IETF Logo Mail Archive

Re: [Ideas] Your Input requested: Charter Proposal New Version

Uma Chunduri <uma.chunduri@huawei.com> Wed, 09 August 2017 23:27 UTC

Return-Path: <uma.chunduri@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ECB11270AC for <ideas@ietfa.amsl.com>; Wed, 9 Aug 2017 16:27:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wV-unRm45EmT for <ideas@ietfa.amsl.com>; Wed, 9 Aug 2017 16:27:07 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC001127077 for <ideas@ietf.org>; Wed, 9 Aug 2017 16:27:06 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml704-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DTB59088; Wed, 09 Aug 2017 23:27:04 +0000 (GMT)
Received: from SJCEML702-CHM.china.huawei.com (10.208.112.38) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 10 Aug 2017 00:27:03 +0100
Received: from SJCEML703-CHM.china.huawei.com ([169.254.5.240]) by SJCEML702-CHM.china.huawei.com ([169.254.4.153]) with mapi id 14.03.0301.000; Wed, 9 Aug 2017 16:26:57 -0700
From: Uma Chunduri <uma.chunduri@huawei.com>
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>, Tom Herbert <tom@herbertland.com>, Padma Pillay-Esnault <padma.ietf@gmail.com>
CC: "ideas@ietf.org" <ideas@ietf.org>
Thread-Topic: [Ideas] Your Input requested: Charter Proposal New Version
Thread-Index: AQHTDzzgNVx45kpBtkOBA2pvgY37Y6J5ePoAgAAJlQCAAxvyUIAAfkwA//+P/oA=
Date: Wed, 09 Aug 2017 23:26:55 +0000
Message-ID: <25B4902B1192E84696414485F572685401A3A265@SJCEML703-CHM.china.huawei.com>
References: <CAG-CQxpxDXxLXdu0a2GdBRfTFLM_C+jqCz58HoNim52C7Yzr8g@mail.gmail.com> <CALx6S34hbV5D84RZQ1+V3zFz+VNeJsDn0rsr-PN6Wg4b1gdSpA@mail.gmail.com> <83622B5F-A2D0-40A4-BD75-BC6222754059@telefonica.com> <25B4902B1192E84696414485F572685401A3A234@SJCEML703-CHM.china.huawei.com> <16A0829F-78E9-4E8C-B719-B25431603939@telefonica.com>
In-Reply-To: <16A0829F-78E9-4E8C-B719-B25431603939@telefonica.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.212.246.1]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.598B9A49.0019, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.5.240, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 018e6e1cce410ee72e0571540e9b9256
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/MQKaebeW8eYEdFRMbFm5VP6aoXY>
Subject: Re: [Ideas] Your Input requested: Charter Proposal New Version
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2017 23:27:09 -0000

Hi Diego,

In-line [Uma1]:

-----Original Message-----
From: Diego R. Lopez [mailto:diego.r.lopez@telefonica.com] 
Sent: Wednesday, August 09, 2017 3:58 PM
To: Uma Chunduri <uma.chunduri@huawei.com>; Tom Herbert <tom@herbertland.com>; Padma Pillay-Esnault <padma.ietf@gmail.com>
Cc: ideas@ietf.org
Subject: Re: [Ideas] Your Input requested: Charter Proposal New Version

Hi Uma,

On 10/8/2017, 24:30 , "Uma Chunduri" <uma.chunduri@huawei.com> wrote:

        > - in addition, introduce the concept of identity-identifier split and new
        > mechanisms that let endpoints dynamically change identifiers. These new
        > functionalities may, for example, facilitate anonymity through obscurity
        > while preventing security issues that might result from abuse, ensuring that
        > information about actual endpoints and their location is revealed only on a
        > need-to-know basis.
        >
        Padma,

        I don't think this goes far enough in terms of protections for users
        against the potential abuse of something that might be able to
        individually and persistently identify them on the Internet. First,
        it's not clear what network layer identity means in this context. I
        hope it refers to an ad hoc collection of identifiers as opposed to
        the identity of individual users or devices. In any case maybe a
        definition of identity might be in order here. Secondly, I think it
        should be stated up front that identity cannot in any way be used to
        identify individual users, it cannot be used to create a global
        database of Internet users, in no way can it be used by networks or
        governments to track or block individuals, nor can it ever be required
        for communications. That implies network layer identities cannot
        contain PII (personally identifiable information) and cannot be
        permanently assigned to users or devices (in the same spirit that
        Ethernet addresses were removed from IIDs because of privacy
        concerns).

        Thanks,
        Tom

    When it comes to these concerns I’d strongly recommend to have a look at how identity attributes were exchanged and trust established within the ABFAB framework (https://tools.ietf.org/wg/abfab/)

    [Uma]: Though  this is not about SSOs or application stuff, thanks for the pointer.
                    I always believed EAP has a role to play for IDy auth procedures and lot of concerns brought out here (especially related to Identity-privacy) are effectively taken care with existing mechanisms.

ABFAB was not about SSO, but about using user identities to allow their access to network services while protecting user privacy. And among those services you could consider any kind of application or connectivity service…

[Uma1]: Thanks for the correction.  Yes, what is needed for IDEAS is to access AUTH to GRIDS by entity and also simple policy  at Identity (referring Identity through Identifier in the packet regardless of which Identifier of the entity is used). 
                  Sure, we ought to re-use any existing and well defined mechanisms for this purpose.

v2.23.0 | Report a Bug | By Email