Re: [VoT] Vectors of Trust I-D
Scott Shorter <sshorter@electrosoft-inc.com> Tue, 30 June 2015 16:25 UTC
Return-Path: <sshorter@electrosoft-inc.com>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B5AE1B2E3C for <vot@ietfa.amsl.com>; Tue, 30 Jun 2015 09:25:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oztBLIfu09lH for <vot@ietfa.amsl.com>; Tue, 30 Jun 2015 09:25:24 -0700 (PDT)
Received: from mail-vn0-f48.google.com (mail-vn0-f48.google.com [209.85.216.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E59431ACD77 for <vot@ietf.org>; Tue, 30 Jun 2015 09:25:23 -0700 (PDT)
Received: by vnbf190 with SMTP id f190so2378407vnb.10 for <vot@ietf.org>; Tue, 30 Jun 2015 09:25:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Uj7obVxI1r0oQRSF42JZqDbrJ+kCNgPe6ATvvA7ROAI=; b=GunQkuY+kuQl2jotFo2oH5P8Gz7vCCzRJ1mNWdIT1WGu9GBZncNHXZVbaWJE8k4tAg LJMJLpM0+iPZj5XiCN461JplDklZ295o8geRW1Fqm0/ouDEYA+qciGt+itpClwxZIr9y cNvHWLP0rjMO1CPUktGGz6Pdj8DwL557BDUiAYOjUSpwDFDyPDZkmzGp09bp89Z5sZWd rn4VwvwMCYwZW3mxXfrWvq6LcorUTtw4s1Niq2NACOXAOsN+Svx3ZdCjdTnrNuWov1QB tvrVfY+L2gSaMsAMrASskteQICtlwbb83Mzef54a+qTrtRq9A5lmmEMtZHvwoeUnyg3M a/XQ==
X-Gm-Message-State: ALoCoQmEzbVqSLSimu/kgy6cbyBRZgXYOC3zyJBDN5zvvaVtkUIM0SysrsnXoQ6TKehto0ig5dud
MIME-Version: 1.0
X-Received: by 10.52.122.52 with SMTP id lp20mr20210320vdb.64.1435681522705; Tue, 30 Jun 2015 09:25:22 -0700 (PDT)
Received: by 10.52.136.12 with HTTP; Tue, 30 Jun 2015 09:25:22 -0700 (PDT)
In-Reply-To: <3F524C09-C71B-49DA-ADD2-AE57610C6C89@mit.edu>
References: <4DF01AF4-CD33-4BB7-958B-FFECD37C8AFE@mit.edu> <DB3PR07MB138FDE12ED039C4C8CA9968BCA90@DB3PR07MB138.eurprd07.prod.outlook.com> <3F524C09-C71B-49DA-ADD2-AE57610C6C89@mit.edu>
Date: Tue, 30 Jun 2015 12:25:22 -0400
Message-ID: <CAKAzxEv59DJYoRdLNYu2hJ9Y5DhZ8vsKeaTk9-jKf-XfDP8A7Q@mail.gmail.com>
From: Scott Shorter <sshorter@electrosoft-inc.com>
To: Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary="089e013a13bc2bffaa0519bea70a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/yoPk5dxIsNRF4K9YUNyWPcMmOgg>
Cc: Josh Howlett <Josh.Howlett@jisc.ac.uk>, "vot@ietf.org" <vot@ietf.org>
Subject: Re: [VoT] Vectors of Trust I-D
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 16:25:27 -0000
Great discussion all. I don't know if I've said it here before, but my
equation for trust goes like this:
trust = 1 / risk
If we are trying to measure risk, what if this were considered a "risk
score" that is calculated from "risk metrics"? Identity risk score, if we
want to get crazy.
I get the notion from the Common Vulnerability Scoring System (CVSS,
version 3 draft is available here
<https://www.first.org/_assets/downloads/cvss/cvss-v30-preview2-metricvectorstring-december-2014.pdf>).
I think that there's a lot of similarities between vulnerability management
and credential management. Vulnerabilities represent potential risks to
systems, and CVSS provides a way of expressing those risks. Similarly
every credential issued represents a marginal increased risk, and our
strawperson document currently looks a lot like CVSS.
I don't know whether more harm is done by unmanaged credentials or
unmitigated vulnerabilities, but each of those should be captured in an
organization's risk registry.
My 0.02USD,
Scott
On Tue, Jun 30, 2015 at 12:01 PM, Justin Richer <jricher@mit.edu> wrote:
> Josh, thanks for the great comments. Responses inline:
>
> On Jun 30, 2015, at 7:22 AM, Josh Howlett <Josh.Howlett@jisc.ac.uk> wrote:
>
> Justin, Leif,
>
>
>
> Thanks for this draft. I only have some general comments at this point.
> The first two concern the use of language; I might be hair-splitting: YMMV.
> The final comment is more substantive.
>
>
>
> 1. Vectors have a very specific formal meaning in mathematics. Given that
> this is an engineering community, I think there’s a possibility of creating
> confusion from the use of this language. You correctly try to disambiguate
> this in 2.2, but the use of different language would make this unnecessary.
>
>
> When we picked the name “vectors of trust” we knew that both “vector” and
> “trust” were terms that were going to confuse some people but could be
> explained fairly succinctly in this context and help get the point across.
> I’m honestly welcome to renaming the whole shebang but for now I’ve yet to
> hear a better set of terms.
>
>
>
> 2. The draft talks of vectors of trust but actually describes types of
> evidence and attributes that can be associated with these. As you discuss
> in section 7.1, there is a specific trust context which confers semantics
> on these attributes ex post facto. Thus this evidence and their attributes
> can inform runtime outcomes, in the context of a given trust context, but
> do not define it. I think it might be helpful to reconsider the description
> of this work, so that its goal is clearer to the reader; and set out the
> fundamental role of the trust context within the introduction/background.
>
>
> It was only in this latest draft that we really started to set out the
> importance of context for a given VoT value, so I think your comments here
> are valid.
>
>
>
> 3. The goal of the draft, as I understand it, is to enable RPs and IdPs to
> share a common vocabulary of evidence and their attributes. This avoids the
> “bundling” of different kinds of evidence by allowing for decomposability.
> This evidence, now unbundled, can be employed in different trust contexts,
> facilitating interoperability across trust framework. So far so good?
> However I’ll note that the evidences and attributes described in section 3
> are often themselves bundles (“C5 Sealed hardware token / trusted biometric
> / TPM-backed keys). So, playing devil’s advocate, what is to stop actors
> from decomposing the core elements described in section 3? Indeed I think
> it’s actually a goal of this document to permit that through extensions. I
> wonder therefore whether an excess of decomposability will actually
> aggravate interoperability between trust contexts. Clearly this could be
> addressed by setting norms, but then you’ve reinvented NIST 800-63.
> Alternatively you could imagine a taxonomy of evidence, with classes and
> (through extensions) sub-classes allowing for greater specificity, while
> providing for a general interpretation if actors do not share the same
> vocabulary. I hesitate to describe this as fractal, but I hope you can see
> what I’m driving at.
>
>
>
>
> It could definitely be fractal, but I think it’s important that we capture
> something at the right level. Aggregate a bunch of vector values together
> and you get a definition like 800-63, which is still useful but only in its
> intended consequences. Break apart the vector components and you get into
> the specifics of a full trust framework definition, like the high
> granularity in the GTRI work (or Steve’s “everything is an attribute”
> utopia). I think there’s value in each of those, but the value doesn’t
> really come at runtime when you need to make a contextual decision. That’s
> where I think that the VoT approach can really shine. It’s more granular
> than the broad sweeping definitions that authentication guidelines would
> have, but it’s less granular than a sea of attributes. We want something
> that an RP can hope to process and make sense of, and to do that we need to
> walk a fine line.
>
> — Justin
>
> Josh.
>
> *From:* vot [mailto:vot-bounces@ietf.org <vot-bounces@ietf.org>] *On
> Behalf Of *Justin Richer
> *Sent:* 27 June 2015 04:15
> *To:* vot@ietf.org
> *Subject:* [VoT] Vectors of Trust I-D
>
>
>
> Hi Everyone,
>
>
>
> I have taken the initial strawman proposal along with a substantial number
> of edits and inputs from several folks and have created an initial I-D of
> the document:
>
>
>
> https://tools.ietf.org/id/draft-richer-vectors-of-trust-00
>
>
>
> It’s still a very drafty draft, but hopefully it’s starting to make this a
> concrete thing. Please read it over and discuss it here on the list.
>
>
>
> I would like to propose a bar-BoF in Prague for VoT for anyone who would
> like to discuss this. If you’re interested (and will be there in person),
> let me know!
>
>
>
> — Justin
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
>
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company
> limited by guarantee which is registered in England under company number
> 2881024, VAT number GB 197 0632 86. The registered office is: One Castle
> Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>
>
>
> _______________________________________________
> vot mailing list
> vot@ietf.org
> https://www.ietf.org/mailman/listinfo/vot
>
>
--
==============================================================
*Scott Shorter, Principal Security Engineer*
Electrosoft *–* Fueling Customer Success Through Outstanding Value and
Trust!
*Woman-Owned, Minority-Owned Small Business | ISO 9001 | CMMI Level 2 *
1893 Metro Center Drive; Ste 228; Reston, VA 20190
sshorter@electrosoft-inc.com (Email); http://www.electrosoft-inc.com (Web)
==============================================================
- [VoT] Vectors of Trust I-D Justin Richer
- Re: [VoT] Vectors of Trust I-D Josh Howlett
- Re: [VoT] Vectors of Trust I-D Jim Fenton
- Re: [VoT] Vectors of Trust I-D Justin Richer
- Re: [VoT] Vectors of Trust I-D Justin Richer
- Re: [VoT] Vectors of Trust I-D Jones, Mark B
- Re: [VoT] Vectors of Trust I-D Scott Shorter
- Re: [VoT] Vectors of Trust I-D Ira McDonald
- Re: [VoT] Vectors of Trust I-D Kelts, David
- Re: [VoT] Vectors of Trust I-D Jim Fenton