Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

["Joel M. Halpern" <jmh@joelhalpern.com>]

Uma,
     It simply does not follow that you need an identity in order to be 
able to update the mapping system.  You do need authentication.
      If you use DNS, then mechanissm such as the authentication used 
with dynamic DNS suffice.
      If you use LISP, then the keying associated with the delegation of 
the identifier works.
      If you use MobileIP, then you need the authentication with your 
home register.

     There is no need for any special Identity.

Yours,
Joel

On 10/4/17 8:46 PM, Uma Chunduri wrote:
> Jari,
> 
> 	> Secondly, I’m have similar concerns to Christian, Lars, Stephen and others.
> 	> More specifically, at the BOF the goal seemed to be creation of infrastructures to manage and track identities, and to bind them to entities that assigned them.
>                  > I am not at all sure that’s a desirable direction. And the charter says little about the assumptions behind the work.
> 	>To expand a bit on these concerns, the proposed work doesn’t consider at all the types of identifier operations that work on ephemeral identities (e.g., HIP, MP-TCP).
>                  >It would be sad if we created systems that forced us to manage identifiers from some infrastructure when all we needed to do in a particular case was “prove that you are
>                  >the same entity as in the other connection”, which can be done e2e and requires no infrastructure, or permanent identifiers.
> 
> 
> I hope you agree, when we talk about a mapping system - it's important
> 
>       - Who can update the mappings
>       - Who can access the mappings
> 
> Both needs AUTH and hence an Identity (EAP or whatever mechanism with anonymous or pseudonymous access) & provider ==> essentially an access ID.
> If you don't restrict who can access the mapping (2nd question) one would get a primitive system, but the ability to provide some control is useful for lot of scenarios (including lot of IoT/Vehicular nodes having mobility and multi-access).
> In any case, you should still restrict who can update whose mappings.
> 
> You need this "standardized" system with well-defined interfaces  for
>     a.  lot of local IoT/enterprise deployments and
>     b.  can be  extended through a federated system where only mapping of Identifiers and locations can be shared among providers for further reachability (central to any mobility system, regardless of which ID/LOC protocol).
> 
> With regard to privacy concerns raised, I still believe there are IETF approved solutions like https://tools.ietf.org/wg/abfab/ can be leveraged here too.
> 
> What data plane identifier is another aspect and that is governed by ID/LOC protocols.
> 
> --
> Uma C.
>