ietf
[Top] [All Lists]

Re: Internet Society joins Liberty Alliance Management Board: Why?

2009-03-01 16:49:15
Brian

Taking a loose view of the OSI 7 layer stack for a moment - is there any group that's looking at more than 3 layers?

Identity, as you know, can be at layer2 for link access sign on (the IEEE is addressing this area).

There's identity associated to an IP address.

There's identity associated with security principles within a VPN or TLS connection.

Then there's all the identity related stuff happening at the applications layer.

SIP has a few RFCs about this already, and more WG IDs in progress now.

I'm not being a SIP bigot - but RAI is heavily influenced by what occurs in SIP, and they have RFC 4474 (SIP Identity) already.

Where would a euphoric single sign-on (covering each of the above) be worked on in the IETF?

Is that a WG or an Area?

Hannes and I are but two working on IDs in this space - and have been for years, and because this topic is (either) so diluted or so spread out - it's hard to gain traction with many of its aspects - because of the lack of focus within any one WG or Area.

With this, I don't necessarily believe that because we don't have a WG now, identity should be worked somewhere else.

I believe identity should be view in both lower layer terms, as well as higher layer terms.

This is certainly true within a lot of vendor's product focuses (it's at the link/network layer, or the application signaling layer).

A distinct discussion is needed within the IETF on this topic IMO (which I guess is either a +1 to Hannees or a +1 to Dave's point(s)).

James

At 03:04 PM 3/1/2009, Brian E Carpenter wrote:
Dave,

On 2009-03-02 07:17, Dave CROCKER wrote:
...
> What is particularly interesting to me, about this line of comment, is
> not whether the relevant IETF-based technologies are superior or whether

Can you point me to the IETF WG(s) that are considering identity
management as a whole? I know there was the DIX BOF at IETF 65,
but since then??

I think this is relevant to your very valid question below.
I'd be mighty offended if ISOC signed up to an area of standards
activity that overlapped with the IETF without a full and open
discussion. But when it's an area that *is* relevant to the Internet,
but that the IETF appears to have passed on, it's less clear
what the discussion would achieve.

More below...

> an ISOC alliance with an industry Alliance was the right thing to do.
> There can -- and probably should -- be focussed debate about such
> questions.  But only within a larger context that I'd like to raise:
>
>      Should there be more or different ISOC/IETF dialogue, when ISOC is
> pursuing a strategic topic that is relevant to the IETF?
>
> The IETF/ISOC relationship has changed dramatically, in recent years,
> primarily in terms of ISOC involvement in IETF management and funding.
> What I do not recall seeing is whether there should be changes in the
> involvement of the IETF in ISOC activities.[1]
>
> An easy example is exactly the sort of involvement being implied by the
> current thread:  When ISOC is choosing to take a strategic action,
> should it seek public discussion within the IETF?

Actually, it's written in the IAB charter that:

   The IAB acts as a source of advice and guidance to the Board of
   Trustees and Officers of the Internet Society concerning technical,
   architectural, procedural, and (where appropriate) policy matters
   pertaining to the Internet and its enabling technologies. If
   necessary the IAB may convene panels of knowledgeable people, hold
   hearings, and otherwise pursue the investigation of specific
   questions or topics presented to it by the Internet Society.

So I'd say it's clear what should happen: ISOC should ask the IAB, and
the IAB, in the spirit of openness, should raise discussion within the
IETF.

Personal opinion: I was never too happy, while I was in the IAB or IESG,
that this channel was working as well as it should. But as you say:

>
> Public discussion is messy and IETF-wide consensus is virtually
> impossible to obtain for any interesting topic.  So I'm not at all
> suggesting that ISOC depend upon gaining that from the IETF.  Still,
> public discussion can surface useful information and opinion.
>
> Let me stress:  I don't intend this as criticism.  As things change, we
> gain insight.  The exchange surfaced an issue that struck me as
> interesting and potentially useful, and worth pursuing among the ISOC
> and IETF communities.

Agreed.

    Brian
>
> d/
>
>
> [1]  Side note:  The list of ISOC Board of Trustees at:
>
>      <http://www.isoc.org/isoc/general/trustees/board.php>
>
>      does not indicate the constituency or selection mechanism that chose
>      particular Trustees; it would be helpful to see that included in
> the list,
>      to understand whether they are ex officio, elected by from a
> region, or the
>      like.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>