Solving the identity crisis draft-ietf-geopriv-common-policy-05 - PowerPoint PPT Presentation

About This Presentation
Title:

Solving the identity crisis draft-ietf-geopriv-common-policy-05

Description:

Hannes Tschofennig. Jonathan Rosenberg. August 2005. IETF63 - SIMPLE. 2. Current solution ... Do not make distinction in common-policy ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 10
Provided by: softa
Category:

less

Transcript and Presenter's Notes

Title: Solving the identity crisis draft-ietf-geopriv-common-policy-05


1
Solving the identity crisisdraft-ietf-geopriv-com
mon-policy-05
  • Henning Schulzrinne
  • Aki Niemi
  • Hannes Tschofennig
  • Jonathan Rosenberg

2
Current solution
  • different identities
  • authenticated
  • unauthenticated
  • asserted
  • anonymous
  • asserted mapped to authenticated identity
  • authorization based on anonymous identity not
    provided
  • too vague description in some cases

ltidentitygt ltid entity"alice_at_example.com"/gt ltid
entity"bob_at_example.com"/gt lt/identitygt
ltidentitygt ltdomain domain"example.com"/gt
ltexcept domainfoo.com"/gt lt/identitygt
ltany-identitygt ltdomain domainbar.comgt
ltexcept-domain domain"example.com"/gt
ltexcept-domaindomain"foo.com"/gt lt/any-identitygt
3
Basic proposal
  • only authenticated identities
  • unauthenticated identities omit ltidentitygt

one person
identity
gt 1 person
4
Asserted vs. authenticated
  • Do not make distinction in common-policy
  • Currently, have text on distinction, but hard to
    understand without reference to particular use
    case (SIP, etc.)
  • Suggestion point to detailed discussion
    elsewhere

5
Background processing logic
  • All conditions are AND C1 AND C2
  • each condition can be OR within
  • If omitted, obviously not checked
  • for identity any identity, authenticated or not
  • Only one of each kind of condition
  • ltconditionsgt
  • ltidentitygtlt/identitygt
  • ltspheregtlt/spheregt
  • ltvaliditygtlt/validitygt
  • lt/conditionsgt

AND
6
Within each kind of condition
  • Allow OR conditions within ltidentitygt,
    ltvaliditygt, ltspheregt, ?
  • currently, defined for ltidentitygt only
  • matches any of a list of identities
  • may want for others?
  • e.g, for sphere
  • reason combinatorial explosion!

7
Identity Single individual/user/person/
  • ltone idalice_at_example.comgt
  • May contain tel URIs
  • OR
  • ltone idalice_at_example.com/gt
  • ltone idbob_at_example.com/gt

OR
8
gt 1 (groups)
  • can be combined with ltonegt -- OR
  • ltmany/gt ? any authenticated
  • ltmanygt
  • ltexcept domainexample.com/gt OR
  • ltexcept domainfoobar.com/gt
  • lt/manygt
  • ? all but enumerated domains
  • ltmany domainexample.comgt
  • ltexcept idalice/gt OR
  • ltexcept idbob/gt
  • lt/manygt
  • ? all but enumerated individuals in domain

9
tel URIs
  • tel URIs
  • other URIs that dont have domains non-domain
    identifiers
  • e.g., URN that uses passport numbers
  • Proposal 1 only allow non-domain identifiers in
    idtel123
  • doesnt work
  • ltmany domainexample.comgt
  • ltexcept idtel123/gt
  • lt/manygt
  • Proposal 2 only allow domain identifiers in
    ltmany/gt (non-domain in ltonegt only)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Solving the identity crisis draft-ietf-geopriv-common-policy-05" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!