Re: [Ideas] Diasambugating Identifier and Identity

Padma Pillay-Esnault <> Fri, 14 April 2017 06:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9DA9E1293E3 for <>; Thu, 13 Apr 2017 23:29:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HWxvdFSkkB2B for <>; Thu, 13 Apr 2017 23:29:17 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 005DF127011 for <>; Thu, 13 Apr 2017 23:29:16 -0700 (PDT)
Received: by with SMTP id t189so60122202wmt.1 for <>; Thu, 13 Apr 2017 23:29:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uNwriZMZbmIiaBlgNl3iHwk/WhPxq7fd8v7xVzJnFsY=; b=OOF50gt91/QJHKM4HtGU6O/VT0hMSFI0AilZdFsg6ZZg5cRchnWdbujEl7l0vsaZfZ wHMTT1x++JsYq23HTRPhFbLmGbgiPGW1K0uof0pYmhs23/+hcJEByWjV54EFFeA5aA9p lIk25cetVzXEikht4viBqdG0Rg7HDy9eaUnJ0uFllWesXvrOf1G1vcYpMgt1MGL1ZPBP 3gJWlslC7jfsFy7Xpzwb25lqe8hbXdZSc8aWwYrDIYJlxKUmXwYsGT3nXvopGfbwBbRf WdZjxSMOtxY3KZuX0EJFm0pznP+qEfmldwrgt5Wtyoxm9k2597mzcYtAtiBIiWkJDrab Gl9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uNwriZMZbmIiaBlgNl3iHwk/WhPxq7fd8v7xVzJnFsY=; b=ugs+941dB4pwWRuK7PR73pcZ+qRHQxyVvnXVRB5eMPRph82M3d67nIm4m4/pVcX8w+ x6r8Nki9F8kxHJ2Gd+GaZiLv8/aqi5DGuArBMVe6l6DmU7eAuaePk+8Df6F6ZrLsU5Kx OdfaYwQfkFCPU8NfxGzwECZHkUIjQbzBqafjpA8+2GPLicD2ztl3DFZNmp15gKe4RlsH pm4aOM44ckkTLZt0AWPCOzO9QCiZ2jgFVe6DhXu89xPUc1DgVRIifPoHobOq1KkNgplI hzO3gmPuxFBk7GpGxzQ+/V6ilaYPzUkuWHKXUElZY8Le+MQI31TlUg/38psZg/1/RT8+ q09g==
X-Gm-Message-State: AN3rC/7nS4JMAVp8u3vdM/MgCQ0s9RsPa0WD3v8seiydC7Vu9CEtYk/g QCLKdqQxvoyGBGCNay/xXKsYEhPzTA==
X-Received: by with SMTP id g81mr22679180wme.120.1492151355199; Thu, 13 Apr 2017 23:29:15 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 13 Apr 2017 23:29:14 -0700 (PDT)
In-Reply-To: <>
References: <> <>
From: Padma Pillay-Esnault <>
Date: Thu, 13 Apr 2017 23:29:14 -0700
Message-ID: <>
To: Robert Moskowitz <>
Cc:, Padma Pillay-Esnault <>
Content-Type: multipart/alternative; boundary=001a114ba0227a57d3054d1a8f9c
Archived-At: <>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 14 Apr 2017 06:29:20 -0000

Hi Robert

I have a few comments

See below <PPE>

On Thu, Apr 13, 2017 at 4:58 PM, Robert Moskowitz <>

> I am finally getting back to this subject.
> On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
>> The Identifier/Identity definitions in draft-padma-ideas-problem-statement-01.txt
>> is a good start, it fails in the appreviations used. (There is NO
>> abbreviation for Identity!)
>> ID should NOT be the appreviation of Identitfier.  People will default to
>> thinking 'Identity' when they see it.  Think about people outside our
>> discussion group.
>> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>> I will be working on proposed wording to improve these definitions.
> I have worked up definitions, sent it out to a few reviewers, got some
> comments and questions.  First my current draft, then a few questions:
> Replacement text for:    draft-padma-ideas-problem-statement
> Identity (Abbr: IDT or IDt):    A collection of information that is unique
> to an object and differentiates it from all other objects.

<PPE> Would prefer entity to object in keeping of the definition in the

> An identity consists of information that is stated about the object by
> itself or a governing authority. It consists of a set of attributes and/or
> actions the object can take.  An Identity may be assigned a lifetime (e.g.,
> a time period), which is determined by either the object or the governing
> authority responsible for defining the identity of the object, or a
> designated third party. An object can have multiple Identities and can
> create and discard Identities at will.  An Identity may be
> ‘indestructible’. That is, it is so unique and non replicatible that no
> other object could ever duplicate it, nor can the object discard it within
> its lifetime without being a ‘clone’ object.  Identity is used in
> authentication registration and policy ownership proofs.
> <PPE> Can we infer than an identity may apply to a group of entities? I
think this is an important aspect not sure the text above reflects that.

> Identifier (Abbr: IDF or IDf):    A label that is unique for an object a
> particular scope.
> The label follows strict construction rules for the objects and the
> context that the label is applied to.  For a particular context, an
> Identifier is used to reference an Identity for the object.  In most cases,
> an Identifier is bound to an Identity through some trusted mechanism.  An
> Identity can have different Identifiers, potentially following different
> construction rules, for different contexts and/or domains of applicability.
> ==========
> Now onto a few questions:
> Per: "An object can have multiple Identities" clause, I am challenged with
> "This is VERY dangerous. In most software systems, it is the
> responsibility of the management system to assign a single identity to an
> object when it is created. If an object has multiple identities, it could
> suffer from 'multiple personality syndrome'.
> <PPE> I tend to agree with you I would prefer one identity but multiple

> More importantly, if the object is allowed to create and discard
> identities at will, how do other objects know that the object is who it
> attests to be?"
> <PPE> this is where I think there should always be a Permanent identity
which sticks but it can take aliases but those are bound to the permanent

> I think it is very important for some situations for support of multiple
> Identities.  No all.  There are domains as indicated above where it causes
> big problems.
> Per: "An Identity may be ‘indestructible’." clause, I am challenged with

<PPE>  Reading the definition above I felt we should be very careful how to
implement this and in what circumstance. My read is that this is a
permanent identity.

> "This doesn’t make any sense. Why would anyone care if the identity is
> indestructible or not?"
> I can think of examples of such Identities, or claim of such Identities,
> like DNA.
> And finally, Per: "Identity is used in authentication registration and
> policy ownership proofs." clause, I am challenged with
> "What does this mean?"
> <PPE> the objective here to have a mechanism where an entity has a means
to prove that it is what it is supposed to be and prevent hijacking of its

> I will have to work on this some more, or perhaps it does not belong in
> the definition section.
> Comments please
<PPE> There are important definitions and thanks for taking a stab at this


> _______________________________________________
> Ideas mailing list