[Isms] Multiple user namespaces (was RE: pre11 comments)

To: <isms at ietf.org>
Subject: [Isms] Multiple user namespaces (was RE: pre11 comments)
From: "David B. Nelson" <d.b.nelson at comcast.net>
Date: Mon, 28 Jul 2008 10:06:38 -0400
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <20080728111952.GB7785@elstar.local>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <sdskuqwoli.fsf@wes.hardakers.net><200807040057.m640v5DL015394@grapenut.srv.cs.cmu.edu><ED7BF45E5D16B2A3ECD2E782@atlantis.pc.cs.cmu.edu><20080724071719.GA5011@elstar.local><153AB67386CBEFDB61867CE0@atlantis.pc.cs.cmu.edu><200807241246.m6OCjgDE013865@raisinbran.srv.cs.cmu.edu><BAD73561504C83A3F8959045@atlantis.pc.cs.cmu.edu><E465D77D24FC49EF968184764165BCC5@xpsuperdvd2><002801c8edc8$d4a9d080$6801a8c0@oemcomputer><sdod4i75sx.fsf@wes.hardakers.net> <20080728111952.GB7785@elstar.local>
Sender: isms-bounces at ietf.org
Thread-index: Acjwo/fuj0hiwZKeRnekwbzscYpqVwAFjHLQ

Changing the subject line...

Juergen Schoenwaelder writes...

> I assume we more or less agree that we have to be able to
> differentiate between names coming from different secure transport
> models. Any violent disagreement with this statement?

Yes.  I disagree.  This has nothing to do with different secure transport
models and everything to do with the underlying source of user identity.
The "tagging" needed to disambiguate the usernames needs to be tied not to
the protocol but to the source or identity, e.g. an administrative realm.
When the source of identity is the local database of the secure transport
implementation, we take the shortcut (incorrect, IMHO) of "tagging" with the
protocol name.
 
> If the above is correct, then question seems to be whether a) we by
> default make all the names different leaving it to explicit
> configuration to treat them the same if needed or b) we make them by
> default the same leaving it to explicit configuration to make them
> different where needed. Is this a fair statement?

That is certainly one decision to be made.

Another is the source, syntax and semantics of the "tagging" information.


_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] Multiple user namespaces (was RE: pre11 comments)
  - From: Juergen Schoenwaelder

References:
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: Jeffrey Hutzelman
- Re: [Isms] pre11 comments
  - From: Juergen Schoenwaelder
- Re: [Isms] pre11 comments
  - From: Jeffrey Hutzelman
- Re: [Isms] pre11 comments
  - From: Jeffrey Hutzelman
- Re: [Isms] pre11 comments
  - From: David B. Nelson
- Re: [Isms] pre11 comments
  - From: Randy Presuhn
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: Juergen Schoenwaelder

Prev by Date: [Isms] Multiple user namespaces (was RE: pre11 comments)
Next by Date: Re: [Isms] Multiple user namespaces (was RE: pre11 comments)
Previous by thread: Re: [Isms] pre11 comments
Next by thread: Re: [Isms] Multiple user namespaces (was RE: pre11 comments)
Index(es):
- Date
- Thread

[Isms] Multiple user namespaces (was RE: pre11 comments)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.