Re: [Trust-router] Considering delaying BOF Request

[David Chadwick <d.w.chadwick@kent.ac.uk>]

Hi Josh

can I clarify one thing about trust routers please.

Do they have a concept of Community of Interest built into them, so that 
can they build different trust paths between different CoIs? Or, are 
they more like eduRoam, and the Internet PKI, in that once a site joins 
the network, every other site can connect to it and authenticate it and 
there is no partitioning between members (excluding the fact that PKIs 
could contain partitioning based on CPs, which browsers most probably 
dont implement or enforce)

regards

David



On 15/05/2013 21:59, Josh Howlett wrote:
> Thanks David.
>
> I am *not* advocating that you do this :-) but I should note that its
> perfectly valid to employ ABFAB with X.509 PKI (using certificates with
> RadSec, rather than the PSKs acquired from Trust Router).
>
> (I would personally argue that you are able to construct a much more
> coherent infrastructure using both ABFAB and Trust Router, but
> architectural coherency is perhaps a matter of taste; in any event we do
> not have long to wait until we have an operational infrastructure with
> which to test these notions of coherency and taste to destruction!).
>
> In any case, I look forward to hearing about the results of your work when
> that's done, as that will really help to inform this kind of discussion.
>
> Josh.
>
> On 15/05/2013 21:47, "David Chadwick" <d.w.chadwick@kent.ac.uk> wrote:
>
>> Simply because the Trust router is an integral part of ABFAB, and we are
>> integrating ABFAB into OpenStack. So we need to understand what the
>> trust router's trust model is, how it is established and managed, and
>> how we can integrate that into the existing trust fabric that we have
>> already implemented in OpenStack.
>>
>> regards
>>
>> David
>>
>> On 15/05/2013 21:26, Josh Howlett wrote:
>>> Hi David,
>>>
>>> Sam writes that
>>>
>>>> I think that trust router will work well for that use case.
>>>
>>> When we talk about Trust Router, we often get push-back along the lines
>>> of
>>> "that's a valid use case, but technology Foo already supports that".
>>>
>>> This is often true if you're willing to apply technology Foo in a
>>> non-typical fashion. So you could, for example, employ X509 in ways that
>>> mimic Trust Router's CoIs. These may not be particularly practical, but
>>> nonetheless it could in principle be done.
>>>
>>> So -- playing Devil's Advocate -- could I ask why you are interested in
>>> Trust Router as opposed to some other trust technology?
>>>
>>> Josh.
>>>
>>>
>>> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
>>> not-for-profit company which is registered in England under No. 2881024
>>> and whose Registered Office is at Lumen House, Library Avenue,
>>> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
>>>
>
>
> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
> not-for-profit company which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
>