Re: [Ideas] Diasambugating Identifier and Identity

Michael Menth <menth@uni-tuebingen.de> Thu, 27 April 2017 22:15 UTC

Return-Path: <menth@uni-tuebingen.de>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1525912947A for <ideas@ietfa.amsl.com>; Thu, 27 Apr 2017 15:15:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e_l46N-RQMue for <ideas@ietfa.amsl.com>; Thu, 27 Apr 2017 15:15:08 -0700 (PDT)
Received: from mx04.uni-tuebingen.de (mx04.uni-tuebingen.de [134.2.5.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0805E1270A0 for <ideas@ietf.org>; Thu, 27 Apr 2017 15:12:27 -0700 (PDT)
Received: from [192.168.1.101] (hsi-kbw-5-56-217-255.hsi17.kabel-badenwuerttemberg.de [5.56.217.255]) by mx04.uni-tuebingen.de (Postfix) with ESMTPSA id 5B09A3E3C8; Fri, 28 Apr 2017 00:12:25 +0200 (CEST)
To: Alexander Clemm <alexander.clemm@huawei.com>, Dino Farinacci <farinacci@gmail.com>, "Liubingyang (Bryan)" <liubingyang@huawei.com>
References: <7443f8eb-181c-be31-8e80-9250b4a54e60@htt-consult.com> <abd7608c-54b9-a381-fdf2-c5964dc37078@htt-consult.com> <082a1bcc-d79a-75b0-18e6-6db705627ce5@uni-tuebingen.de> <afbac9ba-0b9c-c479-8db5-8abc4e8a998a@htt-consult.com> <c260d5f8-d349-8a33-5bc6-8cbf375cf908@uni-tuebingen.de> <644DA50AFA8C314EA9BDDAC83BD38A2E0DF92CB0@SJCEML701-CHM.china.huawei.com> <161f2434-d3ab-efdc-2b5b-5582d80c6b9c@uni-tuebingen.de> <C1CE72EE84AF224E94DA21AE134209EE0102F0EF@SZXEMI508-MBS.china.huawei.com> <454B13B3-E2E5-41DB-84F4-BF880374F696@gmail.com> <644DA50AFA8C314EA9BDDAC83BD38A2E0DF93415@SJCEML701-CHM.china.huawei.com> <a4f0687d-917f-6507-50a0-63b3b77a0caa@uni-tuebingen.de> <644DA50AFA8C314EA9BDDAC83BD38A2E0DF93894@SJCEML701-CHM.china.huawei.com> <1ae6eac8-3d56-d838-14dc-94a6abccd47f@uni-tuebingen.de> <644DA50AFA8C314EA9BDDAC83BD38A2E0DF93AFB@SJCEML701-CHM.china.huawei.com>
Cc: "ideas@ietf.org" <ideas@ietf.org>, Robert Moskowitz <rgm-ietf@htt-consult.com>
From: Michael Menth <menth@uni-tuebingen.de>
Message-ID: <54c3d757-bcd6-051e-7785-3941bb41c5c4@uni-tuebingen.de>
Date: Fri, 28 Apr 2017 00:12:10 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <644DA50AFA8C314EA9BDDAC83BD38A2E0DF93AFB@SJCEML701-CHM.china.huawei.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/uzzvNIuAdJV88dbP0fevu0beGps>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2017 22:15:11 -0000

Hi Alex,

Am 27.04.2017 um 22:04 schrieb Alexander Clemm:
> Hi Michael,
> 
> In your example, it sounds as if you are effectively having the cidX take on a similar role of an identity - various identifiers are grouped together under the umbrella of their unifying cidX, which is now used in lieu of - but similar role as (minus the authentication) - an identity.
Right. I just want to say that an identity is not necessarily needed to
provide joint information for a set of identifiers.

  You can do that, but what you are arguing, then, is in effect to
restrict the discussion to identifiers and identifier-enabled networks;
identity and identity-enabled networks would be a misnomer unless used
as a synonym.  The thread started with disambiguating identifier and
identity; if we decided that we want to have as scope for the work
identifier-enabled networks (without need for the notion of identity
distinct from an identifier), the disambiguation would no longer matter.
I don't want to get rid of the term identity, I'd rather like to filter
out the very essence of an identity.
Is it just the authentication part or something else?
Certainly not - because we may have a "cidX" whithout authentication
features which is still able to bind several identifiers together.
Is an identity just a "collection of data"? No, because if we have
another identical collection of data, then we don't know which is which.

Can we say it is a distinguishable entity? It may have a collection of
data and may also have some means for authentication. If we have equal
products without a serial number, we probably wouldn't talk about
identities. But with a serial number, they can be distinguished, so that
we can talk about identities. However, it's not the serial number or
identifier that makes them an identity, it rather the distinguishability
which could alternatively be achieved through a collection of data. Hm,
too philosophical?

Regards,

Michael


> 
> One other clarification inline, <ALEX>
> 
> Cheers
> --- Alex
> 
> -----Original Message-----
> From: Michael Menth [mailto:menth@uni-tuebingen.de] 
> Sent: Thursday, April 27, 2017 7:16 AM
> To: Alexander Clemm <alexander.clemm@huawei.com>om>; Dino Farinacci <farinacci@gmail.com>om>; Liubingyang (Bryan) <liubingyang@huawei.com>
> Cc: ideas@ietf.org; Robert Moskowitz <rgm-ietf@htt-consult.com>
> Subject: Re: [Ideas] Diasambugating Identifier and Identity
> 
> Hi Alex,
> 
> Am 27.04.2017 um 04:00 schrieb Alexander Clemm:
>> Hi Michael,
>>
>> For your example: yes, you can do what you describe.  Of course, you need to have the same metadata replicated for each identifier.  
> No, the metadate is mapped only to the single "cidX". But multiplce nidn are mapped to this single contract id.
> 
> When the entity decides to use another identifier, its metadata needs to be copied as well.
> No, we just need another mapping nid3 -> cidX
> 
> When you change the metadata, you need to change it in all records.
> No, we just need to change the metadata associated to the single "cidX".
> 
> And there may be more than one piece of metadata; for example, I may be an entity of a certain type.  With a flat identifier-only scheme, the data must be maintained redundantly.
> Hm, not sure what you mean.
> 
> <ALEX>  What I meant here is there can be other metadata associated with an entity, not just the contract, but for example information of which type a certain endpoint is - for example, if it is a connected vehicle, a server, a mobile CPE.  If an entity has several identifiers, and the same metadata applies to each, it needs to be maintained redundantly (unless you put it under some common umbrella that "unites" the identifiers, such as an identity).  
> </ALEX>
>   
> Regards, Michael
> 
> 
>>
>> --- Alex
>>
>> -----Original Message-----
>> From: Michael Menth [mailto:menth@uni-tuebingen.de]
>> Sent: Wednesday, April 26, 2017 12:56 PM
>> To: Alexander Clemm <alexander.clemm@huawei.com>om>; Dino Farinacci 
>> <farinacci@gmail.com>om>; Liubingyang (Bryan) <liubingyang@huawei.com>
>> Cc: Robert Moskowitz <rgm-ietf@htt-consult.com>om>; ideas@ietf.org
>> Subject: Re: [Ideas] Diasambugating Identifier and Identity
>>
>> Hi Alex,
>>
>> can't a contract be represented by a contract identifier (cidX) to which several networking identifiers (nidn) are mapped?
>>
>> nid0 -> cidX
>> nid1 -> cidX
>> nid2 -> cidX
>> cidX -> someProperty
>>
>> This contract identifier may be mapped to some property yielding a kind of hierarchical mapping. What I want to say is, I don't see the gain of an identity concept in this example.
>>
>> I ask again: what's the value of identities beyond authentication for registration purposes?
>>
>> Regards,
>>
>> Michael
>>
>>
>> Am 26.04.2017 um 21:38 schrieb Alexander Clemm:
>>> Yes, I think we agree on the notion of identifier.  
>>>
>>> Of course, this is not just about identifier- but identity-enabled networking, so there is still that other aspect needing to be fleshed out. Re: Michael's question, authentication is one of its applications, but I think there are others, for example related to metadata (back to the earlier point of whether identity is a data record) - an example would be the "type" of endpoint which applies regardless whether one or many identifiers are being used.  Related to metadata, you could have policies that are applied based on identity (e.g. an entity with a paid contract), not based on which one of several identifiers an entity happens to use.   
>>>
>>> -- Alex
>>>
>>> -----Original Message-----
>>> From: Dino Farinacci [mailto:farinacci@gmail.com]
>>> Sent: Wednesday, April 26, 2017 10:26 AM
>>> To: Liubingyang (Bryan) <liubingyang@huawei.com>
>>> Cc: Michael Menth <menth@uni-tuebingen.de>de>; Alexander Clemm 
>>> <alexander.clemm@huawei.com>om>; Robert Moskowitz 
>>> <rgm-ietf@htt-consult.com>om>; ideas@ietf.org
>>> Subject: Re: [Ideas] Diasambugating Identifier and Identity
>>>
>>>> For example, (one of) the real reason we want identifiers is that we want something that does not change with topology locations to identify mobile communication end point, which functions that cannot be carried by IP addresses. Since (I believe) we all have consensus on this function, we can at least agree that identifier is topology-independent label that identifies a communication end point. 
>>>
>>> Exactly.
>>>
>>> So to extend the definition to be specific. The identifier is used for a host stack transport connection. Its the “thing” (the arguments) you pass to connect(), bind(), sendto(), etc, socket API calls. And what you “get back” from gethostbyname().
>>>
>>> Dino
>>>
>>
>> --
>> Prof. Dr. habil. Michael Menth
>> University of Tuebingen
>> Faculty of Science
>> Department of Computer Science
>> Chair of Communication Networks
>> Sand 13, 72076 Tuebingen, Germany
>> phone: (+49)-7071/29-70505
>> fax: (+49)-7071/29-5220
>> mailto:menth@uni-tuebingen.de
>> http://kn.inf.uni-tuebingen.de
>> _______________________________________________
>> Ideas mailing list
>> Ideas@ietf.org
>> https://www.ietf.org/mailman/listinfo/ideas
>>
> 
> --
> Prof. Dr. habil. Michael Menth
> University of Tuebingen
> Faculty of Science
> Department of Computer Science
> Chair of Communication Networks
> Sand 13, 72076 Tuebingen, Germany
> phone: (+49)-7071/29-70505
> fax: (+49)-7071/29-5220
> mailto:menth@uni-tuebingen.de
> http://kn.inf.uni-tuebingen.de
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
> 

-- 
Prof. Dr. habil. Michael Menth
University of Tuebingen
Faculty of Science
Department of Computer Science
Chair of Communication Networks
Sand 13, 72076 Tuebingen, Germany
phone: (+49)-7071/29-70505
fax: (+49)-7071/29-5220
mailto:menth@uni-tuebingen.de
http://kn.inf.uni-tuebingen.de