IETF Logo Mail Archive

Re: [GNAP] Will GNAP support Zero Trust Architecture?

Fabien Imbault <fabien.imbault@gmail.com> Sun, 21 March 2021 18:34 UTC

Return-Path: <fabien.imbault@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 570B23A12BC for <txauth@ietfa.amsl.com>; Sun, 21 Mar 2021 11:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xw5e6pJV_xVH for <txauth@ietfa.amsl.com>; Sun, 21 Mar 2021 11:34:50 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 610733A12BA for <txauth@ietf.org>; Sun, 21 Mar 2021 11:34:50 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id t14so3008986ilu.3 for <txauth@ietf.org>; Sun, 21 Mar 2021 11:34:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OyeulO5oajj3u6mow6mQJ9m+Z5o6X0gwKdQkR4ynBFo=; b=DtbWQEs73yzBhJxj6vt00WkuSsrzpbODPYj599oPr5WKtsUtgLYibVCGewgoJFIkTz R0Zgph4gzPqc+8ct6fTYRIE8vRPrk1zta6AdJbf02lTzqN/qltt/vz78UH9APOzCXZU4 hQ1lUqSEzeKfXZ/1dX5OVwXKz7fa4XcnEGWY61CRYsz4tMkPh0RoPx5/s0gWmqAsYYFb zVkOjGn4VrC+2ichRYMhOaxB0zgtWt9V4Q35Ct8h1dHUta58Ld+If8erJZISGbcdVxZt itLB6WkkJkacKEPkega1GaUhHPpQeg+1pkrzfjJ7rYkqg1YOj2eYFHo8rF5CevtCK1US 8XzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OyeulO5oajj3u6mow6mQJ9m+Z5o6X0gwKdQkR4ynBFo=; b=mWiZJZ5Ae1qmL1IQkmdwxlJ6TYyJQ0tp0guBzI5fyCJZOsUrPNhNR+3ufVwykogZZy /7tzz97ZuBUN0mw6hWtlEIv4+hNv0S/LTNmHXRrkXc5QisQUUtyGRHWp9gt2dT3CfLLL y6kwlAzK1RK56Ti/z3nbA4mjB5c0o/dNNFfw5vEYwT9GxcJf/3WVp/3iXXNbR7P6GJAp cRL42Nn/ys8T1h3NeqHDZuel4r08i79ES0OPOYf6Oq7dXXRf5s1+1ntcjbh2AtW+HuS3 dKhEz3YUxyyVUUQRtpeunrOTboVTfjny5TeJSlTT+3Qnl019zd6ggT3x/aSDvqJBfDtU pt6A==
X-Gm-Message-State: AOAM531WXOWmzknZMFJ689kW2Dufo6DeqUfQoN2b4+L+XDMJUh3iFTvD LxNO5GaqerPdas2ksVH7MXL5uL7/1eeGqqfswkRN6FNQVno=
X-Google-Smtp-Source: ABdhPJz/oFfQDaAyBRCyfXsuLpl7wBhzO2WSDdL3MtfXgM87RgTIJHyw4jSUjrWYUIZPDVC4NHml2RFpqQeIgPoBDj4=
X-Received: by 2002:a92:c6d0:: with SMTP id v16mr8547642ilm.289.1616351688361; Sun, 21 Mar 2021 11:34:48 -0700 (PDT)
MIME-Version: 1.0
References: <CANYRo8jBZFVWyvAgVSWSmnuC+i1NaEkJEGWextzGB0xNFnD9fA@mail.gmail.com> <20210321171800.GT79563@kduck.mit.edu>
In-Reply-To: <20210321171800.GT79563@kduck.mit.edu>
From: Fabien Imbault <fabien.imbault@gmail.com>
Date: Sun, 21 Mar 2021 19:34:35 +0100
Message-ID: <CAM8feuT_nfNFXWQV-B0RnwucP=JU9rF-Pu8qdTpVQz=5YKxDeA@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Adrian Gropper <agropper@healthurl.com>, Alan Karp <alanhkarp@gmail.com>, GNAP Mailing List <txauth@ietf.org>, Mark Miller <erights@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000378b9105be1034fd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/wDYqPaG146PBZMg7ihue-lf4q1w>
Subject: Re: [GNAP] Will GNAP support Zero Trust Architecture?
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Mar 2021 18:34:53 -0000

Hi Ben

Very good question.

The core protocol probably will be able to elude providing an answer,
focusing on singular requests.

Any extension covering AS-RS relationships will have to handle its socio
technical impact.

Fabien

Le dim. 21 mars 2021 à 18:18, Benjamin Kaduk <kaduk@mit.edu> a écrit :

> On Sat, Mar 20, 2021 at 01:07:42AM -0400, Adrian Gropper wrote:
> > @Alan Karp <alanhkarp@gmail.com> shared a talk about the Principle Of
> Least
> > Authority (POLA) in a recent comment
> >
> https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/145#issuecomment-803099693
> > I recommend it.
> >
> > We might expect a protocol with authorization in the title to use
> authority
> > as a core principle. I advocate for a GNAP design that maximizes the
> power
> > of the RO, to be seen as a human rights issue when the RO is a human.
> This
> > causes me to ask how to combine better security with better human rights
> in
> > GNAP.
> >
> > Who should have the least authority in the GNAP design?
> >
> > The AS derives authority as a delegate of the RO. If we ask the RO to
> > partition limited authority across dozens of different ASs by domain and
> > function, then we are not using technology to empower the individual.
> > Probably the opposite, as we introduce consent fatigue and burden normal
> > people to partition their lives into non-overlapping domains.
> >
> > My experience says we should aim for one AS per persona because that maps
> > into the way we manage our public and private identities. POLA would then
> > teach care in keeping ASs and RSs related to work / public separate from
> > ASs and RSs related to private life so that a policy vulnerability in our
> > delegation to an AS would have the least likelihood of harm.
>
> Thinking about how least authority/least privilege would apply to GNAP
> seems like a useful exercise.  I do want to point out some potential
> pitfalls with one-AS-per-persona that we can also be aware of.  If
> one-AS-per-persona becomes one-persona-per-AS as well, then the AS's
> identity in effect also serves as a persona identity and there are privacy
> considerations to that.  If, on the other hand, the
> multiple-personas-per-AS (presumably corresponding to multiple humans)
> route is taken, we should consider whether that would lead to various
> (e.g., market) forces driving consolidation to just a handful of
> super-popular AS services.  That topic is a current matter of concern to
> some IETF participants.
>
> Thanks,
>
> Ben
>
> --
> TXAuth mailing list
> TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>

v2.23.0 | Report a Bug | By Email