Re: [Ideas] Diasambugating Identifier and Identity

Robert Moskowitz <rgm-ietf@htt-consult.com> Thu, 13 April 2017 23:58 UTC

Return-Path: <rgm-ietf@htt-consult.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 763F91276AF for <ideas@ietfa.amsl.com>; Thu, 13 Apr 2017 16:58:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.303
X-Spam-Level:
X-Spam-Status: No, score=-2.303 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VSiB7P0z_ZfN for <ideas@ietfa.amsl.com>; Thu, 13 Apr 2017 16:58:16 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13FC2126579 for <ideas@ietf.org>; Thu, 13 Apr 2017 16:58:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id BEA366239C for <ideas@ietf.org>; Thu, 13 Apr 2017 19:58:14 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id t3eWe2AtH+Je for <ideas@ietf.org>; Thu, 13 Apr 2017 19:58:11 -0400 (EDT)
Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id AB0926239B for <ideas@ietf.org>; Thu, 13 Apr 2017 19:58:08 -0400 (EDT)
To: ideas@ietf.org
References: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com>
From: Robert Moskowitz <rgm-ietf@htt-consult.com>
Message-ID: <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com>
Date: Thu, 13 Apr 2017 19:58:04 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/k7lggvKGhfCVVoGzKsXGq1A5Axc>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2017 23:58:18 -0000

I am finally getting back to this subject.


On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
> The Identifier/Identity definitions in 
> draft-padma-ideas-problem-statement-01.txt is a good start, it fails 
> in the appreviations used. (There is NO abbreviation for Identity!)
>
> ID should NOT be the appreviation of Identitfier.  People will default 
> to thinking 'Identity' when they see it.  Think about people outside 
> our discussion group.
>
> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>
> I will be working on proposed wording to improve these definitions.

I have worked up definitions, sent it out to a few reviewers, got some 
comments and questions.  First my current draft, then a few questions:

Replacement text for:    draft-padma-ideas-problem-statement

Identity (Abbr: IDT or IDt):    A collection of information that is 
unique to an object and differentiates it from all other objects.

An identity consists of information that is stated about the object by 
itself or a governing authority. It consists of a set of attributes 
and/or actions the object can take.  An Identity may be assigned a 
lifetime (e.g., a time period), which is determined by either the object 
or the governing authority responsible for defining the identity of the 
object, or a designated third party. An object can have multiple 
Identities and can create and discard Identities at will.  An Identity 
may be ‘indestructible’. That is, it is so unique and non replicatible 
that no other object could ever duplicate it, nor can the object discard 
it within its lifetime without being a ‘clone’ object.  Identity is used 
in authentication registration and policy ownership proofs.


Identifier (Abbr: IDF or IDf):    A label that is unique for an object a 
particular scope.

The label follows strict construction rules for the objects and the 
context that the label is applied to.  For a particular context, an 
Identifier is used to reference an Identity for the object.  In most 
cases, an Identifier is bound to an Identity through some trusted 
mechanism.  An Identity can have different Identifiers, potentially 
following different construction rules, for different contexts and/or 
domains of applicability.


==========

Now onto a few questions:

Per: "An object can have multiple Identities" clause, I am challenged with

"This is VERY dangerous. In most software systems, it is the 
responsibility of the management system to assign a single identity to 
an object when it is created. If an object has multiple identities, it 
could suffer from 'multiple personality syndrome'.

More importantly, if the object is allowed to create and discard 
identities at will, how do other objects know that the object is who it 
attests to be?"

I think it is very important for some situations for support of multiple 
Identities.  No all.  There are domains as indicated above where it 
causes big problems.

Per: "An Identity may be ‘indestructible’." clause, I am challenged with

"This doesn’t make any sense. Why would anyone care if the identity is 
indestructible or not?"

I can think of examples of such Identities, or claim of such Identities, 
like DNA.

And finally, Per: "Identity is used in authentication registration and 
policy ownership proofs." clause, I am challenged with

"What does this mean?"

I will have to work on this some more, or perhaps it does not belong in 
the definition section.

Comments please