Re: [Ideas] Diasambugating Identifier and Identity

Michael Menth <menth@uni-tuebingen.de> Fri, 14 April 2017 06:46 UTC

Return-Path: <menth@uni-tuebingen.de>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C171912786A for <ideas@ietfa.amsl.com>; Thu, 13 Apr 2017 23:46:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hbfv1Fs60q4L for <ideas@ietfa.amsl.com>; Thu, 13 Apr 2017 23:46:22 -0700 (PDT)
Received: from mx03.uni-tuebingen.de (mx03.uni-tuebingen.de [134.2.5.213]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 617E3127BA3 for <ideas@ietf.org>; Thu, 13 Apr 2017 23:46:20 -0700 (PDT)
Received: from [192.168.1.101] (hsi-kbw-5-56-217-255.hsi17.kabel-badenwuerttemberg.de [5.56.217.255]) by mx03.uni-tuebingen.de (Postfix) with ESMTPSA id 722F983C9E for <ideas@ietf.org>; Fri, 14 Apr 2017 08:46:18 +0200 (CEST)
To: ideas@ietf.org
References: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com> <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com>
From: Michael Menth <menth@uni-tuebingen.de>
Message-ID: <082a1bcc-d79a-75b0-18e6-6db705627ce5@uni-tuebingen.de>
Date: Fri, 14 Apr 2017 08:45:56 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/W-kQHLWbBkspSBqEFLwzO5i9p-g>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 06:46:26 -0000

Hi Robert, hi all,

thanks for your thought-provoking mail. Reading the definitions gave me
the impression that identities can have very different properties
depending on their domains. I feel the text is stimulating but too long
for a definition.

What about:

An identity (Idy) is a distinguishable entity within its domain.

An identifier (Idf) is a label for an Idy. An Idy may have multiple
Idfs.

Anything beyond this definition are valid observations that show the
diverse properties of domain-specific Idys. A discussion including
examples for entities and domains is helpful for illustration. This also
pertains to the relation between objects and Idys.

Regards,

Michael

Am 14.04.2017 um 01:58 schrieb Robert Moskowitz:
> I am finally getting back to this subject.
> 
> 
> On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
>> The Identifier/Identity definitions in
>> draft-padma-ideas-problem-statement-01.txt is a good start, it fails
>> in the appreviations used. (There is NO abbreviation for Identity!)
>>
>> ID should NOT be the appreviation of Identitfier.  People will default
>> to thinking 'Identity' when they see it.  Think about people outside
>> our discussion group.
>>
>> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>>
>> I will be working on proposed wording to improve these definitions.
> 
> I have worked up definitions, sent it out to a few reviewers, got some
> comments and questions.  First my current draft, then a few questions:
> 
> Replacement text for:    draft-padma-ideas-problem-statement
> 
> Identity (Abbr: IDT or IDt):    A collection of information that is
> unique to an object and differentiates it from all other objects.
> 
> An identity consists of information that is stated about the object by
> itself or a governing authority. It consists of a set of attributes
> and/or actions the object can take.  An Identity may be assigned a
> lifetime (e.g., a time period), which is determined by either the object
> or the governing authority responsible for defining the identity of the
> object, or a designated third party. An object can have multiple
> Identities and can create and discard Identities at will.  An Identity
> may be ‘indestructible’. That is, it is so unique and non replicatible
> that no other object could ever duplicate it, nor can the object discard
> it within its lifetime without being a ‘clone’ object.  Identity is used
> in authentication registration and policy ownership proofs.
> 
> 
> Identifier (Abbr: IDF or IDf):    A label that is unique for an object a
> particular scope.
> 
> The label follows strict construction rules for the objects and the
> context that the label is applied to.  For a particular context, an
> Identifier is used to reference an Identity for the object.  In most
> cases, an Identifier is bound to an Identity through some trusted
> mechanism.  An Identity can have different Identifiers, potentially
> following different construction rules, for different contexts and/or
> domains of applicability.
> 
> 
> ==========
> 
> Now onto a few questions:
> 
> Per: "An object can have multiple Identities" clause, I am challenged with
> 
> "This is VERY dangerous. In most software systems, it is the
> responsibility of the management system to assign a single identity to
> an object when it is created. If an object has multiple identities, it
> could suffer from 'multiple personality syndrome'.
> 
> More importantly, if the object is allowed to create and discard
> identities at will, how do other objects know that the object is who it
> attests to be?"
> 
> I think it is very important for some situations for support of multiple
> Identities.  No all.  There are domains as indicated above where it
> causes big problems.
> 
> Per: "An Identity may be ‘indestructible’." clause, I am challenged with
> 
> "This doesn’t make any sense. Why would anyone care if the identity is
> indestructible or not?"
> 
> I can think of examples of such Identities, or claim of such Identities,
> like DNA.
> 
> And finally, Per: "Identity is used in authentication registration and
> policy ownership proofs." clause, I am challenged with
> 
> "What does this mean?"
> 
> I will have to work on this some more, or perhaps it does not belong in
> the definition section.
> 
> Comments please
> 
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas

-- 
Prof. Dr. habil. Michael Menth
University of Tuebingen
Faculty of Science
Department of Computer Science
Chair of Communication Networks
Sand 13, 72076 Tuebingen, Germany
phone: (+49)-7071/29-70505
fax: (+49)-7071/29-5220
mailto:menth@uni-tuebingen.de
http://kn.inf.uni-tuebingen.de