Re: [VoT] Vectors of Trust I-D
Justin Richer <jricher@mit.edu> Tue, 30 June 2015 16:02 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8834A1ACD4F for <vot@ietfa.amsl.com>; Tue, 30 Jun 2015 09:02:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xWUELlegh5pL for <vot@ietfa.amsl.com>; Tue, 30 Jun 2015 09:02:05 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52AED1ACD48 for <vot@ietf.org>; Tue, 30 Jun 2015 09:02:03 -0700 (PDT)
X-AuditID: 1209190c-f79296d000000622-cd-5592bd793f89
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 39.C0.01570.97DB2955; Tue, 30 Jun 2015 12:02:01 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id t5UG2012022496; Tue, 30 Jun 2015 12:02:01 -0400
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t5UG1xCY005232 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 30 Jun 2015 12:02:00 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_F9C9E1A0-DF5D-4639-ADD1-717496541EAD"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <DB3PR07MB138FDE12ED039C4C8CA9968BCA90@DB3PR07MB138.eurprd07.prod.outlook.com>
Date: Tue, 30 Jun 2015 12:01:59 -0400
Message-Id: <3F524C09-C71B-49DA-ADD2-AE57610C6C89@mit.edu>
References: <4DF01AF4-CD33-4BB7-958B-FFECD37C8AFE@mit.edu> <DB3PR07MB138FDE12ED039C4C8CA9968BCA90@DB3PR07MB138.eurprd07.prod.outlook.com>
To: Josh Howlett <Josh.Howlett@jisc.ac.uk>
X-Mailer: Apple Mail (2.2098)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAKsWRmVeSWpSXmKPExsUixG6nolu5d1KowbYjBhbXbj5it2j4+YDV gcljyZKfTB4rf19hC2CK4rJJSc3JLEst0rdL4MqY8XglW8HxA4wVfQ0tLA2MB5YxdjFyckgI mEjcX7mFFcIWk7hwbz1bFyMXh5DAYiaJq7ePs0A4Gxkl5u9YywJSJSTwkEmiZ08miM0skCDR /u8MO4jNK6An8ejpYzBbWEBdomllPxOIzSagKjF9TQuYzSkQLfH/bS9zFyMHBwtQ/OzOWIgx ihLnpp1jBAnzClhJdE2NgVjbySix9eR1sFYRAS2J2Q2r2EBqJARkJb5ulZvAKDALyRGzkBwB EdeWWLbwNTOErSmxv3s5C6a4hkTnt4msCxjZVjHKpuRW6eYmZuYUpybrFicn5uWlFuka6uVm luilppRuYgQFPKckzw7GNweVDjEKcDAq8fAmPJ0YKsSaWFZcmXuIUZKDSUmU9/CuSaFCfEn5 KZUZicUZ8UWlOanFhxglOJiVRHh7moByvCmJlVWpRfkwKWkOFiVx3k0/+EKEBNITS1KzU1ML UotgsjIcHEoSvLF7gBoFi1LTUyvSMnNKENJMHJwgw3mAhteD1PAWFyTmFmemQ+RPMSpKifPO BUkIgCQySvPgemEJ6RWjONArwryPdgNV8QCTGVz3K6DBTECDX9qDDS5JREhJNTBO1JASD3i+ +8PHXd5Govfe9Vr9UP2nFBdYrpT6IsGdb8qrD/LOll/VW1ZyrnryI1Jmz6xp0+6Vnn3PrCrq 43dBQ+bIl5Ibr/O3fZbpiZdQb3qWo+uqdZx/xhQlTpOPnSkH/VgdZh/19k3ocS3Xusf3yKZ+ 4ofTXC0h6+Qcz9ZkHtnvwJnR/U2JpTgj0VCLuag4EQCuFlTxIwMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/3b9gpRWWpXB595b7O2EyIiAB_hQ>
Cc: "vot@ietf.org" <vot@ietf.org>
Subject: Re: [VoT] Vectors of Trust I-D
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 16:02:08 -0000
Josh, thanks for the great comments. Responses inline: > On Jun 30, 2015, at 7:22 AM, Josh Howlett <Josh.Howlett@jisc.ac.uk> wrote: > > Justin, Leif, > > Thanks for this draft. I only have some general comments at this point. The first two concern the use of language; I might be hair-splitting: YMMV. The final comment is more substantive. <> > > 1. Vectors have a very specific formal meaning in mathematics. Given that this is an engineering community, I think there’s a possibility of creating confusion from the use of this language. You correctly try to disambiguate this in 2.2, but the use of different language would make this unnecessary. When we picked the name “vectors of trust” we knew that both “vector” and “trust” were terms that were going to confuse some people but could be explained fairly succinctly in this context and help get the point across. I’m honestly welcome to renaming the whole shebang but for now I’ve yet to hear a better set of terms. > > 2. The draft talks of vectors of trust but actually describes types of evidence and attributes that can be associated with these. As you discuss in section 7.1, there is a specific trust context which confers semantics on these attributes ex post facto. Thus this evidence and their attributes can inform runtime outcomes, in the context of a given trust context, but do not define it. I think it might be helpful to reconsider the description of this work, so that its goal is clearer to the reader; and set out the fundamental role of the trust context within the introduction/background. It was only in this latest draft that we really started to set out the importance of context for a given VoT value, so I think your comments here are valid. > > 3. The goal of the draft, as I understand it, is to enable RPs and IdPs to share a common vocabulary of evidence and their attributes. This avoids the “bundling” of different kinds of evidence by allowing for decomposability. This evidence, now unbundled, can be employed in different trust contexts, facilitating interoperability across trust framework. So far so good? However I’ll note that the evidences and attributes described in section 3 are often themselves bundles (“C5 Sealed hardware token / trusted biometric / TPM-backed keys). So, playing devil’s advocate, what is to stop actors from decomposing the core elements described in section 3? Indeed I think it’s actually a goal of this document to permit that through extensions. I wonder therefore whether an excess of decomposability will actually aggravate interoperability between trust contexts. Clearly this could be addressed by setting norms, but then you’ve reinvented NIST 800-63. Alternatively you could imagine a taxonomy of evidence, with classes and (through extensions) sub-classes allowing for greater specificity, while providing for a general interpretation if actors do not share the same vocabulary. I hesitate to describe this as fractal, but I hope you can see what I’m driving at. > > It could definitely be fractal, but I think it’s important that we capture something at the right level. Aggregate a bunch of vector values together and you get a definition like 800-63, which is still useful but only in its intended consequences. Break apart the vector components and you get into the specifics of a full trust framework definition, like the high granularity in the GTRI work (or Steve’s “everything is an attribute” utopia). I think there’s value in each of those, but the value doesn’t really come at runtime when you need to make a contextual decision. That’s where I think that the VoT approach can really shine. It’s more granular than the broad sweeping definitions that authentication guidelines would have, but it’s less granular than a sea of attributes. We want something that an RP can hope to process and make sense of, and to do that we need to walk a fine line. — Justin > Josh. > From: vot [mailto:vot-bounces@ietf.org] On Behalf Of Justin Richer > Sent: 27 June 2015 04:15 > To: vot@ietf.org > Subject: [VoT] Vectors of Trust I-D > > Hi Everyone, > > I have taken the initial strawman proposal along with a substantial number of edits and inputs from several folks and have created an initial I-D of the document: > > https://tools.ietf.org/id/draft-richer-vectors-of-trust-00 <https://tools.ietf.org/id/draft-richer-vectors-of-trust-00> > > It’s still a very drafty draft, but hopefully it’s starting to make this a concrete thing. Please read it over and discuss it here on the list. > > I would like to propose a bar-BoF in Prague for VoT for anyone who would like to discuss this. If you’re interested (and will be there in person), let me know! > > — Justin > > Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. > > Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
- [VoT] Vectors of Trust I-D Justin Richer
- Re: [VoT] Vectors of Trust I-D Josh Howlett
- Re: [VoT] Vectors of Trust I-D Jim Fenton
- Re: [VoT] Vectors of Trust I-D Justin Richer
- Re: [VoT] Vectors of Trust I-D Justin Richer
- Re: [VoT] Vectors of Trust I-D Jones, Mark B
- Re: [VoT] Vectors of Trust I-D Scott Shorter
- Re: [VoT] Vectors of Trust I-D Ira McDonald
- Re: [VoT] Vectors of Trust I-D Kelts, David
- Re: [VoT] Vectors of Trust I-D Jim Fenton