Re: [Ideas] Diasambugating Identifier and Identity

Padma Pillay-Esnault <padma.ietf@gmail.com> Fri, 14 April 2017 06:29 UTC

Return-Path: <padma.ietf@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DA9E1293E3 for <ideas@ietfa.amsl.com>; Thu, 13 Apr 2017 23:29:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HWxvdFSkkB2B for <ideas@ietfa.amsl.com>; Thu, 13 Apr 2017 23:29:17 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 005DF127011 for <ideas@ietf.org>; Thu, 13 Apr 2017 23:29:16 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id t189so60122202wmt.1 for <ideas@ietf.org>; Thu, 13 Apr 2017 23:29:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uNwriZMZbmIiaBlgNl3iHwk/WhPxq7fd8v7xVzJnFsY=; b=OOF50gt91/QJHKM4HtGU6O/VT0hMSFI0AilZdFsg6ZZg5cRchnWdbujEl7l0vsaZfZ wHMTT1x++JsYq23HTRPhFbLmGbgiPGW1K0uof0pYmhs23/+hcJEByWjV54EFFeA5aA9p lIk25cetVzXEikht4viBqdG0Rg7HDy9eaUnJ0uFllWesXvrOf1G1vcYpMgt1MGL1ZPBP 3gJWlslC7jfsFy7Xpzwb25lqe8hbXdZSc8aWwYrDIYJlxKUmXwYsGT3nXvopGfbwBbRf WdZjxSMOtxY3KZuX0EJFm0pznP+qEfmldwrgt5Wtyoxm9k2597mzcYtAtiBIiWkJDrab Gl9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uNwriZMZbmIiaBlgNl3iHwk/WhPxq7fd8v7xVzJnFsY=; b=ugs+941dB4pwWRuK7PR73pcZ+qRHQxyVvnXVRB5eMPRph82M3d67nIm4m4/pVcX8w+ x6r8Nki9F8kxHJ2Gd+GaZiLv8/aqi5DGuArBMVe6l6DmU7eAuaePk+8Df6F6ZrLsU5Kx OdfaYwQfkFCPU8NfxGzwECZHkUIjQbzBqafjpA8+2GPLicD2ztl3DFZNmp15gKe4RlsH pm4aOM44ckkTLZt0AWPCOzO9QCiZ2jgFVe6DhXu89xPUc1DgVRIifPoHobOq1KkNgplI hzO3gmPuxFBk7GpGxzQ+/V6ilaYPzUkuWHKXUElZY8Le+MQI31TlUg/38psZg/1/RT8+ q09g==
X-Gm-Message-State: AN3rC/7nS4JMAVp8u3vdM/MgCQ0s9RsPa0WD3v8seiydC7Vu9CEtYk/g QCLKdqQxvoyGBGCNay/xXKsYEhPzTA==
X-Received: by 10.28.157.84 with SMTP id g81mr22679180wme.120.1492151355199; Thu, 13 Apr 2017 23:29:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.167.67 with HTTP; Thu, 13 Apr 2017 23:29:14 -0700 (PDT)
In-Reply-To: <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com>
References: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com> <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com>
From: Padma Pillay-Esnault <padma.ietf@gmail.com>
Date: Thu, 13 Apr 2017 23:29:14 -0700
Message-ID: <CAG-CQxpQnZ=jQL49s_XX1fHFNu5QNgqTXueg4A1sAfRQT6QQCQ@mail.gmail.com>
To: Robert Moskowitz <rgm-ietf@htt-consult.com>
Cc: ideas@ietf.org, Padma Pillay-Esnault <padma.ietf@gmail.com>
Content-Type: multipart/alternative; boundary=001a114ba0227a57d3054d1a8f9c
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/bZcX_kTmGGangLNgexV3o1jjFZY>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 06:29:20 -0000

Hi Robert

I have a few comments

See below <PPE>

On Thu, Apr 13, 2017 at 4:58 PM, Robert Moskowitz <rgm-ietf@htt-consult.com>
wrote:

> I am finally getting back to this subject.
>
>
> On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
>
>> The Identifier/Identity definitions in draft-padma-ideas-problem-statement-01.txt
>> is a good start, it fails in the appreviations used. (There is NO
>> abbreviation for Identity!)
>>
>> ID should NOT be the appreviation of Identitfier.  People will default to
>> thinking 'Identity' when they see it.  Think about people outside our
>> discussion group.
>>
>> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>>
>> I will be working on proposed wording to improve these definitions.
>>
>
> I have worked up definitions, sent it out to a few reviewers, got some
> comments and questions.  First my current draft, then a few questions:
>
> Replacement text for:    draft-padma-ideas-problem-statement
>
> Identity (Abbr: IDT or IDt):    A collection of information that is unique
> to an object and differentiates it from all other objects.
>

<PPE> Would prefer entity to object in keeping of the definition in the
draft.

>
> An identity consists of information that is stated about the object by
> itself or a governing authority. It consists of a set of attributes and/or
> actions the object can take.  An Identity may be assigned a lifetime (e.g.,
> a time period), which is determined by either the object or the governing
> authority responsible for defining the identity of the object, or a
> designated third party. An object can have multiple Identities and can
> create and discard Identities at will.  An Identity may be
> ‘indestructible’. That is, it is so unique and non replicatible that no
> other object could ever duplicate it, nor can the object discard it within
> its lifetime without being a ‘clone’ object.  Identity is used in
> authentication registration and policy ownership proofs.
>
> <PPE> Can we infer than an identity may apply to a group of entities? I
think this is an important aspect not sure the text above reflects that.


>
> Identifier (Abbr: IDF or IDf):    A label that is unique for an object a
> particular scope.
>
> The label follows strict construction rules for the objects and the
> context that the label is applied to.  For a particular context, an
> Identifier is used to reference an Identity for the object.  In most cases,
> an Identifier is bound to an Identity through some trusted mechanism.  An
> Identity can have different Identifiers, potentially following different
> construction rules, for different contexts and/or domains of applicability.
>
>
> ==========
>
> Now onto a few questions:
>
> Per: "An object can have multiple Identities" clause, I am challenged with
>
> "This is VERY dangerous. In most software systems, it is the
> responsibility of the management system to assign a single identity to an
> object when it is created. If an object has multiple identities, it could
> suffer from 'multiple personality syndrome'.
>
> <PPE> I tend to agree with you I would prefer one identity but multiple
identifiers.


> More importantly, if the object is allowed to create and discard
> identities at will, how do other objects know that the object is who it
> attests to be?"
>
> <PPE> this is where I think there should always be a Permanent identity
which sticks but it can take aliases but those are bound to the permanent
one.


> I think it is very important for some situations for support of multiple
> Identities.  No all.  There are domains as indicated above where it causes
> big problems.
>
> Per: "An Identity may be ‘indestructible’." clause, I am challenged with
>

<PPE>  Reading the definition above I felt we should be very careful how to
implement this and in what circumstance. My read is that this is a
permanent identity.

>
> "This doesn’t make any sense. Why would anyone care if the identity is
> indestructible or not?"
>
> I can think of examples of such Identities, or claim of such Identities,
> like DNA.
>
> And finally, Per: "Identity is used in authentication registration and
> policy ownership proofs." clause, I am challenged with
>
> "What does this mean?"
>
> <PPE> the objective here to have a mechanism where an entity has a means
to prove that it is what it is supposed to be and prevent hijacking of its
identity.


> I will have to work on this some more, or perhaps it does not belong in
> the definition section.
>
> Comments please
>
>
<PPE> There are important definitions and thanks for taking a stab at this

Padma

>
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
>