Re: [plasma] Levels of assurance
Trevor Freeman <trevorf@exchange.microsoft.com> Fri, 28 October 2011 17:24 UTC
Return-Path: <trevorf@exchange.microsoft.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E49621F8514 for <plasma@ietfa.amsl.com>; Fri, 28 Oct 2011 10:24:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.849
X-Spam-Level:
X-Spam-Status: No, score=-110.849 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wS4DZmXHhp+f for <plasma@ietfa.amsl.com>; Fri, 28 Oct 2011 10:24:31 -0700 (PDT)
Received: from mail.exchange.microsoft.com (mail7.exchange.microsoft.com [131.107.1.27]) by ietfa.amsl.com (Postfix) with ESMTP id 898CD21F84B5 for <plasma@ietf.org>; Fri, 28 Oct 2011 10:24:31 -0700 (PDT)
Received: from df-h14-02.exchange.corp.microsoft.com (157.54.78.140) by DF-G14-02.exchange.corp.microsoft.com (157.54.87.56) with Microsoft SMTP Server (TLS) id 14.2.247.2; Fri, 28 Oct 2011 10:24:30 -0700
Received: from PIO-MLT-06.exchange.corp.microsoft.com (157.54.94.24) by DF-H14-02.exchange.corp.microsoft.com (157.54.78.140) with Microsoft SMTP Server (TLS) id 14.2.202.4; Fri, 28 Oct 2011 10:24:30 -0700
Received: from DF-M14-11.exchange.corp.microsoft.com ([fe80::cc46:3da5:bed6:8dfc]) by PIO-MLT-06.exchange.corp.microsoft.com ([fe80::d57f:521a:3ae6:c130%10]) with mapi id 14.02.0247.002; Fri, 28 Oct 2011 10:24:30 -0700
From: Trevor Freeman <trevorf@exchange.microsoft.com>
To: "Fitch, Scott C" <scott.c.fitch@lmco.com>, "plasma@ietf.org" <plasma@ietf.org>
Thread-Topic: Levels of assurance
Thread-Index: AcyTRx6pnTp5VUnTRUe7DOXMw+3LyQCS+QNw
Date: Fri, 28 Oct 2011 17:24:29 +0000
Message-ID: <E545B914D50B2A4B994F198378B1525D4274F816@DF-M14-11.exchange.corp.microsoft.com>
References: <DFE85D7EFA640D4886E9A9141AEBCD200A097BE5@HDXDSP11.us.lmco.com>
In-Reply-To: <DFE85D7EFA640D4886E9A9141AEBCD200A097BE5@HDXDSP11.us.lmco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.100]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [plasma] Levels of assurance
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2011 17:24:32 -0000
I forgot to address the second part - general acceptability of LoA framework. There are environments where they operate sometime by consensus rather than bilateral agreements e.g. healthcare. While Healthcare does has some bilateral agreements, there are so many potential relationships it is impractical to set up all you may need. The last thing you would want is for access to an out of town ER patients record to be blocked because if the lack of a bilateral agreement. Within any organization, there are ad-hoc communications which happen where you have not yet established a relationship. If you don't accept some form of LoA with basic policy, then those communications would be forced to be implicitly level 1. Equally if you organization is to against accepting a LoA, you could just use level 1 - which practically is the same thing. I was not thinking we would map LoA scales. The challenge for Plasma is get consensus for a specific LoA scale that we could all adopt for basic policy. It will likely be like UN treaty negotiation where nobody is relay happy with the outcome but it's something that you can live with. Trevor -----Original Message----- From: plasma-bounces@ietf.org [mailto:plasma-bounces@ietf.org] On Behalf Of Fitch, Scott C Sent: Tuesday, October 25, 2011 11:56 AM To: plasma@ietf.org Subject: [plasma] Levels of assurance Is it necessary to require levels of assurance in the Basic Policy requirements? I definitely think it's appropriate for Advanced Policies. But I wonder whether including levels of assurance in Basic Policies will impede adoption. Also, the fact that there are multiple LOA frameworks out there makes it difficult to meet the requirement to NOT require a priori bilateral agreements between the sender and recipient for Basic Policies. If the sender and recipient use different LOA scales, then some type of prior agreement must be in place to map the two scales. I don't think plasma wants to get into the business of creating a standard LOA mapping for interoperability. -Scott _______________________________________________ plasma mailing list plasma@ietf.org https://www.ietf.org/mailman/listinfo/plasma
- [plasma] Levels of assurance Fitch, Scott C
- Re: [plasma] Levels of assurance Leif Johansson
- Re: [plasma] Levels of assurance Trevor Freeman
- Re: [plasma] Levels of assurance Trevor Freeman