Re: [Trust-router] Considering delaying BOF Request
Sam Hartman <hartmans@painless-security.com> Fri, 17 May 2013 13:08 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: trust-router@ietfa.amsl.com
Delivered-To: trust-router@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA62321F8618 for <trust-router@ietfa.amsl.com>; Fri, 17 May 2013 06:08:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1fLCkGxoI8Jl for <trust-router@ietfa.amsl.com>; Fri, 17 May 2013 06:08:31 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 6397721F8616 for <trust-router@ietf.org>; Fri, 17 May 2013 06:08:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 2EB002057B; Fri, 17 May 2013 09:05:38 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id py-23C8q8tPX; Fri, 17 May 2013 09:05:37 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (c-98-216-0-82.hsd1.ma.comcast.net [98.216.0.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Fri, 17 May 2013 09:05:37 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id DE9DC440A; Fri, 17 May 2013 09:08:22 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: David Chadwick <d.w.chadwick@kent.ac.uk>
References: <CDBA7A25.23081%josh.howlett@ja.net> <5194F38F.2050906@kent.ac.uk> <tsltxm3c5tl.fsf@mit.edu> <51950119.1080600@kent.ac.uk> <tslhai2b40m.fsf@mit.edu> <5195DDFE.9000907@kent.ac.uk>
Date: Fri, 17 May 2013 09:08:22 -0400
In-Reply-To: <5195DDFE.9000907@kent.ac.uk> (David Chadwick's message of "Fri, 17 May 2013 08:36:30 +0100")
Message-ID: <tsl4ne1bvp5.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: Josh Howlett <Josh.Howlett@ja.net>, "trust-router@ietf.org" <trust-router@ietf.org>
Subject: Re: [Trust-router] Considering delaying BOF Request
X-BeenThere: trust-router@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "ABFAB Trust Router discussion list." <trust-router.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trust-router>, <mailto:trust-router-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trust-router>
List-Post: <mailto:trust-router@ietf.org>
List-Help: <mailto:trust-router-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trust-router>, <mailto:trust-router-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2013 13:08:37 -0000
>>>>> "David" == David Chadwick <d.w.chadwick@kent.ac.uk> writes: I've read Josh's responses; I want to take a slightly different approach in responding here focusing on the protocol; on the moonshot-community list I'd focus on the pilot. David> Having a Janet hosted community may be too restrictive. We David> need to be able to move to model that gives the freedom of David> the grid VOMS capability, but on an Internet scale, and David> without needing to run a separate VOMS server. It would be valuable if you'd write up this use case including requirements as an internet draft. I think that would be very useful in the trust router BOF context. David> Why do I think a Janet hosted community too restrictive? David> Because I might want to set up a COI containing people from David> Europe, Australia and China who I work with. So their IdPs David> will need to join the community. So, when I say Janet-hosted community I mean that the routes in that community will be injected by Janet-controlled trust routers. Regardless of who injects the routes, routes to any IDP can be injected. David> So we need an Internet wide base community that provides David> generic interconnectivity at the federation level between all David> IdPs and SPs, in much the same way that IP does at the David> network level. Then any and every specialised community of David> interest can be built on top of this. The Yes, but we were talking about how to manage communities of interest. The base community is an APC (authentication policy community), not a COI. You're absolutely right that for scaling reasons some APCs will require delegation. The base APC is definitely such. It's possible some large COIs will require this as well. I've been unable to find a use case for a COI that required distributed management, but I agree the protocol should support this. David> Janet community David> would be one such community, which could be used to replace David> the UK AMF. So a Janet hosted community should not be the David> base, but rather a specialised academic CoI on the base. You're mixing several things here: 1) The base APC. We agree that the base APC should not be hosted, but instead various parties will inject routes. 2) A Janet hosted community. This can be about anything and contain any members. The interesting point is that Janet injects the routes. I think we agree that the protocol needs to support hosted communities. 3) a community that janet uses for organisations in the UK. This could be janet-hosted or otherwise. i think we agree that this is distinct from the base APC. David> So this brings up one other requirement. How can a researcher David> such as myself, add an SP to the Internet base community so David> that it can be subsequently configured to trust a specialised David> COI? I can do this now at the IP level, but not at the David> federation level. Agreed. the protocol supports this. determine whether a SP is in an APC with respect to a given IDP is somewhat different than determining whether that SP is in a COI with respect to an IDP, but there are approaches for both. David> Having an administrator for a COI being the only person who David> can inject a new route/membership (I prefer to think about David> COI membership rather than route) into the Internet base COI David> is fine for small COIs, but is not scalable for very large David> scale COIs such as the base Internet CoI itself. I recommend that you think about it in terms of routes rather than memberships. Not all parties will have the same policies about who to trust, and partitioning and other affects can cause the topology to appear different at different points in the system even if policy is uniform. Thinking of things as memberships seems like a convenient simplification. For myself, I've found that when I make that simplification my reasoning tends to jump over details that actually matter in terms of coming up with design or security analysis. David> There needs David> to be delegation of authority on a global scale to allow new David> members to be added to large scale COIs. So this should be David> built into the trust model from the outset. if you replace COI with community I'll agree with you. As i said, the use case for this is clear for APCs. It's not clear to me that it is true for COIs, but I see no harm in supporting it. >> Why do you think that it's important that Painless's trust router >> believe that it's in a COI? What's wrong with Painless being >> co-opted into a COI? David> Because you would not want me to co-opt you into my Down With David> Russia, Abolish Corporation Tax for Multinationals, and David> Polygamy for All COIs would you, without your agreement? The key in that statement is that it's your community. If you want to make ridiculous statements about me, the problem comes in when someone trusts those statements. I'd recommend than no SPs use your community if you're going to do that sort of thing. non-technical measures such as law may give me recourse if I find your statements objectionable rather than simply ridiculous. The Internet has many ways for people to group things together already. I see no harm in you creating a useless group that includes me. I see significant harm in someone inappropriately trusting that grouping. it seems David> It seems reasonably harmless to me provided that Painlessl >> does not use an attribute release policy more liberal than what >> it would use with an unknown service. David> Well for privacy protection reasons it should not release any David> personal information to an unknown service. I agree that people concerned about privacy should disclose little (probably nothing) to an unknown service. In this case, the IDP will almost certainly need to know about communities it is part of. i don't see why it needs to be the trust router rather than the IDP though.
- [Trust-router] Considering delaying BOF Request Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… Rafa Marin Lopez
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick