<as individual> I'm never in favor of limiting options. If a slave has independent access to the database, it can use its credentials and query. There isn't even an assumption that the database the master uses has to be the same as the one the slave uses.
The master to slave protocol is out of scope, which is good, we don't have to worry about issues where the slave gets a different answer than the master, and thus some sort of negotiation has to happen. That could happen. The master could be far enough away from a protected entity that it wouldn't be prohibited from using the channel the protected entity occupied, but the slave may be close enough that it could be blocked, even with different power/antenna rules. Doesn't matter. If the slave directly accesses the database, it uses its own credentials to do that. The master uses its own credentials for its access, and the databases could be the same or different. Brian On Apr 18, 2012, at 11:28 AM, Don Joslyn wrote: > There are also examples where fixed devices are slaves to a master device, > and because they are fixed TVBDs, they must go directly to the database for > channel lists. In this case, the slaves need authentication to access the > database. > > In the previous case I mentioned, where a Personal/Portable Mode I gets its > channel list from the master, the master must first verify the FCCID of the > Mode I device that is requesting a channel list. Since the Mode I device does > not directly access the database, it does not require authentication to > directly access the database. > > -----Original Message----- > From: Rosen, Brian [mailto:[email protected]] > Sent: Wednesday, April 18, 2012 11:14 AM > To: Don Joslyn > Cc: Peter McCann; [email protected] > Subject: Re: [paws] Database Discovery Question > > Yes, an example of what I was talking about. The credentials to access the > database in this case are the master's. > > Brian > > On Apr 18, 2012, at 11:10 AM, Don Joslyn wrote: > >> See response below... >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf >> Of Rosen, Brian >> Sent: Wednesday, April 18, 2012 10:42 AM >> To: Peter McCann >> Cc: [email protected] >> Subject: Re: [paws] Database Discovery Question >> >> Doesn't the slave get it's database access through the master? >> If that's true, the problem you are worried about doesn't exist. >> >> [Don - In the US, if the slave device is a personal/portable Mode I >> device, the master device provides a channel list to the slave device, >> but the master device must validate the slave device (FCCID) first via >> the Whitespace database.] >> >> Brian >> >> On Apr 18, 2012, at 10:37 AM, Peter McCann wrote: >> >>> I agree with Brian that LoST could be a good model for discovering >>> the appropriate database for the region you're in. A nation may >>> decide to subdivide their territory into provinces or states, each of >>> which maintains its own database. >>> >>> I think it would be a mistake to assume that there is a single, >>> pre-defined relationship for one device with just one database. >>> In particular, I think there is a thorny issue that will arise with >>> management of secure credentials on whitespace devices, illustrated >>> by the first use case in Section 4.2.1 of >>> draft-ietf-paws-problem-stmt-usecases-rqmts-03. Step 9 of that use >>> case says: >>> >>> 9. Once the master/AP has met all regulatory domain requirements >>> (e.g. validating the Device ID with the trusted database, etc) >>> the master provides the list of channels locally available to >>> the slave/user device. >>> >>> My question is, what if the master device has a relationship with one >>> database, but the slave device has a relationship with another? >>> How is the master's database supposed to validate the credentials of >>> the slave device, if we don't have some sort of common trust anchor? >>> Or will this "validation" be simply an insecure check of an ID >>> against a whitelist/blacklist? Who will allocate Device IDs? >>> Will they be specific to a particular database operator, or do we >>> need some common top-level allocation format? >>> >>> -Pete >>> >> >> _______________________________________________ >> paws mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/paws > _______________________________________________ paws mailing list [email protected] https://www.ietf.org/mailman/listinfo/paws
