Re: [VoT] IPR disclosures

John Bradley <ve7jtb@ve7jtb.com> Thu, 23 November 2017 21:18 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7894812706D for <vot@ietfa.amsl.com>; Thu, 23 Nov 2017 13:18:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ve7jtb-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cbYWMdRlFEoZ for <vot@ietfa.amsl.com>; Thu, 23 Nov 2017 13:18:05 -0800 (PST)
Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CEE61243F6 for <vot@ietf.org>; Thu, 23 Nov 2017 13:18:05 -0800 (PST)
Received: by mail-ot0-x233.google.com with SMTP id s12so17249903otc.0 for <vot@ietf.org>; Thu, 23 Nov 2017 13:18:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=v/adGdhut1XG7tB9sq18J7xu/tSRETz/egmGltNvInM=; b=eNrEC/bphIbkqGy7v95YTbLdxS8as7mb+fjiKAmSuBIjny/uwCXwlrB/SaPOvndSPF N86M+MsZHsCAhoGbUWUDJGknno9KE/SHjFg0KE99kE1ZxsPcHu9dBYYeTaD0faOemFaU 7omVj9vfItMOw2zo61VkUvRlYmvsnpd5jZWdRwVQ2bmd+TYcpRP9FpsST5XP67HlcOxd t1UjeFDd4QLAHDe8EHrAKMAHi75ZvaOYP+Fe6QkyMaMp/JSGS+GGIiPJP87TsGKjZ31w 2ZuFaqt9G+0QWAnYyTDNsCtEJJqB9rmDYR6dxwcmBHlBV7L45wCO+eoS17HwJ9aLDipR 4i1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=v/adGdhut1XG7tB9sq18J7xu/tSRETz/egmGltNvInM=; b=l8G+KiVm7MO1pBk7wUGa6CKaW1TypyugcvD1SBF/eMpB7p/1Q+8+qE8IS0Wl8+6hce 9UL/6ItJ7mjoLVclIaWYkqt7cze/oEbcHHQMejfKByz45sh7hLNGEjIwLSbjDKjyydiZ 6xQMO7g+CO1NDkzztAeICLDi67XAsUF2NGhKlasoT3l6F59UCZYTWsKCtdmkA7xOQl8B 29wVqOf7W3d+MtKfpRDfCVGZcX16wcSs1AL2KK7G8kxl7LUkBomCpxAequMrQdHvQ27Z UbgArv6oRxIXXdMCYG8+pf3bZ9vrN/WDSwEo+t8FRNKDDkksvMvc/OqZfNDx56Yz+fNl bTeQ==
X-Gm-Message-State: AJaThX7HBsaR8oatnU8wxbQcsGJWM+sxIDJ3N0Kh9q8KFuh7s1A2ckYu gVJghv6BMjhoEee9XVBAK5YtfvNvgVcq1JGcCGEkUA==
X-Google-Smtp-Source: AGs4zMZz55NA+V9Yf4rBL6JCroAH8jwRFDqJUYBBy5lveFomnKkLXK6qZn4RNPWdtItu2pes3bEgaeLlu9JWmBlxDzE=
X-Received: by 10.157.7.44 with SMTP id 41mr8009882ote.394.1511471884574; Thu, 23 Nov 2017 13:18:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.3.16 with HTTP; Thu, 23 Nov 2017 13:18:03 -0800 (PST)
Received: by 10.157.3.16 with HTTP; Thu, 23 Nov 2017 13:18:03 -0800 (PST)
In-Reply-To: <8780548D-C8D2-45BF-8AD0-46B0986DF11C@oracle.com>
References: <CAANoGh+hGmwOufaX1gik4zD50auT37pUKjcApuyNbmbBjrssfg@mail.gmail.com> <CAANoGh+r4LaunjnR_8W3wHJaAt7Thv8v0QH4Gxy0s05d0Qb13g@mail.gmail.com> <CAANoGhJMyfGNBNa_XFnt2zMsNLfC7s6V3=LJHTyKChjd7m0ovA@mail.gmail.com> <CAANoGh+vTWSKh75Kr91=LUvXn_O4p4MaAq9jM93GGo0U092ETA@mail.gmail.com> <8780548D-C8D2-45BF-8AD0-46B0986DF11C@oracle.com>
From: John Bradley <ve7jtb@ve7jtb.com>
Date: Fri, 24 Nov 2017 06:18:03 +0900
Message-ID: <CAANoGhKiWF+hNONwYoY1qatBWhar2kAR6ngsSJhaWtKq3kSj9A@mail.gmail.com>
To: Phil Hunt <phil.hunt@oracle.com>
Cc: vot@ietf.org, Justin Richer <jricher@mit.edu>, Leif Johansson <leifj@sunet.se>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="001a1135603ccd4927055eacf818"
Archived-At: <https://mailarchive.ietf.org/arch/msg/vot/wq7jwHXERwpDPgF1Zp-Sjvu5v2Q>
Subject: Re: [VoT] IPR disclosures
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 21:18:08 -0000

Your unhappyness will be noted.

Justin has some new text for the introduction that may help.

Justin can you copy the proposed changes to the list?

To restate the previous discussion.  Like Authentication Context class
reference in SAML and OIDC it is separate trust frameworks/federation
agreements that define identity proofing.

How individual claims/attributes other than subject, that are asserted as
part of a security token are proofed and that is indicated in the token is
out of scope for VOT as it is for ACR.

I appreciate that you would like this specification to also cover asserted
claims.

Do I have that correctly?

Regards
John B.

On Nov 23, 2017 12:58 PM, "Phil Hunt" <phil.hunt@oracle.com>; wrote:

> I am still not happy with this spec.
>
> The identity proofing portion is arbitrarily limited based on non-specific
> definitions. Iow. I believe an identity proof is based on a set of claims
> being individually calculated.
>
> The nist notion of identity proofing is largely a human rather than an
> informational conclusion leads to the kind of trouble the no fly lists have
> had. RPs need to know the difference between one john smith and another
> john smith and that a particular one is not another. This is not addressed
> by simply a level of proof that john is john.
>
> Phil
>
> On Nov 23, 2017, at 12:23 PM, John Bradley <ve7jtb@ve7jtb.com>; wrote:
>
> Authors,
>
> As part of the write-up for the Vectors of trust document, we need an IPR
> disclosure from all of you.
>
> Are you aware of any IPR related to the following VOT document?
>
> https://datatracker.ietf.org/doc/draft-richer-vectors-of-trust/
>
> Please reply to the list.
>
> Regards
> John B.
>
>
> _______________________________________________
> vot mailing list
> vot@ietf.org
> https://www.ietf.org/mailman/listinfo/vot
>
>