Re: [Ideas] Diasambugating Identifier and Identity
Padma Pillay-Esnault <padma.ietf@gmail.com> Fri, 14 April 2017 06:29 UTC
Return-Path: <padma.ietf@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DA9E1293E3 for <ideas@ietfa.amsl.com>; Thu, 13 Apr 2017 23:29:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HWxvdFSkkB2B for <ideas@ietfa.amsl.com>; Thu, 13 Apr 2017 23:29:17 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 005DF127011 for <ideas@ietf.org>; Thu, 13 Apr 2017 23:29:16 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id t189so60122202wmt.1 for <ideas@ietf.org>; Thu, 13 Apr 2017 23:29:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uNwriZMZbmIiaBlgNl3iHwk/WhPxq7fd8v7xVzJnFsY=; b=OOF50gt91/QJHKM4HtGU6O/VT0hMSFI0AilZdFsg6ZZg5cRchnWdbujEl7l0vsaZfZ wHMTT1x++JsYq23HTRPhFbLmGbgiPGW1K0uof0pYmhs23/+hcJEByWjV54EFFeA5aA9p lIk25cetVzXEikht4viBqdG0Rg7HDy9eaUnJ0uFllWesXvrOf1G1vcYpMgt1MGL1ZPBP 3gJWlslC7jfsFy7Xpzwb25lqe8hbXdZSc8aWwYrDIYJlxKUmXwYsGT3nXvopGfbwBbRf WdZjxSMOtxY3KZuX0EJFm0pznP+qEfmldwrgt5Wtyoxm9k2597mzcYtAtiBIiWkJDrab Gl9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uNwriZMZbmIiaBlgNl3iHwk/WhPxq7fd8v7xVzJnFsY=; b=ugs+941dB4pwWRuK7PR73pcZ+qRHQxyVvnXVRB5eMPRph82M3d67nIm4m4/pVcX8w+ x6r8Nki9F8kxHJ2Gd+GaZiLv8/aqi5DGuArBMVe6l6DmU7eAuaePk+8Df6F6ZrLsU5Kx OdfaYwQfkFCPU8NfxGzwECZHkUIjQbzBqafjpA8+2GPLicD2ztl3DFZNmp15gKe4RlsH pm4aOM44ckkTLZt0AWPCOzO9QCiZ2jgFVe6DhXu89xPUc1DgVRIifPoHobOq1KkNgplI hzO3gmPuxFBk7GpGxzQ+/V6ilaYPzUkuWHKXUElZY8Le+MQI31TlUg/38psZg/1/RT8+ q09g==
X-Gm-Message-State: AN3rC/7nS4JMAVp8u3vdM/MgCQ0s9RsPa0WD3v8seiydC7Vu9CEtYk/g QCLKdqQxvoyGBGCNay/xXKsYEhPzTA==
X-Received: by 10.28.157.84 with SMTP id g81mr22679180wme.120.1492151355199; Thu, 13 Apr 2017 23:29:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.167.67 with HTTP; Thu, 13 Apr 2017 23:29:14 -0700 (PDT)
In-Reply-To: <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com>
References: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com> <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com>
From: Padma Pillay-Esnault <padma.ietf@gmail.com>
Date: Thu, 13 Apr 2017 23:29:14 -0700
Message-ID: <CAG-CQxpQnZ=jQL49s_XX1fHFNu5QNgqTXueg4A1sAfRQT6QQCQ@mail.gmail.com>
To: Robert Moskowitz <rgm-ietf@htt-consult.com>
Cc: ideas@ietf.org, Padma Pillay-Esnault <padma.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a114ba0227a57d3054d1a8f9c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/bZcX_kTmGGangLNgexV3o1jjFZY>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 06:29:20 -0000
Hi Robert I have a few comments See below <PPE> On Thu, Apr 13, 2017 at 4:58 PM, Robert Moskowitz <rgm-ietf@htt-consult.com> wrote: > I am finally getting back to this subject. > > > On 03/28/2017 12:07 PM, Robert Moskowitz wrote: > >> The Identifier/Identity definitions in draft-padma-ideas-problem-statement-01.txt >> is a good start, it fails in the appreviations used. (There is NO >> abbreviation for Identity!) >> >> ID should NOT be the appreviation of Identitfier. People will default to >> thinking 'Identity' when they see it. Think about people outside our >> discussion group. >> >> I propose 'IDf' for Identifier. 'ID' is too owned by Identity. >> >> I will be working on proposed wording to improve these definitions. >> > > I have worked up definitions, sent it out to a few reviewers, got some > comments and questions. First my current draft, then a few questions: > > Replacement text for: draft-padma-ideas-problem-statement > > Identity (Abbr: IDT or IDt): A collection of information that is unique > to an object and differentiates it from all other objects. > <PPE> Would prefer entity to object in keeping of the definition in the draft. > > An identity consists of information that is stated about the object by > itself or a governing authority. It consists of a set of attributes and/or > actions the object can take. An Identity may be assigned a lifetime (e.g., > a time period), which is determined by either the object or the governing > authority responsible for defining the identity of the object, or a > designated third party. An object can have multiple Identities and can > create and discard Identities at will. An Identity may be > ‘indestructible’. That is, it is so unique and non replicatible that no > other object could ever duplicate it, nor can the object discard it within > its lifetime without being a ‘clone’ object. Identity is used in > authentication registration and policy ownership proofs. > > <PPE> Can we infer than an identity may apply to a group of entities? I think this is an important aspect not sure the text above reflects that. > > Identifier (Abbr: IDF or IDf): A label that is unique for an object a > particular scope. > > The label follows strict construction rules for the objects and the > context that the label is applied to. For a particular context, an > Identifier is used to reference an Identity for the object. In most cases, > an Identifier is bound to an Identity through some trusted mechanism. An > Identity can have different Identifiers, potentially following different > construction rules, for different contexts and/or domains of applicability. > > > ========== > > Now onto a few questions: > > Per: "An object can have multiple Identities" clause, I am challenged with > > "This is VERY dangerous. In most software systems, it is the > responsibility of the management system to assign a single identity to an > object when it is created. If an object has multiple identities, it could > suffer from 'multiple personality syndrome'. > > <PPE> I tend to agree with you I would prefer one identity but multiple identifiers. > More importantly, if the object is allowed to create and discard > identities at will, how do other objects know that the object is who it > attests to be?" > > <PPE> this is where I think there should always be a Permanent identity which sticks but it can take aliases but those are bound to the permanent one. > I think it is very important for some situations for support of multiple > Identities. No all. There are domains as indicated above where it causes > big problems. > > Per: "An Identity may be ‘indestructible’." clause, I am challenged with > <PPE> Reading the definition above I felt we should be very careful how to implement this and in what circumstance. My read is that this is a permanent identity. > > "This doesn’t make any sense. Why would anyone care if the identity is > indestructible or not?" > > I can think of examples of such Identities, or claim of such Identities, > like DNA. > > And finally, Per: "Identity is used in authentication registration and > policy ownership proofs." clause, I am challenged with > > "What does this mean?" > > <PPE> the objective here to have a mechanism where an entity has a means to prove that it is what it is supposed to be and prevent hijacking of its identity. > I will have to work on this some more, or perhaps it does not belong in > the definition section. > > Comments please > > <PPE> There are important definitions and thanks for taking a stab at this Padma > > _______________________________________________ > Ideas mailing list > Ideas@ietf.org > https://www.ietf.org/mailman/listinfo/ideas >
- Re: [Ideas] Diasambugating Identifier and Identity Toerless Eckert
- Re: [Ideas] Diasambugating Identifier and Identity Hesham ElBakoury
- Re: [Ideas] Diasambugating Identifier and Identity Michael Menth
- Re: [Ideas] Diasambugating Identifier and Identity Padma Pillay-Esnault
- Re: [Ideas] Diasambugating Identifier and Identity Robert Moskowitz
- Re: [Ideas] Diasambugating Identifier and Identity Michael Menth
- Re: [Ideas] Diasambugating Identifier and Identity Robert Moskowitz
- Re: [Ideas] Diasambugating Identifier and Identity Robert Moskowitz
- Re: [Ideas] Diasambugating Identifier and Identity Alexander Clemm
- Re: [Ideas] Diasambugating Identifier and Identity Michael Menth
- Re: [Ideas] Diasambugating Identifier and Identity Liubingyang (Bryan)
- Re: [Ideas] Diasambugating Identifier and Identity Michael Menth
- Re: [Ideas] Diasambugating Identifier and Identity Dino Farinacci
- Re: [Ideas] Diasambugating Identifier and Identity Alexander Clemm
- Re: [Ideas] Diasambugating Identifier and Identity Michael Menth
- Re: [Ideas] Diasambugating Identifier and Identity Alexander Clemm
- Re: [Ideas] Diasambugating Identifier and Identity Liubingyang (Bryan)
- Re: [Ideas] Diasambugating Identifier and Identity Michael Menth
- Re: [Ideas] Diasambugating Identifier and Identity Michael Menth
- Re: [Ideas] Diasambugating Identifier and Identity Alexander Clemm
- Re: [Ideas] Diasambugating Identifier and Identity Michael Menth
- Re: [Ideas] Diasambugating Identifier and Identity Liubingyang (Bryan)
- [Ideas] Diasambugating Identifier and Identity Robert Moskowitz
- Re: [Ideas] Diasambugating Identifier and Identity Padma Pillay-Esnault
- Re: [Ideas] Diasambugating Identifier and Identity Hesham ElBakoury
- Re: [Ideas] Diasambugating Identifier and Identity Alexander Clemm
- Re: [Ideas] Diasambugating Identifier and Identity Hesham ElBakoury
- Re: [Ideas] Diasambugating Identifier and Identity Axel.Nennker
- Re: [Ideas] Diasambugating Identifier and Identity Robert Moskowitz
- Re: [Ideas] Diasambugating Identifier and Identity Dino Farinacci
- Re: [Ideas] Diasambugating Identifier and Identity Robert Moskowitz
- Re: [Ideas] Diasambugating Identifier and Identity Dino Farinacci