Re: [Ideas] New revision posted on draft-ccm-ideas-identity-use-cases

Tom Herbert <> Tue, 17 October 2017 18:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 855F2133070 for <>; Tue, 17 Oct 2017 11:03:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XfCPjAnZjp0y for <>; Tue, 17 Oct 2017 11:03:08 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5C04A133052 for <>; Tue, 17 Oct 2017 11:03:08 -0700 (PDT)
Received: by with SMTP id z50so5443149qtj.4 for <>; Tue, 17 Oct 2017 11:03:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=NPLzgcLyP3osf+tEREXLhmMtnTRn81aq0ZwqALEI4X0=; b=MHDobh58+p7xSA8OxNa843DO+lgdY1dIvG0kJFr9jSvTgz8x6jDnzUVuZF8qWAYIWb pyDm9fR3STAWc6gR/Y3NyTErmZfYlIa4pS+2maDtE6O8613P044NxD9xztSrNDMZzGAQ p2jRyUrF0tKCaERpxEs0unvrBYdRtXAgE9FGxRsJVpeJ1+Z+zV7IlC8cArGYWp42H3gP uRVyfc8tMdrwfq+emDTO+XyBYQ/hppVVq6Hrqiewba/u9lY0VKRynLRyECdUOC21LOQF BF7Q6MwRUwkxDmhdLl+WqaqguLVnD9sAhi1Ns+wGr1KY4joW9bOsw/4GlH/T9QHZyPmT Z5qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=NPLzgcLyP3osf+tEREXLhmMtnTRn81aq0ZwqALEI4X0=; b=Qv1THtHy/Qla6MXmSQ0BkgbnSzYgQsgehl6JA0RMc+1IdNzr/q7OrgfPwhyJhLQpf5 le+/CQxxZKhLuiq2SVQgYajnrnITL/wTu51j4XTYlJ6MMuADPZz7Kp6xq1Oxfh7Eaz1M oV9n3YCICSwbmOtknXHKgjoB3jeTEDzZ0j335+7GPUmYbJ8N9Sgt5c7Lvpp3eN6YXKrS eKLQgCqUSe6ilZzLOXJmlgLBB55n6hFvt4Gp3VIzVzpKLePORb8F5yV/csc8xsDKKuUd bKOQx38mhdTXScIRW0WMcA8uBY6nMLyS4gR3qxgML/JoABWXAdUqOFsFg92zRrfx2gLl i2Rg==
X-Gm-Message-State: AMCzsaUV+xoX+QnSXsXTo5Ow1+4bZMqzI0m2X/NTL9COSuW0McOy25gV VjQbgn7FYiIZnSShwrlUWrjN+mrdUpX723IjLRyt1Q==
X-Google-Smtp-Source: AOwi7QCpMDLgnrxWZQ+ju9N1krHL+BZCyinhCXQ/FkBcVm1+uva3GyTKvN2rLDt0sMOIO1py0ajpI8VhqghatYB/lMQ=
X-Received: by with SMTP id k21mr21398550qta.286.1508263387430; Tue, 17 Oct 2017 11:03:07 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 17 Oct 2017 11:03:06 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
From: Tom Herbert <>
Date: Tue, 17 Oct 2017 11:03:06 -0700
Message-ID: <>
To: Alexander Clemm <>
Cc: "" <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Ideas] New revision posted on draft-ccm-ideas-identity-use-cases
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Oct 2017 18:03:14 -0000

On Mon, Oct 16, 2017 at 3:38 PM, Alexander Clemm
<> wrote:
> Hello Tom,
> Thank you for your comments.  Some brief replies, inline, <ALEX>
> --- Alex
>> -----Original Message-----
>> From: Tom Herbert []
> ...
>> By my count this is at least the fifth definition of identity that has been
>> proposed either in drafts or on the list, and this one is no more enlightening
>> than any of the previous definitions. First of all, this says identity is an
>> "identifier". Does this mean that identity is a type of identifier per the
>> definition of identifier above? Secondly, this says identity is used to identify a
>> communication entity, however above it says an identifier "denotes
>> information to unambiguously identify a communications entity"-- so both of
>> them "identify a communications entity"... I don't see the difference.
> <ALEX> Well, the definitions are evolving as we hope to get them more concise.
> For that definition: yes, the IDy is an identifier.  However, it is a "special" identifier in that it is never revealed in packet header, nor revealed to another communications entity - unlike an IDf.
> Another aspect that is mentioned in the draft, but not in the definitions (and we need to revisit this) concerns the distinction between a "second-order" (IDf) and a "first-order" identifier (IDy) - the second-order potentially be rooted / anchored in the first-order identifier, respectively the first-order identifier really denoting a collection / grouping of "second-order" identifiers.  As mentioned below, perhaps  we should add an articulation such as "" An IDy serves as a collection of identifiers that are associated with the same endpoint"
> </ALEX>
>> The rest of the draft, including the picture of the relationship between
>> identifiers, identify, and locators, seems to imply a potentially more useful
>> and crisp definition of identity. As stated in the introduction: "An IDy serves
>> as a collection of identifiers that are associated with the same endpoint". This
>> could be rephrased to define identity as "a group of identifiers that share
>> some common properties". Given this "group" definition of identity, then it
>> becomes natural to consider group policy and group operations over sets of
>> identifiers.
> <ALEX> I am glad that you find that things are getting crisper - I take it to mean that we are on the right path!  Yes, this is what we need to reflect / incorporate.  However, I think we need to be more specific than just saying IDy refers to a grouping in the general sense - it refers to a grouping of identifiers that refer to the same communications entity  (that is the property they have in common, I guess)
> </ALEX>

In my design for ILA I have defined "identifier group" as "a set of
identifiers or other identifier groups that share some common
properties". This is derived from the traditional idea of groups of
objects that is seen in other areas of networking and computer
science. Identifier groups can be created for ad hoc purposes and is
distinct from identity. Being a member of group does not imply that an
identity is derived from the group. The analogy is that you and I may
have subscribed to IDEAS mailing list which is a group, but I don't
think that the mailing list gives me an identity nor that you and I
now share an identity by virtue of subscribing to the same list.
Identity might be a possible property of an identifier group I
suppose, but I would need to think that through and have a better
understanding of exactly what identity is.

Anyway, I have a draft on the concept of identifier groups and some
examples of their use if anyone is interested.