Re: [Ideas] New revision posted on draft-ccm-ideas-identity-use-cases

Alexander Clemm <> Mon, 16 October 2017 22:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A083F133205 for <>; Mon, 16 Oct 2017 15:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iTW_D8f2mX1P for <>; Mon, 16 Oct 2017 15:38:15 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C1E3213458D for <>; Mon, 16 Oct 2017 15:38:14 -0700 (PDT)
Received: from (EHLO ([]) by (MOS 4.3.7-GA FastPath queued) with ESMTP id DXW04401; Mon, 16 Oct 2017 22:38:13 +0000 (GMT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.361.1; Mon, 16 Oct 2017 23:38:12 +0100
Received: from ([]) by ([]) with mapi id 14.03.0361.001; Mon, 16 Oct 2017 15:38:04 -0700
From: Alexander Clemm <>
To: Tom Herbert <>
CC: "" <>
Thread-Topic: [Ideas] New revision posted on draft-ccm-ideas-identity-use-cases
Thread-Index: AdNCJ759WLnyNEFUS8OQ3qb/AaAdvwEO/iGAABpkCnA=
Date: Mon, 16 Oct 2017 22:38:03 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.59E534D5.00C8, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: afa5e0de417254cf2e08e7fc38f7ab7a
Archived-At: <>
Subject: Re: [Ideas] New revision posted on draft-ccm-ideas-identity-use-cases
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 16 Oct 2017 22:38:16 -0000

Hello Tom,

Thank you for your comments.  Some brief replies, inline, <ALEX>

--- Alex

> -----Original Message-----
> From: Tom Herbert []


> By my count this is at least the fifth definition of identity that has been
> proposed either in drafts or on the list, and this one is no more enlightening
> than any of the previous definitions. First of all, this says identity is an
> "identifier". Does this mean that identity is a type of identifier per the
> definition of identifier above? Secondly, this says identity is used to identify a
> communication entity, however above it says an identifier "denotes
> information to unambiguously identify a communications entity"-- so both of
> them "identify a communications entity"... I don't see the difference.

<ALEX> Well, the definitions are evolving as we hope to get them more concise.  

For that definition: yes, the IDy is an identifier.  However, it is a "special" identifier in that it is never revealed in packet header, nor revealed to another communications entity - unlike an IDf.  

Another aspect that is mentioned in the draft, but not in the definitions (and we need to revisit this) concerns the distinction between a "second-order" (IDf) and a "first-order" identifier (IDy) - the second-order potentially be rooted / anchored in the first-order identifier, respectively the first-order identifier really denoting a collection / grouping of "second-order" identifiers.  As mentioned below, perhaps  we should add an articulation such as "" An IDy serves as a collection of identifiers that are associated with the same endpoint"


> The rest of the draft, including the picture of the relationship between
> identifiers, identify, and locators, seems to imply a potentially more useful
> and crisp definition of identity. As stated in the introduction: "An IDy serves
> as a collection of identifiers that are associated with the same endpoint". This
> could be rephrased to define identity as "a group of identifiers that share
> some common properties". Given this "group" definition of identity, then it
> becomes natural to consider group policy and group operations over sets of
> identifiers.

<ALEX> I am glad that you find that things are getting crisper - I take it to mean that we are on the right path!  Yes, this is what we need to reflect / incorporate.  However, I think we need to be more specific than just saying IDy refers to a grouping in the general sense - it refers to a grouping of identifiers that refer to the same communications entity  (that is the property they have in common, I guess)