On 12/04/12 14:16, Tony Li allegedly wrote: > > On Dec 4, 2012, at 10:20 AM, Scott Brim <s...@internet2.edu> wrote: > >> I don't know who "they" is but applications that want to be robust >> across network changes have their own identity-related functions. They >> have done their own loc/id split, for the identities that matter to them >> (app/session level), and use it to sustain sessions. They don't care >> about or need what this list is talking about. > > Hi Scott, > > Doesn't that strike you as a layering violation? Shouldn't a stack shield > applications from having to create these mechanisms? > > Regards, > Tony
(sorry for the delay) First of all I'm talking about general Internet use, not special cases like data centers. In those cases it makes plenty of sense to treat all higher layer functions in a block and use lower layer identification mechanisms. Identification is not limited to a particular layer or activity -- identities are used at multiple layers and in higher layers there can be multiple independent identities (and identification functions). There is variation in what is being identified, how authentication and authorization are done, what happens during events, lifetime, etc. There was a time when everything used lower layer tuples for identification and that _was_ a layer violation. Now they have figured out that they have to have their own mechanisms in order to be free of location. Could they all use the same mechanisms provided by lower layers? The variation in requirements says no. Higher layer functions often need independence in how they behave - the end-to-end argument applies up the stack, not just in the network infrastructure. Not only is there variation in how identity is used already, we want to ensure that freedom for flexibility and robustness (just as we do elsewhere in the architecture). In particular, nowadays some "sessions" can leap between lower layer entities, independently of each other, while some remain and all maintain identities. Higher layer functions related to identity simply cannot depend on lower layers to provide it - they are now decoupled. Scott _______________________________________________ rrg mailing list rrg@irtf.org http://www.irtf.org/mailman/listinfo/rrg