RE: Internet Society joins Liberty Alliance Management Board: Why?
I think that a rather more fundamental problem is the fact that the IETF constitution prevents any organization or party speaking on behalf of the IETF as a whole. I agree that it would be rather better if the IAB could take on this particular role than ISOC. But even the IAB can only represent a subset of IETF views on this topic. The tendency of NOMCON is to pick an IAB that 'will work together', which tends to mean that conflicting technical views have already been excluded before the IAB discussion begins. At least the IAB could serve as a conduit for Liberty views into the IETF. I don't see ISOC playing that role. From a wider industry view, it is important to recognize here that the Liberty Alliance of 2009 is not the same organization that it was at the start, nor do the same conditions exist in the industry as then. Liberty began at a time when the industry and mainstream press saw 'identity' as a gold rush. Many thought that the first company to establish a claim would gain control of cyberspace and so on. Liberty and AOL Magic Carpet were begun as an attempt to stop Microsoft Passport. At this point we know that the original premise behind that particular industry battle was false. Deployment of an industry wide identity system is a much harder prospect than anyone thought then. There is really no risk that a proprietary system will grow like kudzu and engulf the net and this is now something that all the industry majors understand (but not some VC funded startups predicated on that strategy). So at this point the rule in the identity space is safety in numbers. The major waring factions are now spending considerable time and effort to show that the war is over and there is going to be a concerted joint effort. Thus ISOC joining liberty does not represent the IETF taking sides in a Betamax/VHS battle. That would have been an issue three years ago, it is not really an issue at this point. There are however some technical issues that need to be input to the debate that the IETF does need to take a stand on: 1) The DNS is the sole naming system for the Internet. Identity is not an opportunity to roll out a new naming scheme whether the protocols are proprietary or not, whether the registry is open or not. Uniform naming schemes arise very infrequently. We have only had five uniform addressing schemes since the industrial revolution - latitude/longitude, the postal address system, telephone numbers, UPC barcodes and DNS names. If you can think of another, please let me know, I am thinking of writing a brief history of names. Attempting to create a new naming basis inevitably attracts antibodies. My strong belief is that it is only possible to establish a naming system if people are not really paying attention. At this point everything connected to the Internet is scrutinized by people and organizations and governments that much prefer nothing to happen than for something to happen than might subsequently create a control point that is outside their control. 2) Make the base protocol simple One of the big issues I take with many of the schemes out there is that they take an ISAKMP type approach to technology. Rather than commit to an actual decision we have mechanisms to negotiate mechanisms. It is not necessary to do that. Factor the authentication question out of the federation problem. Authentication technology is a bilateral choice between the end user and the authentication service. The relying party does not need to know anything about the technology or protocol employed. 3) Make the protocol comprehensible The most irritating phenomena in the 'identity' world is the proliferation of jargon. Rather than attempting to learn existing nomenclature, some have invented their own. As a result technical progress tends to be slow. -Original Message- From: ietf-boun...@ietf.org on behalf of John C Klensin Sent: Sun 3/1/2009 10:12 PM To: Patrik Fältström; Dave CROCKER Cc: Hannes Tschofenig; ietf@ietf.org; Lynn St. Amour; dai...@isoc.org Subject: Re: Internet Society joins Liberty Alliance Management Board: Why? Patrik, I fear that I need to side with Dave on this (!). For issues at the technology-policy boundary, ISOC is seen in the outside community as the representative and voice of the IETF. That is generally a good thing and it is an impression many of us have worked for years to create. However, its side-effect is that, if ISOC ventures into a management/policy role with one particular consortium, the same folks we have been trying to persuade that ISOC should be seen as the lead policy body in the Internet technical community --in large measure because it does represent the IETF-- are likely to infer (and reasonably so) IETF endorsement of that consortium and its efforts. That ultimately has little or nothing to do with whether the IETF has active work in the area or how that work is organized. It is the presumption
RE: Internet Society joins Liberty Alliance Management Board: Why?
So at this point the rule in the identity space is safety in numbers. The major waring factions are now spending considerable time and effort to show that the war is over and there is going to be a concerted joint effort. Thus ISOC joining liberty does not represent the IETF taking sides in a Betamax/VHS battle. That would have been an issue three years ago, it is not really an issue at this point. So, who is the winner? (Or are there only loosers, more like in a real war?) ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
On Mar 1, 2009, at 9:04 PM, Eric Rescorla wrote: At Sun, 1 Mar 2009 19:59:00 +0200, Hannes Tschofenig wrote: As you might have noticed, the WebSSO Identity Management space is not running out of organizations and groups. Someone could, for example, come up with the question why ISOC did not join the MIT Kerberos Consortium (see http://www.kerberos.org/), as Kerberos is a technology developed within the IETF, or to support technologies like OpenID, OAuth, etc. that are closer to the Internet deployment. I am sure your team had a lot of conversations with the IAB on what direction would be better for the Internet (with respect to the creation of an identity layer) but I fear that many in the IETF community are at best not informed about what you are doing and why you believe that this is heading into the right direction. Did ISOC in fact have these discussions with the IAB? I'd be very interested to hear the IAB weigh in here. -Ekr Hi Ekr and Hannes, ISOC has been working within the IETF community as a whole on a variety of technical issues, and did not approach the IAB as a body when taking the decision to join Liberty Alliance/NewOrg. ISOC's broad goals here seem largely to fall outside the IETF arena. We are working with these other communities to build a more transparent and open identity organization which serves the broader identity community, and reaches out to adopters and end-users. We are, of course, very open to conversation about advancing these goals with any interested IETFer. And, to be clear we are very supportive of the OAuth efforts and hope to see OAuth chartered in the IETF. I echo Dave's original comments that this discussion is interesting and useful, and Leslie has provided some additional context in another mail. Best, Lynn ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
On 1 mrt 2009, at 23:49, Lynn St.Amour wrote: PS. Re: your side note below on the makeup of the ISOC Board, we'll update the list to show the community or mechanism that appoints/ elects Trustees. In the meantime, the IETF appoints 3 Trustees (out of 13, 12 voting and me non-voting). The current IETF appointees to the ISOC Board are: Patrik Fältström, Ted Hardie and Bert Wijnen. Also note that the IAB is to select a new IETF appointee. See http://www.ietf.org/mail-archive/web/ietf-announce/current/msg05771.html for the list of nominees. --Olaf PGP.sig Description: This is a digitally signed message part ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
Hannes, Two mostly rhetorical questions... Hannes Tschofenig wrote: As you might have noticed, the WebSSO Identity Management space is not running out of organizations and groups. Someone could, for example, come up with the question why ISOC did not join the MIT Kerberos Consortium (see http://www.kerberos.org/), as Kerberos is a technology developed within the IETF, or to support technologies like OpenID, OAuth, etc. that are closer to the Internet deployment. I am sure your team had a lot of conversations with the IAB on what direction would be better for the Internet (with respect to the creation of an identity layer) but I fear that many in the IETF community are at best not informed about what you are doing and why you believe that this is heading into the right direction. I find it somewhat interesting that we would perceive the ISOC as being responsible to the IETF in this regard. The IETF is not the only place to do standards. Is the IETF the right place to do this work? How go are we historically at public policy? If ISOC wants to understand what managed identity will mean for end users then maybe a discussion within the IETF would help to get a better understanding as some of us have been working on this subject for a while. One could even claim that the IETF is also a pretty open forum to discuss these types of things, particularly when they have a high relevance for the Internet. Did nobody come up with the idea about how the IETF could be more actively involved in this space? I give you the IETF 65 and 66 dix/wae bof/dicusssions... What were the outcomes? Do the right people even come to the IETF? Ciao Hannes -Original Message- From: Lucy Lynch [mailto:lly...@civil-tongue.net] Sent: 01 March, 2009 19:30 To: Hannes Tschofenig Cc: ietf@ietf.org Subject: Re: Internet Society joins Liberty Alliance Management Board: Why? On Sat, 28 Feb 2009, Hannes Tschofenig wrote: I would like to hear a bit more background about these activities, see https://www.projectliberty.org/news_events/press_releases/internet_soc iety_j oins_liberty_alliance_management_board Hannes - ISOC hat on As stated in the press release, ISOC has joined the the Liberty Alliance Board. Our participation here is directly related to the ISOC initiative on Trust and Identity (T/Id). Our primary interest is not just the Liberty Alliance itself but a proposed transition to a broader organization. This effort is currently called either IDTBD or NewOrg in the community discussions. The intent is to open participation to new entrants and technologies and NewOrg will also help represent emerging identity management work to end-users, policymakers, enterprise adopters, and others. ISOC has been actively reaching out to many of the current identity technology communities as part of our effort to understand what managed identity will mean for end users. We also have some interest in how the frameworks and use cases developing in user managed identity communities may overlap and inform more traditional networked identity/identifier problems. I believe that ISOC support for this move to an open community lead forum will help bring this important work to a broader audience and will encourage greater participation and interoperability (high priorities for T/Id work: http://www.isoc.org/isoc/mission/initiative/trust.shtml). The transition to a NewOrg is still in process, and the founding documents: by-laws, operating procedures, IPR considerations, etc., were reviewed at the recent Liberty Alliance Plenary and continue to progress. (see: http://groups.google.com/group/idtbd) - Lucy Thanks! Ciao Hannes ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Internet Society joins Liberty Alliance Management Board: Why?
Hi Joel, Hannes, Two mostly rhetorical questions... Hannes Tschofenig wrote: As you might have noticed, the WebSSO Identity Management space is not running out of organizations and groups. Someone could, for example, come up with the question why ISOC did not join the MIT Kerberos Consortium (see http://www.kerberos.org/), as Kerberos is a technology developed within the IETF, or to support technologies like OpenID, OAuth, etc. that are closer to the Internet deployment. I am sure your team had a lot of conversations with the IAB on what direction would be better for the Internet (with respect to the creation of an identity layer) but I fear that many in the IETF community are at best not informed about what you are doing and why you believe that this is heading into the right direction. I find it somewhat interesting that we would perceive the ISOC as being responsible to the IETF in this regard. Responsible is not the right term. A bit better synchronized would be nice. The IETF is not the only place to do standards. Everyone knows that. Even the ITU-T is working on identity management ... Is the IETF the right place to do this work? [By 'this' I assume you mean 'work on IdM'] I wonder why you think that the work on identity management could not something the IETF should we focusing on? Folks who participate in the IETF do their work on identity management in other organizations. It would be useful todo an analysis on why the IETF isn't suitable for dealing with some of the application layer / security work that happen currently outside the IETF: * Is it a problem with the persons (lack of knowledge, for example)? * Is it possible that some folks don't want to wait 5 years till a specification gets finished? * Maybe they have problems with our IPR policy? Would be really interesting to understand these types of things a bit better. Don't you think so? How go are we historically at public policy? If ISOC wants to understand what managed identity will mean for end users then maybe a discussion within the IETF would help to get a better understanding as some of us have been working on this subject for a while. One could even claim that the IETF is also a pretty open forum to discuss these types of things, particularly when they have a high relevance for the Internet. Did nobody come up with the idea about how the IETF could be more actively involved in this space? I give you the IETF 65 and 66 dix/wae bof/dicusssions... What were the outcomes? Do the right people even come to the IETF? Don't ask me. I am still puzzled about the lack of actions. After the 2nd BOF I had the impression that everything was going fine. Obviously not quite ... Ciao Hannes Ciao Hannes -Original Message- From: Lucy Lynch [mailto:lly...@civil-tongue.net] Sent: 01 March, 2009 19:30 To: Hannes Tschofenig Cc: ietf@ietf.org Subject: Re: Internet Society joins Liberty Alliance Management Board: Why? On Sat, 28 Feb 2009, Hannes Tschofenig wrote: I would like to hear a bit more background about these activities, see https://www.projectliberty.org/news_events/press_releases/internet_so c iety_j oins_liberty_alliance_management_board Hannes - ISOC hat on As stated in the press release, ISOC has joined the the Liberty Alliance Board. Our participation here is directly related to the ISOC initiative on Trust and Identity (T/Id). Our primary interest is not just the Liberty Alliance itself but a proposed transition to a broader organization. This effort is currently called either IDTBD or NewOrg in the community discussions. The intent is to open participation to new entrants and technologies and NewOrg will also help represent emerging identity management work to end-users, policymakers, enterprise adopters, and others. ISOC has been actively reaching out to many of the current identity technology communities as part of our effort to understand what managed identity will mean for end users. We also have some interest in how the frameworks and use cases developing in user managed identity communities may overlap and inform more traditional networked identity/identifier problems. I believe that ISOC support for this move to an open community lead forum will help bring this important work to a broader audience and will encourage greater participation and interoperability (high priorities for T/Id work: http://www.isoc.org/isoc/mission/initiative/trust.shtml). The transition to a NewOrg is still in process, and the founding documents: by-laws, operating procedures, IPR considerations, etc., were reviewed at the recent Liberty Alliance Plenary and continue to progress. (see: http://groups.google.com/group/idtbd) - Lucy Thanks! Ciao Hannes ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
Hannes Tschofenig wrote: Hi Joel, Hannes, Two mostly rhetorical questions... Hannes Tschofenig wrote: As you might have noticed, the WebSSO Identity Management space is not running out of organizations and groups. Someone could, for example, come up with the question why ISOC did not join the MIT Kerberos Consortium (see http://www.kerberos.org/), as Kerberos is a technology developed within the IETF, or to support technologies like OpenID, OAuth, etc. that are closer to the Internet deployment. I am sure your team had a lot of conversations with the IAB on what direction would be better for the Internet (with respect to the creation of an identity layer) but I fear that many in the IETF community are at best not informed about what you are doing and why you believe that this is heading into the right direction. I find it somewhat interesting that we would perceive the ISOC as being responsible to the IETF in this regard. Responsible is not the right term. A bit better synchronized would be nice. The IETF is not the only place to do standards. Everyone knows that. Even the ITU-T is working on identity management ... Is the IETF the right place to do this work? [By 'this' I assume you mean 'work on IdM'] I wonder why you think that the work on identity management could not something the IETF should we focusing on? Folks who participate in the IETF do their work on identity management in other organizations. It would be useful todo an analysis on why the IETF isn't suitable for dealing with some of the application layer / security work that happen currently outside the IETF: * Is it a problem with the persons (lack of knowledge, for example)? * Is it possible that some folks don't want to wait 5 years till a specification gets finished? * Maybe they have problems with our IPR policy? Maybe the IETF is altogether the wrong place to do public policy? I don't think it's the case that there is no intersection, Or that there are other more appropiate places to do some kinds of work. However when I read something like Nist 800-63 obviously I see the input of people I recognize there so I don't belive that it goes unrepresented in this organziation... Would be really interesting to understand these types of things a bit better. Don't you think so? Would I like us to be more mindful of our limitations? Absolutely. We might consider for example how we managed to make such a hash of IDN. How go are we historically at public policy? If ISOC wants to understand what managed identity will mean for end users then maybe a discussion within the IETF would help to get a better understanding as some of us have been working on this subject for a while. One could even claim that the IETF is also a pretty open forum to discuss these types of things, particularly when they have a high relevance for the Internet. Did nobody come up with the idea about how the IETF could be more actively involved in this space? I give you the IETF 65 and 66 dix/wae bof/dicusssions... What were the outcomes? Do the right people even come to the IETF? Don't ask me. I am still puzzled about the lack of actions. After the 2nd BOF I had the impression that everything was going fine. If I recall there was little support for the wide scope of work. Particpants moved on and nothing came of it in the IETF. http://www.ietf.org/mail-archive/web/dix/current/msg00863.html http://www.ietf.org/mail-archive/web/dix/current/msg00834.html Obviously not quite ... Ciao Hannes Ciao Hannes -Original Message- From: Lucy Lynch [mailto:lly...@civil-tongue.net] Sent: 01 March, 2009 19:30 To: Hannes Tschofenig Cc: ietf@ietf.org Subject: Re: Internet Society joins Liberty Alliance Management Board: Why? On Sat, 28 Feb 2009, Hannes Tschofenig wrote: I would like to hear a bit more background about these activities, see https://www.projectliberty.org/news_events/press_releases/internet_so c iety_j oins_liberty_alliance_management_board Hannes - ISOC hat on As stated in the press release, ISOC has joined the the Liberty Alliance Board. Our participation here is directly related to the ISOC initiative on Trust and Identity (T/Id). Our primary interest is not just the Liberty Alliance itself but a proposed transition to a broader organization. This effort is currently called either IDTBD or NewOrg in the community discussions. The intent is to open participation to new entrants and technologies and NewOrg will also help represent emerging identity management work to end-users, policymakers, enterprise adopters, and others. ISOC has been actively reaching out to many of the current identity technology communities as part of our effort to understand what managed identity will mean for end users. We also have some interest in how the frameworks and use cases developing in user managed identity
RE: Internet Society joins Liberty Alliance Management Board: Why?
At 9:35 PM +0200 3/2/09, Hannes Tschofenig wrote: I find it somewhat interesting that we would perceive the ISOC as being responsible to the IETF in this regard. Responsible is not the right term. A bit better synchronized would be nice. ISOC has multiple staff members at every IETF, and those folks are very engaged with IETF participants. Is the IETF the right place to do this work? [By 'this' I assume you mean 'work on IdM'] I wonder why you think that the work on identity management could not something the IETF should we focusing on? It could be, but it isn't. We have had a decade of opportunity to take on that focus, and haven't. That should give us a great big clue about whether or not we should be the center of such work. It would be useful todo an analysis on why the IETF isn't suitable for dealing with some of the application layer / security work that happen currently outside the IETF: * Is it a problem with the persons (lack of knowledge, for example)? * Is it possible that some folks don't want to wait 5 years till a specification gets finished? * Maybe they have problems with our IPR policy? For very good reason, we roll our eyes at various people who come to us to standardize things they are interested in, telling them that we are not the universal SDO hammer for all possible protocol nails. To some of us who have dealt with it over the decade, identity management seems like a tarbaby that the IETF's processes would not be well-usited to deal with. Would be really interesting to understand these types of things a bit better. Don't you think so? It can go onto the long list, yes. --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
On Sat, 28 Feb 2009, Hannes Tschofenig wrote: I would like to hear a bit more background about these activities, see https://www.projectliberty.org/news_events/press_releases/internet_society_j oins_liberty_alliance_management_board Hannes - ISOC hat on As stated in the press release, ISOC has joined the the Liberty Alliance Board. Our participation here is directly related to the ISOC initiative on Trust and Identity (T/Id). Our primary interest is not just the Liberty Alliance itself but a proposed transition to a broader organization. This effort is currently called either IDTBD or NewOrg in the community discussions. The intent is to open participation to new entrants and technologies and NewOrg will also help represent emerging identity management work to end-users, policymakers, enterprise adopters, and others. ISOC has been actively reaching out to many of the current identity technology communities as part of our effort to understand what managed identity will mean for end users. We also have some interest in how the frameworks and use cases developing in user managed identity communities may overlap and inform more traditional networked identity/identifier problems. I believe that ISOC support for this move to an open community lead forum will help bring this important work to a broader audience and will encourage greater participation and interoperability (high priorities for T/Id work: http://www.isoc.org/isoc/mission/initiative/trust.shtml). The transition to a NewOrg is still in process, and the founding documents: by-laws, operating procedures, IPR considerations, etc., were reviewed at the recent Liberty Alliance Plenary and continue to progress. (see: http://groups.google.com/group/idtbd) - Lucy Thanks! Ciao Hannes ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Internet Society joins Liberty Alliance Management Board: Why?
As you might have noticed, the WebSSO Identity Management space is not running out of organizations and groups. Someone could, for example, come up with the question why ISOC did not join the MIT Kerberos Consortium (see http://www.kerberos.org/), as Kerberos is a technology developed within the IETF, or to support technologies like OpenID, OAuth, etc. that are closer to the Internet deployment. I am sure your team had a lot of conversations with the IAB on what direction would be better for the Internet (with respect to the creation of an identity layer) but I fear that many in the IETF community are at best not informed about what you are doing and why you believe that this is heading into the right direction. If ISOC wants to understand what managed identity will mean for end users then maybe a discussion within the IETF would help to get a better understanding as some of us have been working on this subject for a while. One could even claim that the IETF is also a pretty open forum to discuss these types of things, particularly when they have a high relevance for the Internet. Did nobody come up with the idea about how the IETF could be more actively involved in this space? Ciao Hannes -Original Message- From: Lucy Lynch [mailto:lly...@civil-tongue.net] Sent: 01 March, 2009 19:30 To: Hannes Tschofenig Cc: ietf@ietf.org Subject: Re: Internet Society joins Liberty Alliance Management Board: Why? On Sat, 28 Feb 2009, Hannes Tschofenig wrote: I would like to hear a bit more background about these activities, see https://www.projectliberty.org/news_events/press_releases/internet_soc iety_j oins_liberty_alliance_management_board Hannes - ISOC hat on As stated in the press release, ISOC has joined the the Liberty Alliance Board. Our participation here is directly related to the ISOC initiative on Trust and Identity (T/Id). Our primary interest is not just the Liberty Alliance itself but a proposed transition to a broader organization. This effort is currently called either IDTBD or NewOrg in the community discussions. The intent is to open participation to new entrants and technologies and NewOrg will also help represent emerging identity management work to end-users, policymakers, enterprise adopters, and others. ISOC has been actively reaching out to many of the current identity technology communities as part of our effort to understand what managed identity will mean for end users. We also have some interest in how the frameworks and use cases developing in user managed identity communities may overlap and inform more traditional networked identity/identifier problems. I believe that ISOC support for this move to an open community lead forum will help bring this important work to a broader audience and will encourage greater participation and interoperability (high priorities for T/Id work: http://www.isoc.org/isoc/mission/initiative/trust.shtml). The transition to a NewOrg is still in process, and the founding documents: by-laws, operating procedures, IPR considerations, etc., were reviewed at the recent Liberty Alliance Plenary and continue to progress. (see: http://groups.google.com/group/idtbd) - Lucy Thanks! Ciao Hannes ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
Hannes Tschofenig wrote: Someone could, for example, come up with the question why ISOC did not join the MIT Kerberos Consortium (see http://www.kerberos.org/), as Kerberos is a technology developed within the IETF, or to support technologies like OpenID, OAuth, etc. that are closer to the Internet deployment. I am sure your team had a lot of conversations with the IAB on what direction would be better for the Internet Folks, What is particularly interesting to me, about this line of comment, is not whether the relevant IETF-based technologies are superior or whether an ISOC alliance with an industry Alliance was the right thing to do. There can -- and probably should -- be focussed debate about such questions. But only within a larger context that I'd like to raise: Should there be more or different ISOC/IETF dialogue, when ISOC is pursuing a strategic topic that is relevant to the IETF? The IETF/ISOC relationship has changed dramatically, in recent years, primarily in terms of ISOC involvement in IETF management and funding. What I do not recall seeing is whether there should be changes in the involvement of the IETF in ISOC activities.[1] An easy example is exactly the sort of involvement being implied by the current thread: When ISOC is choosing to take a strategic action, should it seek public discussion within the IETF? Public discussion is messy and IETF-wide consensus is virtually impossible to obtain for any interesting topic. So I'm not at all suggesting that ISOC depend upon gaining that from the IETF. Still, public discussion can surface useful information and opinion. Let me stress: I don't intend this as criticism. As things change, we gain insight. The exchange surfaced an issue that struck me as interesting and potentially useful, and worth pursuing among the ISOC and IETF communities. d/ [1] Side note: The list of ISOC Board of Trustees at: http://www.isoc.org/isoc/general/trustees/board.php does not indicate the constituency or selection mechanism that chose particular Trustees; it would be helpful to see that included in the list, to understand whether they are ex officio, elected by from a region, or the like. -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
Hannes, Let me as a member of ISOC BoT that is appointed by the IETF explain a bit more on what Lucy just explained below. I hope first of all that you specifically noted that ISOC is looking for coordination with many groups. This implies that when you or anyone else see some formal connection between ISOC and other organisations does not imply ISOC can get arrangements with other organisations as well. And, different organisations require different kinds of connections. Regarding the work between IETF and ISOC in for example the work on trust, that *is* done together with the IETF. We do not have any formal explicit relationship with the various wg's (but the IETF as you know does not work that way...), but we do of course have connection with various very active IETF participants in the various areas. You can for example have a look at the report that was published in 2008 regarding specifically this work: http://www.isoc.org/isoc/mission/initiative/docs/trust-report-2008.pdf Attendees ISOC Board of Trustees/Officers: Fred Baker, Scott Bradner (remote), Hiroshi Esaki, Patrik Fältström, Ted Hardie, Daniel Karrenberg, Franck Martin, Desirée Miloshevic, Alejandro Pisanty (remote), Glenn Ricart, Stephen Squires (past BoT member and instigator), Lynn St. Amour, Bill St. Arnaud, Patrick Vande Walle ISOC Staff: Leslie Daigle (remote), Frederic Donck, Lucy Lynch, Karen Rose Internet Technical Community Representatives: Russ Housley (Internet Engineering Task Force chair), Olaf Kolkmann (Internet Architecture Board chair), Danny McPherson (Internet Architecture Board) Subject Experts: Levi Gundert (Team Cymru), Dick Hardt (Sxip Identity), RL “Bob” Morgan (Internet 2, University of Washington), Mikko Särelä (Nomadic- Lab) Work has continued after this workshop as Lucy explain, and many individuals are involved in identity work in the IETF (including Kerberos work) have been and are involved. They for example include Leif Johansson that is a long time IETF participant. The whole goal with this project is to coordinate, and explain what's up. But, I also see that you seem to be interested in helping, and I thank you for that. ;-) Patrik On 1 mar 2009, at 18.59, Hannes Tschofenig wrote: As you might have noticed, the WebSSO Identity Management space is not running out of organizations and groups. Someone could, for example, come up with the question why ISOC did not join the MIT Kerberos Consortium (see http://www.kerberos.org/), as Kerberos is a technology developed within the IETF, or to support technologies like OpenID, OAuth, etc. that are closer to the Internet deployment. I am sure your team had a lot of conversations with the IAB on what direction would be better for the Internet (with respect to the creation of an identity layer) but I fear that many in the IETF community are at best not informed about what you are doing and why you believe that this is heading into the right direction. If ISOC wants to understand what managed identity will mean for end users then maybe a discussion within the IETF would help to get a better understanding as some of us have been working on this subject for a while. One could even claim that the IETF is also a pretty open forum to discuss these types of things, particularly when they have a high relevance for the Internet. Did nobody come up with the idea about how the IETF could be more actively involved in this space? Ciao Hannes -Original Message- From: Lucy Lynch [mailto:lly...@civil-tongue.net] Sent: 01 March, 2009 19:30 To: Hannes Tschofenig Cc: ietf@ietf.org Subject: Re: Internet Society joins Liberty Alliance Management Board: Why? On Sat, 28 Feb 2009, Hannes Tschofenig wrote: I would like to hear a bit more background about these activities, see https://www.projectliberty.org/news_events/press_releases/ internet_soc iety_j oins_liberty_alliance_management_board Hannes - ISOC hat on As stated in the press release, ISOC has joined the the Liberty Alliance Board. Our participation here is directly related to the ISOC initiative on Trust and Identity (T/Id). Our primary interest is not just the Liberty Alliance itself but a proposed transition to a broader organization. This effort is currently called either IDTBD or NewOrg in the community discussions. The intent is to open participation to new entrants and technologies and NewOrg will also help represent emerging identity management work to end-users, policymakers, enterprise adopters, and others. ISOC has been actively reaching out to many of the current identity technology communities as part of our effort to understand what managed identity will mean for end users. We also have some interest in how the frameworks and use cases developing in user managed identity communities may overlap and inform more traditional networked identity/identifier problems. I believe that ISOC support
Re: Internet Society joins Liberty Alliance Management Board: Why?
Dave, On 2009-03-02 07:17, Dave CROCKER wrote: ... What is particularly interesting to me, about this line of comment, is not whether the relevant IETF-based technologies are superior or whether Can you point me to the IETF WG(s) that are considering identity management as a whole? I know there was the DIX BOF at IETF 65, but since then?? I think this is relevant to your very valid question below. I'd be mighty offended if ISOC signed up to an area of standards activity that overlapped with the IETF without a full and open discussion. But when it's an area that *is* relevant to the Internet, but that the IETF appears to have passed on, it's less clear what the discussion would achieve. More below... an ISOC alliance with an industry Alliance was the right thing to do. There can -- and probably should -- be focussed debate about such questions. But only within a larger context that I'd like to raise: Should there be more or different ISOC/IETF dialogue, when ISOC is pursuing a strategic topic that is relevant to the IETF? The IETF/ISOC relationship has changed dramatically, in recent years, primarily in terms of ISOC involvement in IETF management and funding. What I do not recall seeing is whether there should be changes in the involvement of the IETF in ISOC activities.[1] An easy example is exactly the sort of involvement being implied by the current thread: When ISOC is choosing to take a strategic action, should it seek public discussion within the IETF? Actually, it's written in the IAB charter that: The IAB acts as a source of advice and guidance to the Board of Trustees and Officers of the Internet Society concerning technical, architectural, procedural, and (where appropriate) policy matters pertaining to the Internet and its enabling technologies. If necessary the IAB may convene panels of knowledgeable people, hold hearings, and otherwise pursue the investigation of specific questions or topics presented to it by the Internet Society. So I'd say it's clear what should happen: ISOC should ask the IAB, and the IAB, in the spirit of openness, should raise discussion within the IETF. Personal opinion: I was never too happy, while I was in the IAB or IESG, that this channel was working as well as it should. But as you say: Public discussion is messy and IETF-wide consensus is virtually impossible to obtain for any interesting topic. So I'm not at all suggesting that ISOC depend upon gaining that from the IETF. Still, public discussion can surface useful information and opinion. Let me stress: I don't intend this as criticism. As things change, we gain insight. The exchange surfaced an issue that struck me as interesting and potentially useful, and worth pursuing among the ISOC and IETF communities. Agreed. Brian d/ [1] Side note: The list of ISOC Board of Trustees at: http://www.isoc.org/isoc/general/trustees/board.php does not indicate the constituency or selection mechanism that chose particular Trustees; it would be helpful to see that included in the list, to understand whether they are ex officio, elected by from a region, or the like. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
Brian E Carpenter wrote: Dave, On 2009-03-02 07:17, Dave CROCKER wrote: ... What is particularly interesting to me, about this line of comment, is not whether the relevant IETF-based technologies are superior or whether Can you point me to the IETF WG(s) that are considering identity management as a whole? I know there was the DIX BOF at IETF 65, but since then?? Brian, A fair question, but Identity management seems to have varied meanings, depending on who is discussing it. There is, for example, a good argument that any authentication activity is part of, or involves, ID mgmt. So OpenPGP, S/MIME, DKIM, TLS and the emerging OAuth acitivities come to mind. So does DNS... But when it's an area that *is* relevant to the Internet, but that the IETF appears to have passed on, it's less clear what the discussion would achieve. passed on? huh? when did we do that? In any event, if it something ISOC considers worth making a strategic relationship about, and it is likely to entail Internet technical standards, then it would be strange to have the IETF skip dealing with it. An easy example is exactly the sort of involvement being implied by the current thread: When ISOC is choosing to take a strategic action, should it seek public discussion within the IETF? ... So I'd say it's clear what should happen: ISOC should ask the IAB, and the IAB, in the spirit of openness, should raise discussion within the IETF. sounds like a plan. Let me stress again that I wasn't offering criticism. I think that the IETF has historically been the source of initiatives that it participates in, and that this appears to be something different. That makes it worth exploring a bit. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
On 2009-03-02 10:21, Dave CROCKER wrote: Brian E Carpenter wrote: Dave, On 2009-03-02 07:17, Dave CROCKER wrote: ... What is particularly interesting to me, about this line of comment, is not whether the relevant IETF-based technologies are superior or whether Can you point me to the IETF WG(s) that are considering identity management as a whole? I know there was the DIX BOF at IETF 65, but since then?? Brian, A fair question, but Identity management seems to have varied meanings, depending on who is discussing it. There is, for example, a good argument that any authentication activity is part of, or involves, ID mgmt. So OpenPGP, S/MIME, DKIM, TLS and the emerging OAuth acitivities come to mind. So does DNS... But when it's an area that *is* relevant to the Internet, but that the IETF appears to have passed on, it's less clear what the discussion would achieve. passed on? huh? when did we do that? Well, what I mean is that the IETF did what it normally does (and this is not a criticism): chose to work on various bits and pieces (as you list above) but *not* to work on a general framework. Whatever people think about the Liberty Alliance, or efforts like Shibboleth, they are trying to look at the big picture. This assertion is a couple of years out of date, but people I knew who are experts in the identity management area never thought that the IETF was relevant except as a source of atomic components. Brian In any event, if it something ISOC considers worth making a strategic relationship about, and it is likely to entail Internet technical standards, then it would be strange to have the IETF skip dealing with it. An easy example is exactly the sort of involvement being implied by the current thread: When ISOC is choosing to take a strategic action, should it seek public discussion within the IETF? ... So I'd say it's clear what should happen: ISOC should ask the IAB, and the IAB, in the spirit of openness, should raise discussion within the IETF. sounds like a plan. Let me stress again that I wasn't offering criticism. I think that the IETF has historically been the source of initiatives that it participates in, and that this appears to be something different. That makes it worth exploring a bit. d/ ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
Brian Taking a loose view of the OSI 7 layer stack for a moment - is there any group that's looking at more than 3 layers? Identity, as you know, can be at layer2 for link access sign on (the IEEE is addressing this area). There's identity associated to an IP address. There's identity associated with security principles within a VPN or TLS connection. Then there's all the identity related stuff happening at the applications layer. SIP has a few RFCs about this already, and more WG IDs in progress now. I'm not being a SIP bigot - but RAI is heavily influenced by what occurs in SIP, and they have RFC 4474 (SIP Identity) already. Where would a euphoric single sign-on (covering each of the above) be worked on in the IETF? Is that a WG or an Area? Hannes and I are but two working on IDs in this space - and have been for years, and because this topic is (either) so diluted or so spread out - it's hard to gain traction with many of its aspects - because of the lack of focus within any one WG or Area. With this, I don't necessarily believe that because we don't have a WG now, identity should be worked somewhere else. I believe identity should be view in both lower layer terms, as well as higher layer terms. This is certainly true within a lot of vendor's product focuses (it's at the link/network layer, or the application signaling layer). A distinct discussion is needed within the IETF on this topic IMO (which I guess is either a +1 to Hannees or a +1 to Dave's point(s)). James At 03:04 PM 3/1/2009, Brian E Carpenter wrote: Dave, On 2009-03-02 07:17, Dave CROCKER wrote: ... What is particularly interesting to me, about this line of comment, is not whether the relevant IETF-based technologies are superior or whether Can you point me to the IETF WG(s) that are considering identity management as a whole? I know there was the DIX BOF at IETF 65, but since then?? I think this is relevant to your very valid question below. I'd be mighty offended if ISOC signed up to an area of standards activity that overlapped with the IETF without a full and open discussion. But when it's an area that *is* relevant to the Internet, but that the IETF appears to have passed on, it's less clear what the discussion would achieve. More below... an ISOC alliance with an industry Alliance was the right thing to do. There can -- and probably should -- be focussed debate about such questions. But only within a larger context that I'd like to raise: Should there be more or different ISOC/IETF dialogue, when ISOC is pursuing a strategic topic that is relevant to the IETF? The IETF/ISOC relationship has changed dramatically, in recent years, primarily in terms of ISOC involvement in IETF management and funding. What I do not recall seeing is whether there should be changes in the involvement of the IETF in ISOC activities.[1] An easy example is exactly the sort of involvement being implied by the current thread: When ISOC is choosing to take a strategic action, should it seek public discussion within the IETF? Actually, it's written in the IAB charter that: The IAB acts as a source of advice and guidance to the Board of Trustees and Officers of the Internet Society concerning technical, architectural, procedural, and (where appropriate) policy matters pertaining to the Internet and its enabling technologies. If necessary the IAB may convene panels of knowledgeable people, hold hearings, and otherwise pursue the investigation of specific questions or topics presented to it by the Internet Society. So I'd say it's clear what should happen: ISOC should ask the IAB, and the IAB, in the spirit of openness, should raise discussion within the IETF. Personal opinion: I was never too happy, while I was in the IAB or IESG, that this channel was working as well as it should. But as you say: Public discussion is messy and IETF-wide consensus is virtually impossible to obtain for any interesting topic. So I'm not at all suggesting that ISOC depend upon gaining that from the IETF. Still, public discussion can surface useful information and opinion. Let me stress: I don't intend this as criticism. As things change, we gain insight. The exchange surfaced an issue that struck me as interesting and potentially useful, and worth pursuing among the ISOC and IETF communities. Agreed. Brian d/ [1] Side note: The list of ISOC Board of Trustees at: http://www.isoc.org/isoc/general/trustees/board.php does not indicate the constituency or selection mechanism that chose particular Trustees; it would be helpful to see that included in the list, to understand whether they are ex officio, elected by from a region, or the like. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list
Re: Internet Society joins Liberty Alliance Management Board: Why?
On 1 mar 2009, at 22.21, Dave CROCKER wrote: In any event, if it something ISOC considers worth making a strategic relationship about, and it is likely to entail Internet technical standards, then it would be strange to have the IETF skip dealing with it. As Lycy said, we in ISOC BoT do believe identity management (without specifying what it is, because we see that being part of the initiative, to be open ended) is very important. As many people have mentioned, IETF and other technical organisations as well as governments and regulators have tried to define what it really is. We start to get regulation here and there that we believe is not matching technical reality, so at least more communication is needed. If possible, organisations should coordinate their efforts, individuals should meet and influence each other. Etc. But, back to the initiative itselfas an example of how ISOC works. We do have open board meetings (including remote participation), and two of the meetings each year is adjacent to the IETF just so IETF people can come. (The third face to face board meeting is adjacent with the ICANN meeting.) At the board meeting, of course various projects that are run is described and discussed. Next board meeting is weekend after the IETF in San Francisco. And you can see minutes as well as agenda for past board meetings on the ISOC BoT corner of the ISOC website: http://www.isoc.org/isoc/general/trustees/meetings.shtml As part of that, you can find the plan presented in november: http://www.isoc.org/isoc/general/trustees/docs/nov2008/businessplan-budget.pdf See pages 13, 23-25 etc. Specifically on page 23, you will see regarding this area: Key 2009 objectives for the success of the program to Manage Trust Relationships include: - Publication of Identity baseline studies, such as: -- a public report based on broad consultation with representations from the Identity technology communities, ISOC members, the IETF, and the IAB (Q2 2009); -- a technical report (Internet Draft) submitted to the IETF describing the current state of identity technologies and any existing dependencies on Internet Protocols (Q2-2009); [etc] So I do not think IETF should be the slightest worried ISOC is doing something here without coordination. And without visibility to the IETF. And the more people in IETF is interested on this more meta-level- work than bits on the wire, the higher the quality will be of the work ISOC does. Just contact Lucy! Regards, Patrik PGP.sig Description: This is a digitally signed message part ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
Patrik Fältström wrote: So I do not think IETF should be the slightest worried ISOC is doing something here without coordination. And without visibility to the IETF. I don't know about anyone else, but I wasn't expressing worry. I was noting that the activity wasn't discussed with the broader IETF beforehand and that such a discussion before making strategic decisions can be useful. I'll stress again that I'm not crazy enough to think that the IETF plenary should have a veto on ISOC choices, but merely that pro-active (pre-hoc, rather than post-hoc) discussion could be productive. Brian E Carpenter wrote: people I knew who are experts in the identity management area never thought that the IETF was relevant except as a source of atomic components. A significant -- and probably insightful -- assessment of the IETF... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
snip So I do not think IETF should be the slightest worried ISOC is doing something here without coordination. And without visibility to the IETF. And the more people in IETF is interested on this more meta-level-work than bits on the wire, the higher the quality will be of the work ISOC does. Just contact Lucy! Regards, Patrik Yes please! lynch @ isoc.org or find me in SF and I'd be happy to chat. - Lucy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
My concern regarding this announcement is the fact that it gives support to a misguided effort by Liberty Alliance. I think it is somewhat irresponsible for the ISOC to actively support an effort without first engaging the community at large to fully understand the dynamics of the identity communities involved. The people behind the IDtbd effort have been going around trying to sell this effort for a while. The reality is that at this point, the communities behind two of the most successful identity related protocols, OAuth and OpenID, have rejected this effort by Liberty, including many of the individual companies that support these communities. I find it personally offensive that Liberty have been going behind the OAuth's community's back trying get corporations to move their OAuth and OpenID efforts to IDtbd instead of the communities that drive these efforts forward. IDtbd is an effort to create a full-blown standard body to manage all identity related protocols, with its own set of IPR rules, process, and governance. They seek to nullify existing communities by positioning themselves as the authority in the space. Supporting this effort directly contradicts the current IETF effort to form an OAuth working group. EHL ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
On 2 mar 2009, at 04.12, John C Klensin wrote: I am not suggesting trying to undo this decision, but believe that, as ISOC adds sufficient technically-qualified staff to engage in activities like this on its own, we need to work, collectively, on better ways to facilitate communication in a timely basis in the future. In particular, we need to work fairly hard to avoid a situation in which the IETF and ISOC end up with different positions on an issue with external visibility and consequences. To do so would damage the credibility of all concerned. This I completely agree with, we have to avoid such situations. But we have to also to work hard on not to create a chicken out of a feather. Instead learn and do things even better next time. Regarding Liberty Alliance, I think we should let Lucy coordinate some more information for the IETF that can be presented in due time. As she said, she will (as well as I) be in San Francisco and we are all happy to talk. Patrik PGP.sig Description: This is a digitally signed message part ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
Hannes Tschofenig wrote: I would like to hear a bit more background about these activities, see https://www.projectliberty.org/news_events/press_releases/internet_society_j oins_liberty_alliance_management_board Hannes, that is a very good question. I look forward to clarification from the appropriate authorities. Peter -- Peter Saint-Andre https://stpeter.im/ smime.p7s Description: S/MIME Cryptographic Signature ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Internet Society joins Liberty Alliance Management Board: Why?
What does this mean? What documents are formative? Informative? Many others? - Original Message - From: ietf-boun...@ietf.org ietf-boun...@ietf.org To: Hannes Tschofenig hannes.tschofe...@gmx.net Cc: ietf@ietf.org ietf@ietf.org Sent: Sat Feb 28 17:26:43 2009 Subject: Re: Internet Society joins Liberty Alliance Management Board: Why? Hannes Tschofenig wrote: I would like to hear a bit more background about these activities, see https://www.projectliberty.org/news_events/press_releases/internet_society_j oins_liberty_alliance_management_board Hannes, that is a very good question. I look forward to clarification from the appropriate authorities. Peter -- Peter Saint-Andre https://stpeter.im/ ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf