Re: [Ideas] Diasambugating Identifier and Identity

Michael Menth <menth@uni-tuebingen.de> Wed, 26 April 2017 14:20 UTC

Return-Path: <menth@uni-tuebingen.de>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C49A012EC67 for <ideas@ietfa.amsl.com>; Wed, 26 Apr 2017 07:20:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLeMpVCc8_M4 for <ideas@ietfa.amsl.com>; Wed, 26 Apr 2017 07:20:50 -0700 (PDT)
Received: from mx04.uni-tuebingen.de (mx04.uni-tuebingen.de [134.2.5.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59F8012EB27 for <ideas@ietf.org>; Wed, 26 Apr 2017 07:13:44 -0700 (PDT)
Received: from [134.2.82.60] (u-082-c060.eap.uni-tuebingen.de [134.2.82.60]) by mx04.uni-tuebingen.de (Postfix) with ESMTPSA id 25C833442; Wed, 26 Apr 2017 16:13:42 +0200 (CEST)
To: "Liubingyang (Bryan)" <liubingyang@huawei.com>, Alexander Clemm <alexander.clemm@huawei.com>, Robert Moskowitz <rgm-ietf@htt-consult.com>, "ideas@ietf.org" <ideas@ietf.org>
References: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com> <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com> <082a1bcc-d79a-75b0-18e6-6db705627ce5@uni-tuebingen.de> <afbac9ba-0b9c-c479-8db5-8abc4e8a998a@htt-consult.com> <c260d5f8-d349-8a33-5bc6-8cbf375cf908@uni-tuebingen.de> <644DA50AFA8C314EA9BDDAC83BD38A2E0DF92CB0@SJCEML701-CHM.china.huawei.com> <161f2434-d3ab-efdc-2b5b-5582d80c6b9c@uni-tuebingen.de> <C1CE72EE84AF224E94DA21AE134209EE0102F0EF@SZXEMI508-MBS.china.huawei.com>
From: Michael Menth <menth@uni-tuebingen.de>
Message-ID: <4abc17ba-5fbf-6382-30ac-df5d37b20812@uni-tuebingen.de>
Date: Wed, 26 Apr 2017 16:13:26 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <C1CE72EE84AF224E94DA21AE134209EE0102F0EF@SZXEMI508-MBS.china.huawei.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/oJOzQdxzVg5y5Q4ypenMQFJFWVc>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2017 14:20:54 -0000

Hi all,

I see that we leverage a mapping system to map identifiers to some
information (locators, service information, priorities, whatever). The
identity seems most useful to me for authenticated registration of the
mapping information. What else are identities good for?

Regards,

Michael

Am 26.04.2017 um 12:04 schrieb Liubingyang (Bryan):
> It seems that there are a thousand Hamlets in a thousand people's eyes :p
> 
> I think the real reason for the disagreements on the definitions is that we have not got a consensus on what they are used for yet. Or the even deeper question is what functions we need for IDEAS. If we can agree on the functions we need, then we can define a term that we use to provide the function. 
> 
> For example, (one of) the real reason we want identifiers is that we want something that does not change with topology locations to identify mobile communication end point, which functions that cannot be carried by IP addresses. Since (I believe) we all have consensus on this function, we can at least agree that identifier is topology-independent label that identifies a communication end point. 
> 
> For identities, I suggest we first discuss what new functions, which cannot be carried by identifiers, we want to bring into IDEAS. If we have consensus on the functionalities, we can easily make a definition. 
> 
> Dino said that we could move on to bigger fish to fry. I think new function are big thing. 
> 
> Bingyang (Bryan) 
> 
> -----Original Message-----
> From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Michael Menth
> Sent: Wednesday, April 26, 2017 5:57 AM
> To: Alexander Clemm <alexander.clemm@huawei.com>;; Robert Moskowitz <rgm-ietf@htt-consult.com>;; ideas@ietf.org
> Subject: Re: [Ideas] Diasambugating Identifier and Identity
> 
> Hi Alex,
> 
> thanks for your comments. I see your points. We possibly should avoid specifying what exactly constitutes the identity as anything but its identifier may change. We said, one identity may have several identifiers, e.g., after a merging identities, but different identities certainly have different identifiers.
> 
> When I think about an entitiy having multiple identities, a human being with multiple email addresses comes to my mind. An email address may be an identity to some extent, but we know that several of them may belong to the same person. I don't think we need to consider that because that is beyond the considered context of email addresses. We could just live with different identities that are different in a certain context.
> 
> Another try:
> 
> An identity (Idy) is a distiguishable entity within a context.
> 
> An identifier (Idf) is a unique label.
> 
> An Idy may have multiple Idfs but different Idys have different Idys so that Idys can be distinguished by their Idfs. Idfs often follow construction rules.
> 
> Is that closer to a core definition or are mort important aspects missing?
> 
> Regards,
> 
> Michael
> 
> 
> 
> Am 25.04.2017 um 02:48 schrieb Alexander Clemm:
>> Coming back to this thread... I do agree with the notion of identifier.  However, I am not sure I agree with the notion of identity as discussed below.
>>
>> When you state "An identity (Idy) is a collection of data that distinguishes an entity  within its domain. An entity may have different Idy for different domains.", I see several issues:
>> - For one I don't think an identity is merely a collection of data.  That would be a data record.  Also, if you change any of the data, you don't automatically change the identity - while some metadata may indeed be an inseparable characteristic of an identity, other may not.  So, at a minimum there needs to be some distinction about that, which is not captured in the definition.  
>> - Why do we need to bring a notion of "domain" into this definition.  I don't think this is necessary.  Identifiers can be relative to a domain, but identity?  At a minimum, this requires clarification.  Maybe there is a notion of "also known as" by which the same entity is identified differently in different domains.  If we do bring "domain" into the picture, this needs to be clearly explained as well.  In that case, the question also arises what it means for the same "object" to be part of two "domains" - is there something that links the "identities" across those domains "together" - this could be considered the very identity; if not, something is missing and a third concept (for "entity" or the real "self") may be needed, which we should really avoid.  
>> - I am not sure that a single entity should have multiple identities.  In this case, identity really means not much else than yet-another-identifier.  
>>
>> --- Alex
>>
>> -----Original Message-----
>> From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Michael Menth
>> Sent: Friday, April 14, 2017 11:35 AM
>> To: Robert Moskowitz <rgm-ietf@htt-consult.com>;; ideas@ietf.org
>> Subject: Re: [Ideas] Diasambugating Identifier and Identity
>>
>> Looks good to me.
>>
>> Michael
>>
>> Am 14.04.2017 um 20:26 schrieb Robert Moskowitz:
>>>
>>>
>>> On 04/14/2017 02:45 AM, Michael Menth wrote:
>>>> Hi Robert, hi all,
>>>>
>>>> thanks for your thought-provoking mail. Reading the definitions gave 
>>>> me the impression that identities can have very different properties 
>>>> depending on their domains. I feel the text is stimulating but too 
>>>> long for a definition.
>>>>
>>>> What about:
>>>>
>>>> An identity (Idy) is a distinguishable entity within its domain.
>>>>
>>>> An identifier (Idf) is a label for an Idy. An Idy may have multiple 
>>>> Idfs.
>>>
>>> An identity (Idy) is a collection of data that distinguishes an 
>>> entity within its domain. An entity may have different Idy for different domains.
>>>
>>> An identifier (Idf) is a label for an Idy, often following 
>>> construction rules. An Idy may have multiple Idfs.
>>>
>>>
>>>>
>>>> Anything beyond this definition are valid observations that show the 
>>>> diverse properties of domain-specific Idys. A discussion including 
>>>> examples for entities and domains is helpful for illustration. This 
>>>> also pertains to the relation between objects and Idys.
>>>>
>>>> Regards,
>>>>
>>>> Michael
>>>>
>>>> Am 14.04.2017 um 01:58 schrieb Robert Moskowitz:
>>>>> I am finally getting back to this subject.
>>>>>
>>>>>
>>>>> On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
>>>>>> The Identifier/Identity definitions in 
>>>>>> draft-padma-ideas-problem-statement-01.txt is a good start, it 
>>>>>> fails in the appreviations used. (There is NO abbreviation for
>>>>>> Identity!)
>>>>>>
>>>>>> ID should NOT be the appreviation of Identitfier.  People will 
>>>>>> default to thinking 'Identity' when they see it.  Think about 
>>>>>> people outside our discussion group.
>>>>>>
>>>>>> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>>>>>>
>>>>>> I will be working on proposed wording to improve these definitions.
>>>>> I have worked up definitions, sent it out to a few reviewers, got 
>>>>> some comments and questions.  First my current draft, then a few questions:
>>>>>
>>>>> Replacement text for:    draft-padma-ideas-problem-statement
>>>>>
>>>>> Identity (Abbr: IDT or IDt):    A collection of information that is
>>>>> unique to an object and differentiates it from all other objects.
>>>>>
>>>>> An identity consists of information that is stated about the object 
>>>>> by itself or a governing authority. It consists of a set of 
>>>>> attributes and/or actions the object can take.  An Identity may be 
>>>>> assigned a lifetime (e.g., a time period), which is determined by 
>>>>> either the object or the governing authority responsible for 
>>>>> defining the identity of the object, or a designated third party. 
>>>>> An object can have multiple Identities and can create and discard 
>>>>> Identities at will.  An Identity may be 'indestructible'. That is, 
>>>>> it is so unique and non replicatible that no other object could 
>>>>> ever duplicate it, nor can the object discard it within its 
>>>>> lifetime without being a 'clone' object.  Identity is used in authentication registration and policy ownership proofs.
>>>>>
>>>>>
>>>>> Identifier (Abbr: IDF or IDf):    A label that is unique for an object a
>>>>> particular scope.
>>>>>
>>>>> The label follows strict construction rules for the objects and the 
>>>>> context that the label is applied to.  For a particular context, an 
>>>>> Identifier is used to reference an Identity for the object.  In 
>>>>> most cases, an Identifier is bound to an Identity through some 
>>>>> trusted mechanism.  An Identity can have different Identifiers, 
>>>>> potentially following different construction rules, for different 
>>>>> contexts and/or domains of applicability.
>>>>>
>>>>>
>>>>> ==========
>>>>>
>>>>> Now onto a few questions:
>>>>>
>>>>> Per: "An object can have multiple Identities" clause, I am 
>>>>> challenged with
>>>>>
>>>>> "This is VERY dangerous. In most software systems, it is the 
>>>>> responsibility of the management system to assign a single identity 
>>>>> to an object when it is created. If an object has multiple 
>>>>> identities, it could suffer from 'multiple personality syndrome'.
>>>>>
>>>>> More importantly, if the object is allowed to create and discard 
>>>>> identities at will, how do other objects know that the object is 
>>>>> who it attests to be?"
>>>>>
>>>>> I think it is very important for some situations for support of 
>>>>> multiple Identities.  No all.  There are domains as indicated above 
>>>>> where it causes big problems.
>>>>>
>>>>> Per: "An Identity may be 'indestructible'." clause, I am challenged 
>>>>> with
>>>>>
>>>>> "This doesn't make any sense. Why would anyone care if the identity 
>>>>> is indestructible or not?"
>>>>>
>>>>> I can think of examples of such Identities, or claim of such 
>>>>> Identities, like DNA.
>>>>>
>>>>> And finally, Per: "Identity is used in authentication registration 
>>>>> and policy ownership proofs." clause, I am challenged with
>>>>>
>>>>> "What does this mean?"
>>>>>
>>>>> I will have to work on this some more, or perhaps it does not 
>>>>> belong in the definition section.
>>>>>
>>>>> Comments please
>>>>>
>>>>> _______________________________________________
>>>>> Ideas mailing list
>>>>> Ideas@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/ideas
>>>
>>
>> --
>> Prof. Dr. habil. Michael Menth
>> University of Tuebingen
>> Faculty of Science
>> Department of Computer Science
>> Chair of Communication Networks
>> Sand 13, 72076 Tuebingen, Germany
>> phone: (+49)-7071/29-70505
>> fax: (+49)-7071/29-5220
>> mailto:menth@uni-tuebingen.de
>> http://kn.inf.uni-tuebingen.de
>>
>> _______________________________________________
>> Ideas mailing list
>> Ideas@ietf.org
>> https://www.ietf.org/mailman/listinfo/ideas
>>
>> _______________________________________________
>> Ideas mailing list
>> Ideas@ietf.org
>> https://www.ietf.org/mailman/listinfo/ideas
>>
> 
> --
> Prof. Dr. habil. Michael Menth
> University of Tuebingen
> Faculty of Science
> Department of Computer Science
> Chair of Communication Networks
> Sand 13, 72076 Tuebingen, Germany
> phone: (+49)-7071/29-70505
> fax: (+49)-7071/29-5220
> mailto:menth@uni-tuebingen.de
> http://kn.inf.uni-tuebingen.de
> 
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
> 

-- 
Prof. Dr. habil. Michael Menth
University of Tuebingen
Faculty of Science
Department of Computer Science
Chair of Communication Networks
Sand 13, 72076 Tuebingen, Germany
phone: (+49)-7071/29-70505
fax: (+49)-7071/29-5220
mailto:menth@uni-tuebingen.de
http://kn.inf.uni-tuebingen.de