Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

Georgios Karagiannis <georgios.karagiannis@huawei.com> Fri, 06 October 2017 07:49 UTC

Return-Path: <georgios.karagiannis@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2611134592; Fri, 6 Oct 2017 00:49:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkKqenogX1x2; Fri, 6 Oct 2017 00:49:48 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1BD4134591; Fri, 6 Oct 2017 00:49:39 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml709-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DWY54232; Fri, 06 Oct 2017 07:49:24 +0000 (GMT)
Received: from LHREML502-MBS.china.huawei.com ([10.201.109.53]) by lhreml709-cah.china.huawei.com ([10.201.108.32]) with mapi id 14.03.0301.000; Fri, 6 Oct 2017 08:49:13 +0100
From: Georgios Karagiannis <georgios.karagiannis@huawei.com>
To: Uma Chunduri <uma.chunduri@huawei.com>, "Joel M. Halpern" <jmh@joelhalpern.com>, Benjamin Kaduk <kaduk@mit.edu>, Jari Arkko <jari.arkko@piuha.net>
CC: "ideas@ietf.org" <ideas@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Thread-Topic: [Ideas] WG Review: IDentity Enabled Networks (ideas)
Thread-Index: AQHTPUTr8mvVhpJ8Xk2HRextCZOYFaLUJ9qAgAAzkoCAAA3FAIAAAIUAgAAA8wCAABzkAIAAFVQAgADQAACAAQb2wA==
Date: Fri, 6 Oct 2017 07:49:13 +0000
Message-ID: <C5034E44CD620A44971BAAEB372655DC2DD336ED@lhreml502-mbs>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <D7D4AEE9-3BD0-4C8F-BCC6-7185AF7D37BA@netapp.com> <9C663B18-21CC-4A16-8B26-7994B12B1DC5@piuha.net> <25B4902B1192E84696414485F572685401A872DE@SJCEML701-CHM.china.huawei.com> <33f100a0-5114-269c-adb4-5db6edb1fd4d@joelhalpern.com> <20171005013730.GC96685@kduck.kaduk.org> <55bf5ae5-848a-ba81-f76b-14aaefdad2bf@joelhalpern.com> <25B4902B1192E84696414485F572685401A873A3@SJCEML701-CHM.china.huawei.com> <d92f5bd7-8081-37bf-cefe-d19ba4a203e2@joelhalpern.com> <25B4902B1192E84696414485F572685401A8750D@SJCEML701-CHM.china.huawei.com>
In-Reply-To: <25B4902B1192E84696414485F572685401A8750D@SJCEML701-CHM.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.221.62.216]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020206.59D73586.0087, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 6c3af99f58e1567df8b7e11a874c70d8
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/zMu7o39eCu7XOMH-xJ0qL_g_3kk>
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2017 07:49:50 -0000

Hi all,

Please note that I have looked into the output of the (concluded) IETF ABFAB WG. In order to answer many questions/concerns that have been raised during the previous IDEAS discussions, it might be useful to consider the results of the IETF ABFAB WG.
https://datatracker.ietf.org/wg/abfab/documents/

We could incorporate their concepts about identity and how identity can be established and leveraged in a distributed way able to satisfy trust and privacy concerns.

Best regards,
Georgios


-----Original Message-----
From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Uma Chunduri
Sent: Thursday, October 05, 2017 7:05 PM
To: Joel M. Halpern; Benjamin Kaduk; Jari Arkko
Cc: ideas@ietf.org; ietf@ietf.org
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

Hi Joel,

In-line [Uma]:


Best Regards,
--
Uma C.

-----Original Message-----
From: Joel M. Halpern [mailto:jmh@joelhalpern.com] 
Sent: Wednesday, October 04, 2017 9:41 PM
To: Uma Chunduri <uma.chunduri@huawei.com>om>; Benjamin Kaduk <kaduk@mit.edu>du>; Jari Arkko <jari.arkko@piuha.net>
Cc: ideas@ietf.org; ietf@ietf.org
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

You seem to be making some unstated assumptions.

If by "Provider" in "Provider based AUTH" you mean the last hop communications service provider, then I would fundamentally disagree with you. 
[Uma]: I meant IdP and it's an orthogonal discussion if both roles played by same entity..
 
 The communication service provider has no role in creating or authenticating identifiers.  Their job is to provide locators.
[Uma]: Absolutely.

Now, those service providers may have an authentication relationship, based on some identifiers, in order to provide communications services. 
But the identifiers for that are completely uncoupled from and unrealted to the identifiers need for an ID / Locator system.

Yes, if there is a provider of identifiers (not all systems even require that), 

[Uma]:  Yes, may be not all systems require that, especially if this is a local deployment.

then the user of the identifier needs to have an appropriate relationship with the provider of the identifier.  
And that needs to be related to the authentication needed to update the mapping system.
[Uma]: Yes.


But neither of those require anything other than the identifier and suitable keying.  
[Uma]: If it's a local system simple keying is enough (in the expense of key management etc) as all devices may be managed by the same org.

_______________________________________________
Ideas mailing list
Ideas@ietf.org
https://www.ietf.org/mailman/listinfo/ideas