You seem to be making some unstated assumptions.
If by "Provider" in "Provider based AUTH" you mean the last hop
communications service provider, then I would fundamentally disagree
with you. The communication service provider has no role in creating or
authenticating identifiers. Their job is to provide locators.
Now, those service providers may have an authentication relationship,
based on some identifiers, in order to provide communications services.
But the identifiers for that are completely uncoupled from and unrealted
to the identifiers need for an ID / Locator system.
Yes, if there is a provider of identifiers (not all systems even require
that), then the user of the identifier needs to have an appropriate
relationship with the provider of the identifier. And that needs to be
related to the authentication needed to update the mapping system.
But neither of those require anything other than the identifier and
suitable keying. I gave several examples of this in earlier emails to
the list.
Yours,
Joel
On 10/4/17 11:24 PM, Uma Chunduri wrote:
Hi Joel,
>Yes, authentication is necessary to modify the entries. (Whether one should be authenticated before reading varies from case to case.)
>But authentication does not require a separate identity. Exactly what it requires depends upon how the system is constructed.
IMHO, provider based AUTH is needed in lot of cases if we really want to build a solid system which enables mobility.
I responded to Jari, who is a pioneer and who helped spec out one of the best AUTH methods & systems successfully deployed ever with his https://tools.ietf.org/html/rfc4187
(but he did it for another most successful SDO, with all constructs like Pseudonyms and fast-re-auth-ids) didn't see the need for the same here.
May be as you indicated there is something missing in the charter that didn't reflect the need.
--
Uma C.