Re: [Txauth] consensus call on WG name: "Authorization and Delegation"

Dick Hardt <dick.hardt@gmail.com> Fri, 15 May 2020 23:27 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8CAE3A0A32 for <txauth@ietfa.amsl.com>; Fri, 15 May 2020 16:27:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-Wjwl3nJijU for <txauth@ietfa.amsl.com>; Fri, 15 May 2020 16:27:51 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABFDB3A0995 for <txauth@ietf.org>; Fri, 15 May 2020 16:27:50 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id a9so3194303lfb.8 for <txauth@ietf.org>; Fri, 15 May 2020 16:27:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=l+Vw0fa8qLjfpAY+OjZFqkgYGS1/t+QseSqZ41PrkWc=; b=utSMYR3YVqJXbSayg3Uo0+Umn5Fa42W+JyEc7WCR57H8b3l/iPFO7QLStH1vhGMyeb VGfbxKOitrSKoVDm0LCB7aESoAKs5UWpYt7PFUD1nYQdWc6OIm/9nXoegAWe6ZpYTgZL UKRims8k74i09jz0VHOyErt1JGMItV3yniOrrHjoe1iNdYlVfMfKJaVGi+g153Cs4/aJ 5IdpLIoqtfx4BxzNb/4jbwPOWOX1oJwOnehTQCxksJYt4IFlHlPeQ+XQ1pYUMnjLLR/7 KYLapoqq2zqFF52ccW0gyTMKxxnKoS4Jh7bpOLYdCP5ULCdsUG9tkGTGPQXfViryYXRH ONeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=l+Vw0fa8qLjfpAY+OjZFqkgYGS1/t+QseSqZ41PrkWc=; b=pD7fSGjWPT14xrQMTyqrRNqyPCKmcZiHoIBmcWuUHvgWUzBLOMInqhkv1x7eO3Kvp3 Yp3kK1Jc3sxySoIx+LRMVXg4Fzd61rU462mtESwGGamCdBY+2uS+1V6b5EcJ8cz6gtQ0 pbY6yguSzQnUCDZr356tH6HuoAt2ZuxqU+Rn/F5g32JYyIeDyuVCpv91hPvo5Me/QWf5 xGkzl1Qy2YQAGrpJxhYVnXVtSraSZVzPtOgykrGXrUJGOy52BTNX8r63YXK6ankm2m98 8aYYp8zyfRJtGnwmtTbTscRTieOaw1iTDCmunjNGKtPgxfYES7fhEi/aHQjo9nrWvWIk L5Ow==
X-Gm-Message-State: AOAM531HxYXiCMscpbxgX6n3mAQLHDFhVC+uqecWsIYPtZ8gmSoId9p/ N2shNSn8n2AaSJ5TzYBqngYd7ERBW/Yxdp70OBc=
X-Google-Smtp-Source: ABdhPJygvqlbC3wdeYLWkWYSZwA6hdk/A1bhykWXXEQelaHBYN7qoUwOfGhotZwOUrZdiVOpFK/fcu8BhjVzffPyoVY=
X-Received: by 2002:a05:6512:53a:: with SMTP id o26mr3889482lfc.111.1589585268608; Fri, 15 May 2020 16:27:48 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-sCJ+Nf0QFZLUWqRo3MCibrO9eKUj3zj_3Y1zXdfWOugA@mail.gmail.com> <943EF8E5-6F25-4E2A-907B-1333ABA112F6@mit.edu> <CAD9ie-tDQDMpYFrQk9Mb-_Nof5aiJ6iLZDbTu0LX3_hwSCMDtg@mail.gmail.com> <e744a5fe268f4e2380db23a092da4fc7@cert.org> <85A51BAA-EF86-49F5-ABB4-C332AE82DEAA@mit.edu> <CAD9ie-unev887EeXxEMeikE1a7yeZX_gLzy_unUw+A4J72rJwg@mail.gmail.com> <dda938f116a24da5bab687431ff4e917@oc11expo18.exchange.mit.edu> <CAD9ie-uD4RRduLiWC4Z=i6L_kRVVOJ1Ekg_hptw5ca3XLzd9fQ@mail.gmail.com> <7a226b1f3dee47699131fb7752f3ef07@oc11expo18.exchange.mit.edu>
In-Reply-To: <7a226b1f3dee47699131fb7752f3ef07@oc11expo18.exchange.mit.edu>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 15 May 2020 16:27:22 -0700
Message-ID: <CAD9ie-sLt1M=Mrco8qdL3fdwr4y7h2krN5vsQiBi5qt27_ZsMQ@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: "txauth@ietf.org" <txauth@ietf.org>, "rdd@cert.org" <rdd@cert.org>
Content-Type: multipart/alternative; boundary="0000000000004694dd05a5b8295e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/YkvusDYX_6YBuajpZbTwS-c4c5A>
Subject: Re: [Txauth] consensus call on WG name: "Authorization and Delegation"
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2020 23:27:55 -0000

Would you clarify if your concerns have been addressed?
ᐧ

On Fri, May 15, 2020 at 4:18 PM Justin Richer <jricher@mit.edu> wrote:

> Thank you for the clarification on the deadline and the voting process, as
> that was not clear in the initial thread.
>
> I appreciate and understand that we are not a voting organization, it's
> one of the core tenets of the IETF as you know. I hope that the chairs can
> continue to be transparent about all of the information that they use to
> call consensus.
>
> I'm sorry that the fact that I want a fair and clear process is confusing
> to you, though I'm not sure why. Every response and action I have taken
> here has been to that goal. I hope that you can assume good intentions.
>
> - Justin
> ________________________________________
> From: Dick Hardt [dick.hardt@gmail.com]
> Sent: Friday, May 15, 2020 7:02 PM
> To: Justin Richer
> Cc: txauth@ietf.org; rdd@cert.org
> Subject: Re: [Txauth] consensus call on WG name: "Authorization and
> Delegation"
>
> We are not going to make the May 18 deadline. My suggestion of
> "Authorization and Delegation" was a Hail Mary attempt to get consensus
> last minute.
>
> There was not consensus to use "transactional". As Roman stated, we are
> not voting, we are looking for rough consensus.
>
> Per your concern on the process, we are looking for consensus as Roman
> stated, not a majority of votes.
>
> wrt. the votes, I was proposing that people would state their preference
> (1st, 2nd, 3rd), not equal votes (top 3 choices)
>
> Your last comment is confusing given your recent posts.
>
> Have your concerns been addressed?
>
> On Fri, May 15, 2020 at 3:50 PM Justin Richer <jricher@mit.edu<mailtomailto:
> jricher@mit.edu>> wrote:
> I have a concern about the short timeframe needed here, which, as I
> understand it, would require getting everyone to participate over the
> weekend in order to get results in time - the original deadline given was
> Monday May 18. I fear that the timing will make people miss it entirely and
> we will not get a representative sample of the group.
>
> As an aside, I'm also concerned that you would discount the results below
> when the decision to not use "transactional" was a much, much smaller
> sample and margin. And yet that decision seems set and done, since it was
> excluded from the poll options entirely.
>
> I'm also concerned that the process outlined is not fully specified. If we
> are going to do this, I would like to know more about the voting process
> proposed in 3, specifically what the timing will be and how votes will be
> counted. Is this a preference system, where order matters, or is it three
> equal votes per person? I think these things need to be clear before anyone
> submits feedback.
>
> More than anyone, I want this process to be fair and representative. I am
> eager to get on to the real work because I think we have an opportunity to
> make major steps forward for application security on the internet.
>
>  - Justin
> ________________________________________
> From: Dick Hardt [dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>]
> Sent: Friday, May 15, 2020 6:20 PM
> To: Justin Richer
> Cc: txauth@ietf.org<mailto:txauth@ietf.org>; rdd@cert.org<mailtolto:
> rdd@cert.org>
> Subject: Re: [Txauth] consensus call on WG name: "Authorization and
> Delegation"
>
> Justin: are you saying you have concerns with [3]? Do you have an
> alternative proposal?
>
> FWIW: if the actual results had been what you posted below, I would have
> rerun the poll with less dots per person to see if we would get to have
> rough consensus on one name. I would not consider those results below to be
> consensus.
>
> Additionally, with the significantly larger number of voters compared to
> previous votes, and the large number that all voted the same, together
> indicated the poll was being gamed. It is not possible to know which votes
> where legit, and which were not, which is why the conclusion was to call
> the poll spoiled.
>
>
>
> [
> https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]ᐧ
> <https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]%E1%90%A7>
> <
> https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]%E1%90%A7
> >
>
> On Fri, May 15, 2020 at 3:02 PM Justin Richer <jricher@mit.edu<mailtomailto:
> jricher@mit.edu><mailto:jricher@mit.edu<mailto:jricher@mit.edu>>> wrote:
> Thanks for the transparency, Roman. And thanks to Dick for providing the
> logs.
>
> I did a quick analysis of the results myself. I went through cleaned up
> the log file a little (there were some mixed spaces and tabs that made
> automatic parsing difficult) and disambiguated the several expansions of
> different names:
>
> TXAuth1: Truly eXtensible Authorization
> TXAuth2: Testable eXtensible Authorization
> TxAuth3: Transmission of Authority
> TIDYAuth1: Transference via Intent Driven Yield Auth
> TIDYAuth2: Trust via Intent Driven Yield Auth
>
> By removing every entry where all five points were awarded to TxAuth:
> Transmission of Authority, and tallying all others (including votes for
> other entries that had all five points awarded by one voter but to a
> different option), we get the following results:
>
> Totals:
> TxAuth3: 42
> TXAuth1: 25
> GNAP: 20
> PAuthZ: 19
> TXAuth2: 12
> TINOA: 9
> TIDYauth2: 8
> CTAP: 7
> NIRAD: 6
> ZAuthZ: 6
> GranPro: 4
> TIAAP: 4
> AZARAP: 4
> TIDYauth1: 3
> ReAuthZ: 3
> DIYAuthZ: 3
> IDPAuthZ: 2
> TIDEAuth: 2
> TIEAuth: 2
> RefAuthZ: 2
> BeBAuthZ: 2
> AZARP: 1
> DAZARAP: 1
> AAuthZ: 1
> BYOAuthZ: 1
> CPAAP: 1
>
> As you can see, the winner of the poll is :still: overwhelmingly
> “Transmission of Authority”, even with all of these entries removed. I’ll
> note that this does not include the last seven votes that came in the last
> couple days, so these results are skewed even then.
>
> To be clear, I don’t think it’s fair to throw out all such votes, but
> since they are what’s suspect here I felt it important to see the results
> just those removed and see if it told a different story. It does not, and I
> think that indicates the consensus is actually still pretty clear.
>
> I am attaching both the cleaned-up log file as well as the quick python
> script that I wrote to do the analysis of the results, please check for any
> errors or inconsistencies.
>
>  — Justin
>
>
> On May 15, 2020, at 5:46 PM, Roman Danyliw <rdd@cert.org<mailtomailto:
> rdd@cert.org><mailto:rdd@cert.org<mailto:rdd@cert.org>>> wrote:
>
> Hi!
>
> Full transparency here -- the chairs definitely consulted me with their
> concerns about the poll and with the logs before announcing the results
> [1].  I re-reviewed the logs [2].  It shows around vote #16 – 41, there is
> a number of entries where all votes assigned to a single choice (“TxAuth
> Transmission of Authority: 5”).  Observations (by Dick) of the incoming
> results, pinned these votes in a narrow time window.  Likewise, most of all
> of the other entries split their 5 ballots.  Could that be overwhelming
> support in the community?  Absolutely!  However, the lack of precise
> timestamps and IPs makes it hard to judge in this non-traditional scenario
> for selecting names.
>
> We’re going to have to live with this choice – names matter – and I don’t
> want any sense of skew to linger.  We tried an experiment using a tech that
> allows anonymous input (i.e., Decido) – it didn’t work (no fault of the
> tech).  Let’s do it the old fashion way on the mailing list.  If you have
> objections to [3], please raise your concern.
>
> We’re not in the voting business.  If we end up with two options that are
> “close”, we’re going to talk a little more.  Prior to final selection, WG
> chairs and I will also listen for objections to the name that the mailing
> list feedback suggested.
>
> I appreciate everyone patience.  I too would like to have a name chosen so
> we can get the charter advanced.  However, we’re going to do this name
> selection again so we can all have confidence in the process.
>
> Regards,
> Roman
>
> [1]
> https://mailarchive.ietf.org/arch/msg/txauth/sDG3PJI2FHbeGefW8OqJP1NNqLU/
> [2]
> https://mailarchive.ietf.org/arch/msg/txauth/0BjvqbFk-K3MCqcx388etFzFPz8/
> [3]
> https://mailarchive.ietf.org/arch/msg/txauth/2_oF41Zbfj_-qkkLXo7HwLnMk68/
>
> From: Dick Hardt <dick.hardt@gmail.com<mailto:dick.hardt@gmail.com
> ><mailto:dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>>>
> Sent: Friday, May 15, 2020 5:04 PM
> To: Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu><mailto:
> jricher@mit.edu<mailto:jricher@mit.edu>>>
> Cc: txauth@ietf.org<mailto:txauth@ietf.org><mailto:txauth@ietf.org<mailto:
> txauth@ietf.org>>t;>; Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org
> ><mailto:rdd@cert.org<mailto:rdd@cert.org>>>
> Subject: Re: [Txauth] consensus call on WG name: "Authorization and
> Delegation"
>
> Justin: if you have a concern with how I am chairing the group, the
> appropriate action would be to bring it up with the AD (cc'ed). FYI: I had
> forwarded the log and my conclusions to Roman, and he had agreed that the
> poll had been gamed.
>
> As to my proposal of "Authorization and Delegation", I took the name you
> had proposed, and removed the adjective that people had found concerning. I
> was hoping that a bland name would be acceptable and we could move on to
> the actual work -- but that does not seem to be the case.
>
>
> On Fri, May 15, 2020 at 1:16 PM Justin Richer <jricher@mit.edu<mailtomailto:
> jricher@mit.edu><mailto:jricher@mit.edu<mailto:jricher@mit.edu>>> wrote:
> -1
>
> I think the results of the poll were pretty conclusive and it’s not an act
> of good faith for the chair to propose a poll and then throw out the
> results of that same poll and go with something of their own choosing
> instead.
>
> How are you sure that it’s one person stuffing the ballot box? For my
> part, I put two dots on the winning title and one dot each of three others.
> I had a couple different people contact me off-list and told me they’d put
> their five dots on Transmission of Authority. So I think it’s reasonable to
> believe that’s the actual result, without examining the logs myself.
>
>  — Justin
>
> > On May 15, 2020, at 2:21 PM, Dick Hardt <dick.hardt@gmail.com<mailtomailto:
> dick.hardt@gmail.com><mailto:dick.hardt@gmail.com<mailto:
> dick.hardt@gmail.com>>> wrote:
> >
> > Following on from my email wrt. the results of voting, please indicate
> if you are aligned with calling the working group the "Authorization and
> Delegation" working group with a +1 or -1.
> > --
> > Txauth mailing list
> > Txauth@ietf.org<mailto:Txauth@ietf.org><mailto:Txauth@ietf.org<mailto:
> Txauth@ietf.org>>
> > https://www.ietf.org/mailman/listinfo/txauth
>
> [
> https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=987b7021-db43-4340-b683-c6fa9c372681]ᐧ
> <https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=987b7021-db43-4340-b683-c6fa9c372681]%E1%90%A7>
>