Hi Joel, In-line [Uma]: Best Regards, -- Uma C. -----Original Message----- From: Joel M. Halpern [mailto:jmh@xxxxxxxxxxxxxxx] Sent: Wednesday, October 04, 2017 9:41 PM To: Uma Chunduri <uma.chunduri@xxxxxxxxxx>; Benjamin Kaduk <kaduk@xxxxxxx>; Jari Arkko <jari.arkko@xxxxxxxxx> Cc: ideas@xxxxxxxx; ietf@xxxxxxxx Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas) You seem to be making some unstated assumptions. If by "Provider" in "Provider based AUTH" you mean the last hop communications service provider, then I would fundamentally disagree with you. [Uma]: I meant IdP and it's an orthogonal discussion if both roles played by same entity.. The communication service provider has no role in creating or authenticating identifiers. Their job is to provide locators. [Uma]: Absolutely. Now, those service providers may have an authentication relationship, based on some identifiers, in order to provide communications services. But the identifiers for that are completely uncoupled from and unrealted to the identifiers need for an ID / Locator system. Yes, if there is a provider of identifiers (not all systems even require that), [Uma]: Yes, may be not all systems require that, especially if this is a local deployment. then the user of the identifier needs to have an appropriate relationship with the provider of the identifier. And that needs to be related to the authentication needed to update the mapping system. [Uma]: Yes. But neither of those require anything other than the identifier and suitable keying. [Uma]: If it's a local system simple keying is enough (in the expense of key management etc) as all devices may be managed by the same org.