[VoT] Updating the Draft

Justin Richer <jricher@MIT.EDU> Tue, 18 August 2015 19:28 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 330F11A1DBD for <vot@ietfa.amsl.com>; Tue, 18 Aug 2015 12:28:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.312
X-Spam-Status: No, score=-4.312 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, GB_I_LETTER=-2, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id dqZxzfbU9xio for <vot@ietfa.amsl.com>; Tue, 18 Aug 2015 12:28:40 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86E261A1B61 for <vot@ietf.org>; Tue, 18 Aug 2015 12:28:40 -0700 (PDT)
X-AuditID: 12074424-f79b46d000001e7f-d6-55d38767757f
Received: from mailhub-auth-4.mit.edu ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id B3.26.07807.76783D55; Tue, 18 Aug 2015 15:28:39 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu []) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t7IJScqI014624 for <vot@ietf.org>; Tue, 18 Aug 2015 15:28:39 -0400
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net []) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t7IJSa1b005687 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <vot@ietf.org>; Tue, 18 Aug 2015 15:28:38 -0400
From: Justin Richer <jricher@MIT.EDU>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-Id: <87EB01BE-5CD9-4586-A0A4-F1917E499AEB@mit.edu>
Date: Tue, 18 Aug 2015 15:28:36 -0400
To: vot@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
X-Mailer: Apple Mail (2.2102)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrNIsWRmVeSWpSXmKPExsUixG6nrpvefjnUYNpLEYuGnw9YHRg9liz5 yRTAGMVlk5Kak1mWWqRvl8CV0b/wDVvBK+6KzjNbWBoYH3N2MXJySAiYSEy5940RwhaTuHBv PVsXIxeHkMBiJol9BycyQjhHGCWm3jnKDOF8YZJ4f+YgO0gLm4CqxPyVt5hAbGYBdYk/8y4x Q9jaEssWvgazhQWkJTYemcsGYvMKWEnsP3KBFcRmAepd8uUkWI2IgIBEz+If7BA1ehI9575A nSQrsfVNK9MERr5ZSFbMQrJiFpKWBYzMqxhlU3KrdHMTM3OKU5N1i5MT8/JSi3TN9XIzS/RS U0o3MYLDzEVlB2PzIaVDjAIcjEo8vBcKLoUKsSaWFVfmHmKU5GBSEuU93XQ5VIgvKT+lMiOx OCO+qDQntfgQowQHs5IIb2gJUI43JbGyKrUoHyYlzcGiJM676QdfiJBAemJJanZqakFqEUxW hoNDSYLXqw2oUbAoNT21Ii0zpwQhzcTBCTKcB2Q4SA1vcUFibnFmOkT+FKOilDgvK0hCACSR UZoH1wtLA68YxYFeEeadDVLFA0whcN2vgAYzAQ0+POEiyOCSRISUVANjoUuTWveEif2b8i1a Z9R8WWO3S66+vv1GhrdXS7Ejn7fDMoVqv/NCR3br3558KCv0EX9Ddd3c4Py3csYBbu0KAh8X sgY+iAhc8HPHrYSVFS8/ymQ/91Dc+Gznf4aMj2wV0RPK/HXWha//GZVQ8d5p9rG0Bvmdfx+c nmp17Oa5d9u2Vjxb1CimxFKckWioxVxUnAgANkPXPt4CAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/bHSg9k-AxBzHWgQm_JaKeByzMBY>
Subject: [VoT] Updating the Draft
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 19:28:42 -0000

I’m updating the draft based on the initial feedback we got from folks, both here on the list and at the BoF in Prague. The biggest change is adding a fourth core category: Primary Credential Management, and renaming the former “Credential Management / Credential Binding” category to Primary Credential Usage. 

- “usage” is meant to to convey the strength of verifiability of the credential itself by the IdP. 
- “management” is meant to capture the lifecycle of issuance, rotation, and revocation by the credential issuer (usually the IdP) and how “strongly” it gets bound to a specific account.

I’m also tightening down the definition of the syntax, such that the component name is a single ASCII letter (currently case-sensitive) and the value is a single alphanumeric ASCII character (currently case sensitive). 

I’m also adding a (nominal so far) IANA registry for the categories and their markers, and at least noting that “vot”, “vtr”, and “vtm” all need to be registered in the JWT Registry. There’s formal language for establishing these that we’ll use later if this gets picked up as an IETF standards track document.

Thanks for all the comments so far, and hopefully I’ll have another I-D for you all to throw rocks at within a week’s time.

 — Justin