Hi all, Please note that I have looked into the output of the (concluded) IETF ABFAB WG. In order to answer many questions/concerns that have been raised during the previous IDEAS discussions, it might be useful to consider the results of the IETF ABFAB WG. https://datatracker.ietf.org/wg/abfab/documents/ We could incorporate their concepts about identity and how identity can be established and leveraged in a distributed way able to satisfy trust and privacy concerns. Best regards, Georgios -----Original Message----- From: Ideas [mailto:ideas-bounces@xxxxxxxx] On Behalf Of Uma Chunduri Sent: Thursday, October 05, 2017 7:05 PM To: Joel M. Halpern; Benjamin Kaduk; Jari Arkko Cc: ideas@xxxxxxxx; ietf@xxxxxxxx Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas) Hi Joel, In-line [Uma]: Best Regards, -- Uma C. -----Original Message----- From: Joel M. Halpern [mailto:jmh@xxxxxxxxxxxxxxx] Sent: Wednesday, October 04, 2017 9:41 PM To: Uma Chunduri <uma.chunduri@xxxxxxxxxx>; Benjamin Kaduk <kaduk@xxxxxxx>; Jari Arkko <jari.arkko@xxxxxxxxx> Cc: ideas@xxxxxxxx; ietf@xxxxxxxx Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas) You seem to be making some unstated assumptions. If by "Provider" in "Provider based AUTH" you mean the last hop communications service provider, then I would fundamentally disagree with you. [Uma]: I meant IdP and it's an orthogonal discussion if both roles played by same entity.. The communication service provider has no role in creating or authenticating identifiers. Their job is to provide locators. [Uma]: Absolutely. Now, those service providers may have an authentication relationship, based on some identifiers, in order to provide communications services. But the identifiers for that are completely uncoupled from and unrealted to the identifiers need for an ID / Locator system. Yes, if there is a provider of identifiers (not all systems even require that), [Uma]: Yes, may be not all systems require that, especially if this is a local deployment. then the user of the identifier needs to have an appropriate relationship with the provider of the identifier. And that needs to be related to the authentication needed to update the mapping system. [Uma]: Yes. But neither of those require anything other than the identifier and suitable keying. [Uma]: If it's a local system simple keying is enough (in the expense of key management etc) as all devices may be managed by the same org. _______________________________________________ Ideas mailing list Ideas@xxxxxxxx https://www.ietf.org/mailman/listinfo/ideas