[DG-IDoT] Common identity standard

Nat Sakimura sakimura at gmail.com
Fri Jul 24 05:12:43 CDT 2015


Just a background on my comment "The device manufacutrer creates a good
keypair and embeds the private key ".

Often, in constrained environments, you would not have an access to a good
random. So, having unconstrained device creating the key may be better for
those device.

Per Richard's point about memory size etc. Yes, but memory and cpu power
constrained it getting less of an issue going forward, it seems, than the
radio and power constraint.


2015-07-24 18:28 GMT+09:00 Richard Baker-Donnelly <
richard at baker-donnelly.org>:

> An observation from a lurker to this group.  If you are looking to connect
> non ip devices, you also need to consider their memory and cpu constraints.
>   If you are running in a low power device with only 2-4k of ram even
> building an encrypted packet will blow your available memory.
>
> I also suggest that thought is given as to how the identity of such
> devices can be proxied and this may need to consider guidance or principles
> for evaluating the risks and threats and how to position this with the
> overall application.
>
> I would like to engage more in this conversation but the Friday afternoon
> timing of the call is not helpful given my current role.
>
> Regards
>
> Richard Baker
>
> Sent from my iPhone. Please excuse spelling mistakes.
>
>
>
> On 24 Jul 2015, at 09:56, Nat Sakimura <sakimura at gmail.com> wrote:
>
> Yeah, it is nice, but WSDL would be too big.
> Remember that sending 1 byte over the radio takes as much power as
> encrypting 1000 bytes. Also, memory and processing power is becoming cheap,
> so in IoT context, we should probably treat "minimizing the radio packet"
> as the priority.
>
> As to the identification of the things are cocerned, the viable model that
> I imagine is as follows:
>
>
>    1. The device manufacutrer creates a good keypair and embeds the
>    private key (and its key thumbprint) in the device.
>    2. For device authentication, use the key to sign the message.
>
> Nat
>
>
> 2015-07-22 1:33 GMT+09:00 Aninda Bhunia <abhunia at inc38.com>:
>
>> It would be interesting if we could create a standard that would allow
>> even non IP devices to publish their identity through a wsdl type
>> structure. Even if they are non IP at some point in their upwards
>> relationship hierarchy their master gateway would be IP based and could be
>> responsible for publishing the identity wsdls for the entities it brokers.
>> Thoughts ?
>> On Jul 21, 2015 11:52 AM, "Joni Brennan" <joni at kantarainitiative.org>
>> wrote:
>>
>>> Noting I have no vote =)
>>>
>>> I agree with Paul and others regarding discovery as the key initial
>>> mechanism.  I believe Ingo has also noted this in the summaries from IDoT.
>>> Sal mentions NMAP / SNMP are there other exiting approaches?  (apologies if
>>> this has been discussed in detail already)
>>>
>>> - Joni
>>>
>>> Best Regards,
>>>
>>> Joni Brennan
>>> Kantara Initiative | Executive Director
>>> email: joni @ kantarainitiative.org
>>>
>>> Connecting Identity for a more trustworthy Internet - Overview
>>> <http://www.slideshare.net/kantarainitiative/kantara-overview2014-37969351>
>>>
>>>
>>>
>>>
>>> On Tue, Jul 21, 2015 at 8:42 AM, Salvatore D'Agostino <
>>> sal at idmachines.com> wrote:
>>>
>>>> Other than ip devices?  In that case there are mechanisms support
>>>> scanning ( eg NMAP) or SNMP that have been around for a while these are
>>>> typically not exactly API friendly but do provide a starting point and we
>>>> make good use in our offerings.
>>>>
>>>> Salvatore D'Agostino
>>>> IDmachines LLC |1264 Beacon Street, #5
>>>> Brookline, MA. 02446 | USA
>>>> http://www.idmachines.com
>>>>
>>>> On Jul 21, 2015, at 10:46 AM, Paul Madsen <pmadsen at pingidentity.com>
>>>> wrote:
>>>>
>>>> (one of) what is needed is a standardized mechanism for devices to
>>>> present their identity (and those humans for which they are acting) to
>>>> other things, cloud endpoints & applications
>>>>
>>>>
>>>>
>>>> On 7/16/15 2:38 PM, Ranjan Jain (ranjain) wrote:
>>>>
>>>> Hey y’all,
>>>>  Hope everyone is doing well. Just wanted to bounce a question which
>>>> I’m consistently getting asked around Identity, IoT perspective. Is there
>>>> any industry standard in place or in works which can be used as a common
>>>> standard across multiple identities. What I mean by this is that humans
>>>> have SSN as an identity while a thermostat may have serial number while a
>>>> network device may have a Mac ID as their identity. So, while individually
>>>> they all have their own identity standard, when in the IoT world, all these
>>>> entities start interacting with each other, how do we translate one
>>>> identity into another or how will one identity interact with another
>>>> identity in a standards way?
>>>>
>>>>  Thanks
>>>> Ranjan
>>>>
>>>>
>>>>
>>>>       *Ranjan Jain*
>>>> ARCHITECT.IT
>>>> Information Technology
>>>> ranjain at cisco.com
>>>> Phone: *+1 408 853 4396 <%2B1%20408%20853%204396>*
>>>> Mobile: *+1 408 627 9538 <%2B1%20408%20627%209538>*
>>>>
>>>> *Cisco Systems, Inc.*
>>>> 400 East Tasman Drive
>>>> San Jose
>>>> California
>>>> 95134
>>>> United States
>>>> Cisco.com <http://www.cisco.com/>
>>>>
>>>>      Think before you print.
>>>>
>>>> This email may contain confidential and privileged material for the
>>>> sole use of the intended recipient. Any review, use, distribution or
>>>> disclosure by others is strictly prohibited. If you are not the intended
>>>> recipient (or authorized to receive for the recipient), please contact the
>>>> sender by reply email and delete all copies of this message.
>>>>
>>>>
>>>> _______________________________________________
>>>> DG-IDoT mailing listDG-IDoT at kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/dg-idot
>>>>
>>>>
>>>> _______________________________________________
>>>> DG-IDoT mailing list
>>>> DG-IDoT at kantarainitiative.org
>>>> http://kantarainitiative.org/mailman/listinfo/dg-idot
>>>>
>>>>
>>>> _______________________________________________
>>>> DG-IDoT mailing list
>>>> DG-IDoT at kantarainitiative.org
>>>> http://kantarainitiative.org/mailman/listinfo/dg-idot
>>>>
>>>>
>>>
>>> _______________________________________________
>>> DG-IDoT mailing list
>>> DG-IDoT at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/dg-idot
>>>
>>>
>> _______________________________________________
>> DG-IDoT mailing list
>> DG-IDoT at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/dg-idot
>>
>>
>
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
> _______________________________________________
> DG-IDoT mailing list
> DG-IDoT at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/dg-idot
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/dg-idot/attachments/20150724/9a05ea9a/attachment-0001.html>


More information about the DG-IDoT mailing list