[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internal WG Review: Credential and Provisioning (enroll)

To: "James Kempf" <kempf@docomolabs-usa.com>, <iesg-secretary@ietf.org>, <iesg@ietf.org>, <iab@iab.org>, "Eric Rescorla" <ekr@rtfm.com>
Subject: Re: Internal WG Review: Credential and Provisioning (enroll)
From: Paul Hoffman / IMC <phoffman@imc.org>
Date: Tue, 14 Oct 2003 10:04:50 -0700
In-reply-to: <01fa01c39272$b2dfbc00$956015ac@dclkempt40>
References: <200310081742.NAA28897@ietf.org> <01fa01c39272$b2dfbc00$956015ac@dclkempt40>

At 9:46 AM -0700 10/14/03, James Kempf wrote:

> When doing enrollment of a service consumer against a service provider,

  three pieces of information need to be provided or created in order to
  support authentication of the service consumer to the service provider
  (and visa versa) and to allow for additional security services to be
  provided any information exchanged. These pieces of data are:


"provided any information exchanged" -> "provided on any information
exchanged" ?

Good catch; I think it should be "provided for any information exchanged".

        1. An identifier, within a namespace controlled by the service
                  provider, for the service consumer.
        2. Keying information to be used for identity confirmation.
        3. A set of service consumer permissions. These permissions
                  describe to the provider the services that the consumer
                  wants to access, and they describe to the consumer what
                  services offered by the provider will be accessable.


This is a very clear and precise description of the problem. The actual work
items, discussed below, seem to focus on an overall architecture and
specific solutions for 2. For interoperability, however, it seems to me that
all three might need to be addressed, but 1 and 3 seem fraught with the
possibility of lots of proposed solutions and very few possible ways to
judge their merit. Does the WG intend to have actual solutions for 1 and 3
(as opposed to architecture) be out of scope or possible recharter items or
...?

If there is interest in specifying some profiles for 1 and 3, we would possibly take it on, but we're not interested in limiting either of them. For example, if someone wrote a short document saying "if you are going to use OIDs for the identifiers and permissions, here are some OID suggestions", that would be OK. If they said "here is the proper way to use OIDs" or "permissions must look like this, we would probably say no.

--Paul Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- Re: Internal WG Review: Credential and Provisioning (enroll)
  - From: "James Kempf" <kempf@docomolabs-usa.com>

References:
- Internal WG Review: Credential and Provisioning (enroll)
  - From: iesg-secretary@ietf.org
- Re: Internal WG Review: Credential and Provisioning (enroll)
  - From: "James Kempf" <kempf@docomolabs-usa.com>

Prev by Date: Re: Internal WG Review: Credential and Provisioning (enroll)
Next by Date: Re: 58th IETF WG/BOF Scheduling - Draft Agenda as of October 01
Previous by thread: Re: Internal WG Review: Credential and Provisioning (enroll)
Next by thread: Re: Internal WG Review: Credential and Provisioning (enroll)
Index(es):
- Date
- Thread