IETF Logo Mail Archive

Re: [Rats] Entity vs. role

"Smith, Ned" <ned.smith@intel.com> Wed, 23 March 2022 08:53 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 830683A0C40 for <rats@ietfa.amsl.com>; Wed, 23 Mar 2022 01:53:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yWxLJPyhylKl for <rats@ietfa.amsl.com>; Wed, 23 Mar 2022 01:53:50 -0700 (PDT)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91CC03A1379 for <rats@ietf.org>; Wed, 23 Mar 2022 01:53:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648025630; x=1679561630; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=8ImlHGTu1IOFA+C9O1sODQ3V7VJ/ZSswUpFnfBaoRpQ=; b=nVDThHap7TO3PjM842iAZAhDSt54SZeG6NbiOxX7KsrY0P/qBcw4z9rE OpPUb0Et1s/uGlDPA4sAhCt8WxnI4v5eeWJn1nbLn3Xt3t5HwNGct3+k3 eHAbFd/SZcnoBwGMLtj0264GNRwh/mKG59bAm77uTqukjerpLEd/1pq8l GpVMNHlNW/8HU6GBMsk5V1sAzxcf39ebG0g8t+8a84dc0oxtwEaa3Y/fw prvhX8Agtenmx5QoJlvtLpihSNuS/5MEvImmryCqkrZUWmBbhqNP92zbG QyAEvM3HC6Ko6/WeH87OMVjyVwuA0ssQ+fn01cImbNcuLgfSGjkyKYVCL Q==;
X-IronPort-AV: E=McAfee;i="6200,9189,10294"; a="238001304"
X-IronPort-AV: E=Sophos;i="5.90,203,1643702400"; d="scan'208,217";a="238001304"
Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2022 01:53:48 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,203,1643702400"; d="scan'208,217";a="552427308"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga007.fm.intel.com with ESMTP; 23 Mar 2022 01:53:48 -0700
Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Wed, 23 Mar 2022 01:53:47 -0700
Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Wed, 23 Mar 2022 01:53:47 -0700
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Wed, 23 Mar 2022 01:53:47 -0700
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Wed, 23 Mar 2022 01:53:46 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HilUt+DF+pK5kNqOWWZX6/LE+18UTvAzWwS90rhdMMUsbb/FTPI8sBQpW0VTcGiQUpIectKpPz8s+7C2GqSwhnwpcgQpSuHS41ZUb/Bjsm67crMIoxbxf/q3U6Dp7KlgZ1aTW7u6x3rWCfv5LgnoH0oHnRy+KTrEq8P/FLkBKzf7yP5O5KMqxXpAr+bxMEaTgmUnPX6Dh2w1y9YjrJSpvMNB/jXEVKvHBwo/hp0461RVNcJvTl5Wy0Vf1H02nZYMjbYeRX9zT6bXh+EhENDr+PyKuH1CX1Uj+D7eCffd/FGyAUOadp8FwJuZvrjYdgCcQC2pfNc8s+CaYFjl6X5ayA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8ImlHGTu1IOFA+C9O1sODQ3V7VJ/ZSswUpFnfBaoRpQ=; b=MLdjqjM5n0RgixNbwV5HjinUxHE5saYqA5ICknb9bIQywNbaJDZjQHwIfTVPrQDw0a76VZ9LQJEO6Y7fzKFb/86n8d12DvcZPjV++5sFah2T/CFU5UIiK0gE+nXE9u5e+RL0YmvIKFehMa6a2o1ET/nO4xJntWpCyGF441MzDRM+1TDlcRJNZ6/WgpoRV0OM8nXYx5nIruhb9H7GosT3YtK/xPOjbBqFid9w6MkN+x8r89atPjEQlWGYagx+tcEBww7sRPjWvXfFaaCBPGe7eyJz/500XsW8v1zqELthO1lbqwvP0CaXCKcYFWeYTg0/e51AwxbfYHw6Qr34drgsvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by BL1PR11MB5303.namprd11.prod.outlook.com (2603:10b6:208:31b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.16; Wed, 23 Mar 2022 08:53:42 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4%3]) with mapi id 15.20.5102.016; Wed, 23 Mar 2022 08:53:42 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, "Eric Voit (evoit)" <evoit@cisco.com>
CC: Thomas Fossati <tho.ietf@gmail.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Entity vs. role
Thread-Index: AQHYPe6PgQWbu8zDYE+F8zzrq4lIsazLg0QAgAA6DYCAABj+AIAABWwAgAASg4CAAK6tgIAAHviA
Date: Wed, 23 Mar 2022 08:53:42 +0000
Message-ID: <34813642-B327-4A35-A27C-312FB43757E2@intel.com>
References: <3407CFB9-B713-4E13-BDA3-08EC7B5A905E@intel.com> <CAObGJnOxU0vfxzzZ9tv1J64KHDigxLcEMrgx0gDy97bE7NQJcA@mail.gmail.com> <E20F61DD-8775-4E68-8E56-E6EC92682A18@island-resort.com> <CAObGJnOv8ePE=R6vvdg5uib3Y9=WS8A5vcOdpWY0sREXA98aPQ@mail.gmail.com> <2BC14C43-80D0-4611-BEA0-9D9B9948BE0C@island-resort.com> <BYAPR11MB31255F64BDB773DB93A0C6CCA1179@BYAPR11MB3125.namprd11.prod.outlook.com> <9BFD1E45-569D-4E2F-BCD7-5DA6FF5A1BDF@island-resort.com>
In-Reply-To: <9BFD1E45-569D-4E2F-BCD7-5DA6FF5A1BDF@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0a1544c1-fab7-409a-b9a5-08da0caaa1dd
x-ms-traffictypediagnostic: BL1PR11MB5303:EE_
x-microsoft-antispam-prvs: <BL1PR11MB5303F17810BC84E01053971CE5189@BL1PR11MB5303.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NgYmqU3U2mzdNkaG2GKsQKIFnyWbn0vE3cVGcIiG1cUtpkl6gKECU+Jn1jJ5qra8UUbXuiaTFdZowaK+6aKx2b1vNXdcAmkeg/VPNS86tRrfyx/TexG+oDZQRCH8ZD1lGzoShDo4z0YtG41/BDdGqmQqOEHcaE1HDTujq7Y8ZXxXVa+1R08PvPVXNTThgtsSdmC+9zBAFcUEd/bIwjRtfxj3fQh0Wonjo3ZmlmL6EsvMqiIkwHByPk+Oyx0RpF3W4X/EpjoahL49Y6ZYJwa+4MB6hjhTk+laj3iH7mGjmnLqYXal/JhFa7xoq5Dn2BpfHis5l2togk8PA499Y/+DNtXpPTFQg60ocpWe7nel3lKeWnMicd/OkDKhkALcEeMdmJHtNUHEmom33qDJF2UBejFu6Hf7XvCx9wSxCMnauJDgKp1vkIhcEXlu0HRTEwlcgXP+gUqxMf4eA3CYU+AkkDs0nmxXCcZxgdcFo1MEReU2y0Jogl87f4W0QRTxjOBEaljp4vMYi1jpVm9Md9jwxkiH5N31s4TF3BvvaIzrloDpblO/XlTSa+EnCmbAlJDwF+6dBZe+4zUHKiRm37gT69lJqwKXdZy+pMKOwNnZ1HSejNbA2krkkbQFrBnWiXOorLe3Axyr7/uxr3cXI3RDjQx1DnB94eON/+3M96MTb6avF82hJaD6JfCdA+vOz1P2oCeB3EadhNbo7qrtSIEbl8yBa6/bcTUWS+3gg6/1lu++qNTkOxxmF58kJjbtk4Db
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(38100700002)(110136005)(6506007)(6512007)(82960400001)(54906003)(316002)(91956017)(53546011)(83380400001)(36756003)(186003)(2616005)(33656002)(2906002)(5660300002)(26005)(86362001)(38070700005)(76116006)(8676002)(66556008)(8936002)(66476007)(4326008)(66446008)(66946007)(64756008)(71200400001)(508600001)(122000001)(6486002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3pRGCRgkuSfTUx0o1cujCU1kU4gD78D6VHJAE9RWirmC+QIrBpFRdsLZPdwb0E90ELGHaFwZ5Wb1a2JtBm5p/lT7tMjK3dQb8vdHOAusZeRqgzL+LR5G2Ec/sNDDcTpgXoNhwIqrC0EUgPCK0JLwQpPKRkpT6CYdD1209TpswvNVddA1ExQn6GaExGm8OS9IhQYZ0Qh3fQ6lmtfx80fYAWx2qjwh82h83Cf8cqQWV/QMOcXRjWPdXao3T1Eew3JR/yaZKtQ/5FgNQ4QdPkcHCTD3rBxDTlTnf/8l72vjWVY28cQcQ2UJoiIiK3gvHumGvuDzxNaumS7VhqkeEauwEFJCQFaDohoq1m1I1oqAHzQc8yB3I29RN8aJrsdBzaqV8VPSBfdJ38VhkiV6J+iXiBHact3YWubRMMtkAt6ehxg8e91gi291K/wU3QjcOI7SS+WBOFCS4mnCsDVjtLeoacnVtScuqnTXHPdQCcVw1VuzmLNNbbAyt4uNdTllTAor0l83J4LDjGCkh2gyHYENSFG6Odz6k4UfvTqrP/nSl41crt81VDubSmJhNci2xGNkMUgHVuRHM79T+RYBSfURAb45WQ85h4ParBIBj/X4LQh7aol7VgzcXITH9rmru9bM1EJGCxqm40oj10ZlyrhVTnGQKav6K/WCc7cf8JWZkL5ADvZvSA7jizaibOHHidfNqhYQMeGA6Z7lzSFi7qY8wvbBhW9Vvwi3xmd5gitPEp4o4OsWD5EiJ1/ofbimowc6Zke9JOKbOZLhHfhyAK7wYV16vz99peTLJjgjPn8lTf9b4csldZdKFfUzdX+NmXhhhLIeZzr4p7r7ddEwGr4z7aGirf9knPhg1SstbpYhAIJDRn1nynxwlhSwwIWoNAxx9F68kSgsqbQkgXGsGffyJUW4EFAjZAgeL2kxs8UQKVfkVv9I0KcH7ntQYKfj7tDIgQq6ImpW/KF8xJOfhx0Q1Q8SbM6U6LQ6vqKlJ9Wzdu9ZZKI2CFvXjY26/VxxzvRTDve/Pu2MlsBtuTU4uI33ZDHTbMrwR+MOG9Ga0XjZwly/2/XiSJIU28f5MK3U5IIJ7/S4hSUYxEAF1npJN0IXeABFJJpwVN44Awj0zqL1qIIvJQMgVyKgaaxFsBgyPkNCHeyvAHKs68Hc01CB99TSjjG00wxvbZ7hV49etwFB2V85nM5QQcS5vzX8hjYzbhdWW490jdMhmxSkhi7tprZzHJz6vjOQtOdP7le9slXTJ5jtvgUXN3XYjhyAeSeIE/ImTItdErV02od/CVcceM9M8l1Ly8UrzdcnhTIT08w5EyXmDvivGzHS+aSyHitrmg0kWAgR832R4O3R9D28mXJ8WxrRsUICvXtL1rE8QU86HHTcJneoenJLnk23pFYnz+YCaqymN5CeN+LRh7jBE4+4yaqeJIajij/FxoMHyC6LbqEySEbLGlsPqsKaeuk7rm0OpCpSED6hJ2NQlSpFaLXw1w==
Content-Type: multipart/alternative; boundary="_000_34813642B3274A35A27C312FB43757E2intelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0a1544c1-fab7-409a-b9a5-08da0caaa1dd
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2022 08:53:42.5201 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: r/Vrp6N5KLQKUFkrjMzbPw2sC1pZoc9rIDh8xYUeYgiASEpxYNA+y2K6u6vQdwwWSzzew44LbtxfVwvApAfSTg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5303
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/PAYLVFfJuhyg5zIDvxX78MkaBDM>
Subject: Re: [Rats] Entity vs. role
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 08:53:57 -0000


From: Laurence Lundblade <lgl@island-resort.com>
Date: Wednesday, March 23, 2022 at 9:03 AM
To: "Eric Voit (evoit)" <evoit@cisco.com>
Cc: Thomas Fossati <tho.ietf@gmail.com>, "rats@ietf.org" <rats@ietf.org>, "Smith, Ned" <ned.smith@intel.com>
Subject: Re: [Rats] Entity vs. role




On Mar 22, 2022, at 10:37 PM, Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>> wrote:

Yes, we can depict it like that conceptually, but in reality it could be one big machine learning engine or similar where you can’t separate it (you could even put unverified measurements in AR so they can be fed into a machine learning engine).

<eric> Ar4si uses the term "AR-Augmented Evidence" to show what flows into the unified Verifier + Relying Party roles.  Ar4si makes no assertions on what the full set of Evidence might include.

And RATS architecture doesn’t care about what’s in AP for AR and shouldn’t care about it. We’re only mentioning AP for AR for the sake of completeness. We’re not going to put any requirements on it or say anything more about it than it exists, right? Hope that right.

<eric> The RATS architecture doesn't name specific objects.  But where AR flows between devices (e.g., in the passport model), this WG needs to understand how reusable Verifier generated objects/definitions might be consumed.  I.e., the ultimate consumer of RATS is the RP.

Eric

Yes, went backed and looked at your slides again. Makes sense. Definitely a use case to support.

When talking in terms of roles, I definitely think that Verifier B is just co-located with the RP, not part of the RP.

I’m not sure if we should consider Verifier A + Verifier B a composite Verifier or not. In my comments above I clearly asserted that all the verifiers (in a composite verifier) must have run before there is any AR. By that criteria it is definitely not, but maybe that definition is too strict?

I’m also not sure what we should call the intermediate results between Verifier in a composite verifier. By my criteria above it can’t be AR-Augmented Evidence, but again, maybe that criteria is too strict.

Ironic in a way — I want to forward/passthrough Evidence in Results, you are forwarding/passingthrough Results in Evidence :-)
[ned] Maybe it is helpful to describe swim lanes between entities where each pairwise role interaction can be represented? It might also be helpful to qualify entities vs. roles in diagrams where both are needed such as passport and background check as it would seem the entity name is overloaded with the role name in the RATS architecture.
e.g., given a verifier entity (V-E) that is connected to a relying party entity (RP-E), a hybrid model might have swimlanes as follows:
V-E           RP-E
---           ----
V  ----AR----> RP
A  ----E-----> V


LL

v2.23.0 | Report a Bug | By Email