/29-70505
>> fax: (+49)-7071/29-5220
>> mailto:menth@uni-tuebingen.de
>> http://kn.inf.uni-tuebingen.de
>> _______________________________________________
>> Ideas mailing list
>> Ideas@ietf.org
>> https://www.ietf.org/mailman/listinfo/ideas
>>
> 
> --
> Prof. Dr. habil. Michael Menth
> University of Tuebingen
> Faculty of Science
> Department of Computer Science
> Chair of Communication Networks
> Sand 13, 72076 Tuebingen, Germany
> phone: (+49)-7071/29-70505
> fax: (+49)-7071/29-5220
> mailto:menth@uni-tuebingen.de
> http://kn.inf.uni-tuebingen.de
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
> 

--
Prof. Dr. habil. Michael Menth
University of Tuebingen
Faculty of Science
Department of Computer Science
Chair of Communication Networks
Sand 13, 72076 Tuebingen, Germany
phone: (+49)-7071/29-70505
fax: (+49)-7071/29-5220
mailto:menth@uni-tuebingen.de
http://kn.inf.uni-tuebingen.de