Re: [Ideas] Your Input requested: Charter Proposal New Version

[Lan Gao <langao@cdi.cn>]

I agree with Sam. Specific chartered tasks or a statement referencing the
chartered tasks should be added to the Deliverables as the current document
only implies that they will be met by the Generic Identity Services
Framework.

Regards,

Lan Gao

On Thu, Aug 10, 2017 at 7:26 AM, Uma Chunduri <uma.chunduri@huawei.com>
wrote:

> Hi Diego,
>
> In-line [Uma1]:
>
> -----Original Message-----
> From: Diego R. Lopez [mailto:diego.r.lopez@telefonica.com]
> Sent: Wednesday, August 09, 2017 3:58 PM
> To: Uma Chunduri <uma.chunduri@huawei.com>; Tom Herbert <
> tom@herbertland.com>; Padma Pillay-Esnault <padma.ietf@gmail.com>
> Cc: ideas@ietf.org
> Subject: Re: [Ideas] Your Input requested: Charter Proposal New Version
>
> Hi Uma,
>
> On 10/8/2017, 24:30 , "Uma Chunduri" <uma.chunduri@huawei.com> wrote:
>
>         > - in addition, introduce the concept of identity-identifier
> split and new
>         > mechanisms that let endpoints dynamically change identifiers.
> These new
>         > functionalities may, for example, facilitate anonymity through
> obscurity
>         > while preventing security issues that might result from abuse,
> ensuring that
>         > information about actual endpoints and their location is
> revealed only on a
>         > need-to-know basis.
>         >
>         Padma,
>
>         I don't think this goes far enough in terms of protections for
> users
>         against the potential abuse of something that might be able to
>         individually and persistently identify them on the Internet. First,
>         it's not clear what network layer identity means in this context. I
>         hope it refers to an ad hoc collection of identifiers as opposed to
>         the identity of individual users or devices. In any case maybe a
>         definition of identity might be in order here. Secondly, I think it
>         should be stated up front that identity cannot in any way be used
> to
>         identify individual users, it cannot be used to create a global
>         database of Internet users, in no way can it be used by networks or
>         governments to track or block individuals, nor can it ever be
> required
>         for communications. That implies network layer identities cannot
>         contain PII (personally identifiable information) and cannot be
>         permanently assigned to users or devices (in the same spirit that
>         Ethernet addresses were removed from IIDs because of privacy
>         concerns).
>
>         Thanks,
>         Tom
>
>     When it comes to these concerns I’d strongly recommend to have a look
> at how identity attributes were exchanged and trust established within the
> ABFAB framework (https://tools.ietf.org/wg/abfab/)
>
>     [Uma]: Though  this is not about SSOs or application stuff, thanks for
> the pointer.
>                     I always believed EAP has a role to play for IDy auth
> procedures and lot of concerns brought out here (especially related to
> Identity-privacy) are effectively taken care with existing mechanisms.
>
> ABFAB was not about SSO, but about using user identities to allow their
> access to network services while protecting user privacy. And among those
> services you could consider any kind of application or connectivity service…
>
> [Uma1]: Thanks for the correction.  Yes, what is needed for IDEAS is to
> access AUTH to GRIDS by entity and also simple policy  at Identity
> (referring Identity through Identifier in the packet regardless of which
> Identifier of the entity is used).
>                   Sure, we ought to re-use any existing and well defined
> mechanisms for this purpose.
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
>