ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Internet Society joins Liberty Alliance Management Board: Why?

2009-03-03 11:32:27
from [Hallam-Baker, Phillip] [Permanent Link] 
I think that a rather more fundamental problem is the fact that the IETF 
constitution prevents any organization or party speaking on behalf of the IETF 
as a whole.

I agree that it would be rather better if the IAB could take on this particular 
role than ISOC. But even the IAB can only represent a subset of IETF views on 
this topic. The tendency of NOMCON is to pick an IAB that 'will work together', 
which tends to mean that conflicting technical views have already been excluded 
before the IAB discussion begins. 

At least the IAB could serve as a conduit for Liberty views into the IETF. I 
don't see ISOC playing that role.



From a wider industry view, it is important to recognize here that the Liberty 
Alliance of 2009 is not the same organization that it was at the start, nor do 
the same conditions exist in the industry as then.


Liberty began at a time when the industry and mainstream press saw 'identity' 
as a gold rush. Many thought that the first company to establish a claim would 
gain control of cyberspace and so on. Liberty and AOL Magic Carpet were begun 
as an attempt to stop Microsoft Passport.

At this point we know that the original premise behind that particular industry 
battle was false. Deployment of an industry wide identity system is a much 
harder prospect than anyone thought then. There is really no risk that a 
proprietary system will grow like kudzu and engulf the net and this is now 
something that all the industry majors understand (but not some VC funded 
startups predicated on that strategy).


So at this point the rule in the identity space is safety in numbers. The major 
waring factions are now spending considerable time and effort to show that the 
war is over and there is going to be a concerted joint effort. Thus ISOC 
joining liberty does not represent the IETF taking sides in a Betamax/VHS 
battle. That would have been an issue three years ago, it is not really an 
issue at this point.


There are however some technical issues that need to be input to the debate 
that the IETF does need to take a stand on:

1) The DNS is the sole naming system for the Internet.

Identity is not an opportunity to roll out a new naming scheme whether the 
protocols are proprietary or not, whether the registry is open or not. Uniform 
naming schemes arise very infrequently. We have only had five uniform 
addressing schemes since the industrial revolution - latitude/longitude, the 
postal address system, telephone numbers, UPC barcodes and DNS names. If you 
can think of another, please let me know, I am thinking of writing a brief 
history of names.

Attempting to create a new naming basis inevitably attracts antibodies. My 
strong belief is that it is only possible to establish a naming system if 
people are not really paying attention. At this point everything connected to 
the Internet is scrutinized by people and organizations and governments that 
much prefer nothing to happen than for something to happen than might 
subsequently create a control point that is outside their control.

2) Make the base protocol simple

One of the big issues I take with many of the schemes out there is that they 
take an ISAKMP type approach to technology. Rather than commit to an actual 
decision we have mechanisms to negotiate mechanisms. It is not necessary to do 
that. Factor the authentication question out of the federation problem. 
Authentication technology is a bilateral choice between the end user and the 
authentication service. The relying party does not need to know anything about 
the technology or protocol employed. 

3) Make the protocol comprehensible

The most irritating phenomena in the 'identity' world is the proliferation of 
jargon. Rather than attempting to learn existing nomenclature, some have 
invented their own. As a result technical progress tends to be slow.



-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org on behalf of John C Klensin
Sent: Sun 3/1/2009 10:12 PM
To: Patrik Fältström; Dave CROCKER
Cc: Hannes Tschofenig; ietf(_at_)ietf(_dot_)org; Lynn St. Amour; 
daigle(_at_)isoc(_dot_)org
Subject: Re: Internet Society joins Liberty Alliance Management Board:  Why?
 
Patrik,

I fear that I need to side with Dave on this (!).  For issues at
the technology-policy boundary, ISOC is seen in the outside
community as the representative and "voice" of the IETF.  That
is generally a good thing and it is an impression many of us
have worked for years to create.  However, its side-effect is
that, if ISOC ventures into a management/policy role with one
particular consortium, the same folks we have been trying to
persuade that ISOC should be seen as the lead policy body in the
Internet technical community --in large measure because it does
represent the IETF-- are likely to infer (and reasonably so)
IETF endorsement of that consortium and its efforts.

That ultimately has little or nothing to do with whether the
IETF has active work in the area or how that work is organized.
It is the presumption that the IETF is taking/endorsing a set of
positions via ISOC.

Like Dave, I don't see looking for IETF community consensus on
the details is either necessary or desirable.  At the same time,
I think the IETF should be aware of the decisions being made and
the actions being taken early enough that interested community
members can make comments that are considered in the ISOC mix
and decision process.  If this has been discussed in depth with
the IAB and the IAB chose to not engage the community in advance
of the press releases, then, IMO, the IAB has fallen down on its
job.  Independent of the IAB, while IETF-appointed ISOC BoT
members represent themselves and not the IETF, I believe that
you (collectively) have at least a moral obligation to notice
issues on which the IETF community should be informed and to
make sure that happens... an obligation that goes well beyond
"well, you could have come to the meetings or read the minutes".

Certainly I know that the IETF has, as a body, tended to pay
fairly little attention to ISOC actions and activities.  But
that may be a reason for more, rather than less, outreach.

I am not suggesting trying to undo this decision, but believe
that, as ISOC adds sufficient technically-qualified staff to
engage in activities like this on its own, we need to work,
collectively, on better ways to facilitate communication in a
timely basis in the future.  In particular, we need to work
fairly hard to avoid a situation in which the IETF and ISOC end
up with different positions on an issue with external visibility
and consequences.  To do so would damage the credibility of all
concerned.

best,
    john

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: draft-crocker-email-arch (Internet Mail Architecture) to Proposed Standard, Arnt Gulbrandsen
Next by Date:  Last Call: draft-ietf-avt-seed-srtp (The SEED Cipher Algorithm and Its Use with the Secure Real-time Transport Protocol (SRTP)) to Proposed Standard, The IESG
Previous by Thread:  Re: Internet Society joins Liberty Alliance Management Board: Why?, JFC Morfin
Next by Thread:  RE: Internet Society joins Liberty Alliance Management Board: Why?, Hannes Tschofenig
Indexes:  [Date] [Thread] [Top] [All Lists]