Re: [Ideas] New revision posted on draft-ccm-ideas-identity-use-cases

[Tom Herbert <tom@herbertland.com>]

On Mon, Oct 16, 2017 at 3:38 PM, Alexander Clemm
<alexander.clemm@huawei.com> wrote:
> Hello Tom,
>
> Thank you for your comments.  Some brief replies, inline, <ALEX>
>
> --- Alex
>
>> -----Original Message-----
>> From: Tom Herbert [mailto:tom@herbertland.com]
>
>
> ...
>
>> By my count this is at least the fifth definition of identity that has been
>> proposed either in drafts or on the list, and this one is no more enlightening
>> than any of the previous definitions. First of all, this says identity is an
>> "identifier". Does this mean that identity is a type of identifier per the
>> definition of identifier above? Secondly, this says identity is used to identify a
>> communication entity, however above it says an identifier "denotes
>> information to unambiguously identify a communications entity"-- so both of
>> them "identify a communications entity"... I don't see the difference.
>
> <ALEX> Well, the definitions are evolving as we hope to get them more concise.
>
> For that definition: yes, the IDy is an identifier.  However, it is a "special" identifier in that it is never revealed in packet header, nor revealed to another communications entity - unlike an IDf.
>
> Another aspect that is mentioned in the draft, but not in the definitions (and we need to revisit this) concerns the distinction between a "second-order" (IDf) and a "first-order" identifier (IDy) - the second-order potentially be rooted / anchored in the first-order identifier, respectively the first-order identifier really denoting a collection / grouping of "second-order" identifiers.  As mentioned below, perhaps  we should add an articulation such as "" An IDy serves as a collection of identifiers that are associated with the same endpoint"
>
> </ALEX>
>
>>
>> The rest of the draft, including the picture of the relationship between
>> identifiers, identify, and locators, seems to imply a potentially more useful
>> and crisp definition of identity. As stated in the introduction: "An IDy serves
>> as a collection of identifiers that are associated with the same endpoint". This
>> could be rephrased to define identity as "a group of identifiers that share
>> some common properties". Given this "group" definition of identity, then it
>> becomes natural to consider group policy and group operations over sets of
>> identifiers.
>>
>
> <ALEX> I am glad that you find that things are getting crisper - I take it to mean that we are on the right path!  Yes, this is what we need to reflect / incorporate.  However, I think we need to be more specific than just saying IDy refers to a grouping in the general sense - it refers to a grouping of identifiers that refer to the same communications entity  (that is the property they have in common, I guess)
> </ALEX>
>
Alex,

In my design for ILA I have defined "identifier group" as "a set of
identifiers or other identifier groups that share some common
properties". This is derived from the traditional idea of groups of
objects that is seen in other areas of networking and computer
science. Identifier groups can be created for ad hoc purposes and is
distinct from identity. Being a member of group does not imply that an
identity is derived from the group. The analogy is that you and I may
have subscribed to IDEAS mailing list which is a group, but I don't
think that the mailing list gives me an identity nor that you and I
now share an identity by virtue of subscribing to the same list.
Identity might be a possible property of an identifier group I
suppose, but I would need to think that through and have a better
understanding of exactly what identity is.

Anyway, I have a draft on the concept of identifier groups and some
examples of their use if anyone is interested.

Tom