Re: [VoT] Foundational questions of principle
"Cantor, Scott" <cantor.2@osu.edu> Fri, 10 October 2014 01:05 UTC
Return-Path: <cantor.2@osu.edu>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F8F01AD03A for <vot@ietfa.amsl.com>; Thu, 9 Oct 2014 18:05:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1keVxaS3b2fI for <vot@ietfa.amsl.com>; Thu, 9 Oct 2014 18:05:26 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0737.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:737]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52B411AD037 for <vot@ietf.org>; Thu, 9 Oct 2014 18:05:26 -0700 (PDT)
Received: from BL2FFO11FD037.protection.gbl (10.173.160.32) by BL2FFO11HUB014.protection.gbl (10.173.160.106) with Microsoft SMTP Server (TLS) id 15.0.1039.16; Fri, 10 Oct 2014 01:05:03 +0000
Received: from cio-tnc-pf04.osuad.osu.edu (164.107.81.218) by BL2FFO11FD037.mail.protection.outlook.com (10.173.161.133) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Fri, 10 Oct 2014 01:05:03 +0000
Received: from CIO-TNC-HT05.osuad.osu.edu (cio-tnc-ht05.osuad.osu.edu [164.107.81.168]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by cio-tnc-pf04.osuad.osu.edu (Postfix) with ESMTPS id E8ED938005A; Thu, 9 Oct 2014 21:05:02 -0400 (EDT)
Received: from CIO-KRC-D1MBX01.osuad.osu.edu ([fe80::450b:35e6:80f4:f3e0]) by CIO-TNC-HT05.osuad.osu.edu ([fe80::d0be:603:484c:5a2f%10]) with mapi id 14.03.0174.001; Thu, 9 Oct 2014 21:05:01 -0400
From: "Cantor, Scott" <cantor.2@osu.edu>
To: "swilson@lockstep.com.au" <swilson@lockstep.com.au>, "vot@ietf.org" <vot@ietf.org>
Thread-Topic: [VoT] Foundational questions of principle
Thread-Index: AQHP4/5G4lDLBqwim0uOTbuH/sjzZJwoZk77gAAeJIA=
Date: Fri, 10 Oct 2014 01:05:01 +0000
Message-ID: <D05CA369.11F64%cantor.2@osu.edu>
References: <1412885935.58929166@apps.rackspace.com> <04CF3DDE-9FDF-499A-8093-3EC3CE84E4DF@identinetics.com> <1412896617.869315461@apps.rackspace.com>
In-Reply-To: <1412896617.869315461@apps.rackspace.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [128.146.14.94]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F081B35169D03842BFB47ED76D34EF43@osu.edu>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:164.107.81.218; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(979002)(6009001)(438002)(24454002)(51444003)(199003)(51704005)(377454003)(479174003)(189002)(23726002)(21056001)(107046002)(107886001)(31966008)(46406003)(106466001)(36756003)(54356999)(50986999)(95666004)(93346002)(97756001)(4396001)(87936001)(86362001)(76176999)(77096002)(2656002)(85852003)(90282001)(2501002)(20776003)(47776003)(92566001)(64706001)(66066001)(44976005)(6806004)(92726001)(88552001)(19580395003)(19580405001)(50466002)(85306004)(80022003)(109096001)(75432002)(46102003)(106116001)(76482002)(99396003)(120916001)(89122001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2FFO11HUB014; H:cio-tnc-pf04.osuad.osu.edu; FPR:; MLV:ovrnspm; PTR:cio-tnc-pf04.osuad.osu.edu; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BL2FFO11HUB014;
X-Exchange-Antispam-Report-Test: UriScan:;
X-Forefront-PRVS: 03607C04F0
Received-SPF: Pass (protection.outlook.com: domain of osu.edu designates 164.107.81.218 as permitted sender) receiver=protection.outlook.com; client-ip=164.107.81.218; helo=cio-tnc-pf04.osuad.osu.edu;
Authentication-Results: spf=pass (sender IP is 164.107.81.218) smtp.mailfrom=cantor.2@osu.edu;
X-OriginatorOrg: osu.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/vot/AUw9t-LGpgR3z-4eS09yk25jU_I
Subject: Re: [VoT] Foundational questions of principle
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Oct 2014 01:05:28 -0000
On 10/9/14, 7:16 PM, "swilson@lockstep.com.au" <swilson@lockstep.com.au> wrote: > > >I like your approach. But I think we should review what the objective is >of LOAs in general, and question whether or not labeling things by >"level" is a useful idea. Yes we need to help organisations better >understand and manage authentication risk, but is "LOA" is a necessary >output of that process? Doesn't a four level label over simplify things? >I find it's a misleading shorthand that leads people to believe that a >given identity can be used at a given RP without any further analysis. I think that taking complex ideas and reducing them to levels is overly simplifying, and it would be better to just define a schema for attribute data to express in each area. But my personal *experience* is that applications won't do the work of building and enforcing polices around that fine-grained a way of expressing the information. They don't do it well with user attributes, so there's even less chance they'd do it with data that isn't even core to their purpose. Reducing to levels is a way of splitting the work and pushing more of it to other parties that care enough to do the work. Perhaps some of the "vectors" are more amenable to reduction to levels than others. I tend to agree with others' comments that things like incident response and the operational maturity issues probably don't reduce well to levels. So maybe both approaches are needed if there are concrete justifications for them. And to be honest, I have a lot more concrete evidence that those non-linear concepts are of interest to applications than I do most of the traditional assurance-related vectors. And I think they're *more* well-defined, not less. Most of the easily linear concepts seem like solutions looking for a problem to me, with the exception of authentication quality. -- Scott
- [VoT] Foundational questions of principle swilson
- [VoT] Fwd: Foundational questions of principle Rainer Hoerbe
- Re: [VoT] Foundational questions of principle swilson
- Re: [VoT] Foundational questions of principle Cantor, Scott
- Re: [VoT] Foundational questions of principle Ken Dagg
- Re: [VoT] Foundational questions of principle Rainer Hoerbe
- Re: [VoT] Foundational questions of principle Bouma, Tim
- Re: [VoT] Foundational questions of principle Richer, Justin P.
- Re: [VoT] Foundational questions of principle swilson
- Re: [VoT] Foundational questions of principle Anil John
- Re: [VoT] Foundational questions of principle Colin Wallis
- Re: [VoT] Foundational questions of principle Ken Dagg
- Re: [VoT] Foundational questions of principle Anil John
- Re: [VoT] Foundational questions of principle Ken Dagg
- Re: [VoT] Foundational questions of principle Anil John
- Re: [VoT] Foundational questions of principle Colin Wallis
- Re: [VoT] Foundational questions of principle Ken Dagg
- Re: [VoT] Foundational questions of principle Anil John
- Re: [VoT] Foundational questions of principle Leif Johansson
- Re: [VoT] Foundational questions of principle swilson
- Re: [VoT] Foundational questions of principle Cantor, Scott
- Re: [VoT] Foundational questions of principle Richer, Justin P.
- Re: [VoT] Foundational questions of principle swilson
- Re: [VoT] Foundational questions of principle swilson