[DG-IDoT] Common identity standard

Alessandro Festa afesta at alfweb.com
Fri Jul 24 06:34:27 CDT 2015


Hi Nat,related to the private key embeded by manufacturer I am wondering who would embed what in the case of a multi-manufacturer.use case:1) thing created by original manufacturer : embed a priv key2) thing crafted/customized (oem) by second manufacturer : embed a priv key
when thing will need to act on behalf I expect to reflect a 1 to many relationship at this point and so I'll need as user to decide the degree of relationship between the various keys or only one single key pair will be allowed and this means we need to define a hierarchical policy to decide who will embed what.
I immagine an onion ring model based on user consent and relationship constrain: user to seller, seller to manufacturer (original or oem), manufacturer (oem) to manufacturer

Alex -Alessandro Festa 
website:http://alfweb.comtwitter:@festaatdellemail:afesta@alfweb.com 


     Il Venerdì 24 Luglio 2015 13:10, Paul Madsen <pmadsen at pingidentity.com> ha scritto:
   
 

  Hi nat, I would follow on to your steps below
 
 On 7/24/15 4:56 AM, Nat Sakimura wrote:
  
 Yeah, it is nice, but WSDL would be too big.  Remember that sending 1 byte over the radio takes as much power as encrypting 1000 bytes. Also, memory and processing power is becoming cheap, so in IoT context, we should probably treat "minimizing the radio packet" as the priority.  
  As to the identification of the things are cocerned, the viable model that I imagine is as follows:  
      
   - The device manufacutrer creates a good keypair and embeds the private key (and its key thumbprint) in the device.    
 
   - For device authentication, use the key to sign the message.    
 
   
 When acting on behalf of a user
 
 3. Authenticated user facilitates delivery of tokens to device
 4. Device authenticates to AS using embedded keys in order to obtain tokens
 5. Device uses tokens to authenticate to cloud endpoints, other device etc
 
 Tokens thereby reflect 'relationship' of user & device
 
   Nat  
   
 2015-07-22 1:33 GMT+09:00 Aninda Bhunia <abhunia at inc38.com>:
 
 It would be interesting if we could create a standard that would allow even non IP devices to publish their identity through a wsdl type structure. Even if they are non IP at some point in their upwards relationship hierarchy their master gateway would be IP based and could be responsible for publishing the identity wsdls for the entities it brokers.
 Thoughts ?   On Jul 21, 2015 11:52 AM, "Joni Brennan" <joni at kantarainitiative.org> wrote:
 
 Noting I have no vote =) 
  I agree with Paul and others regarding discovery as the key initial mechanism.  I believe Ingo has also noted this in the summaries from IDoT.  Sal mentions NMAP / SNMP are there other exiting approaches?  (apologies if this has been discussed in detail already) 
  - Joni  
       Best Regards,
  
 Joni Brennan
 Kantara Initiative | Executive Director
 email: joni @ kantarainitiative.org
 
  Connecting Identity for a more trustworthy Internet - Overview
 
  
 
       
 On Tue, Jul 21, 2015 at 8:42 AM, Salvatore D'Agostino <sal at idmachines.com> wrote:
 
  Other than ip devices?  In that case there are mechanisms support scanning ( eg NMAP) or SNMP that have been around for a  while these are typically not exactly API friendly but do provide a starting point and we make good use in our offerings.
 
 Salvatore D'Agostino IDmachines LLC |1264 Beacon Street, #5 Brookline, MA. 02446 | USA http://www.idmachines.com     
 On Jul 21, 2015, at 10:46 AM, Paul Madsen <pmadsen at pingidentity.com> wrote:
 
  
  (one of) what is needed is a standardized mechanism for devices to present their identity (and those  humans for which they are acting) to other things, cloud endpoints & applications
 
 
 
 On 7/16/15 2:38 PM, Ranjan Jain (ranjain) wrote:
  
 Hey y’all, Hope everyone is doing well. Just wanted to bounce a question which I’m consistently getting  asked around Identity, IoT perspective. Is there any industry standard in place or in works which can be used as a common standard across multiple  identities. What I mean by this is that humans have SSN as an identity while a thermostat may have serial number while a network device may have a Mac ID  as their identity. So, while individually they all have their own identity standard, when in the IoT world, all these entities start interacting with  each other, how do we translate one identity into another or how will one identity interact with another identity in a standards way? 
  Thanks Ranjan 
    
  
 
|  
|  |
|  Ranjan Jain
 ARCHITECT.IT
 Information Technology
 ranjain at cisco.com
 Phone: +1 408 853 4396
 Mobile: +1 408 627 9538
   |  Cisco Systems, Inc.
 400 East Tasman Drive
 San Jose
 California
 95134
 United States
 Cisco.com
   |
| 
  |

 
|  Think before you print. |
|  This email may contain confidential  and privileged material for the sole use of the intended  recipient. Any review, use, distribution  or disclosure by others is  strictly prohibited. If you are not  the intended recipient (or  authorized to receive for the  recipient), please contact the sender by reply email and delete all  copies of this message.  |

  |

    
  
 _______________________________________________
DG-IDoT mailing list
DG-IDoT at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idot
 
 
  
 
 _______________________________________________
 DG-IDoT mailing list
 DG-IDoT at kantarainitiative.org
 http://kantarainitiative.org/mailman/listinfo/dg-idot
  
    
_______________________________________________
 DG-IDoT mailing list
 DG-IDoT at kantarainitiative.org
 http://kantarainitiative.org/mailman/listinfo/dg-idot
 
 
  
  
 _______________________________________________
 DG-IDoT mailing list
 DG-IDoT at kantarainitiative.org
 http://kantarainitiative.org/mailman/listinfo/dg-idot
 
 
    
 _______________________________________________
 DG-IDoT mailing list
 DG-IDoT at kantarainitiative.org
 http://kantarainitiative.org/mailman/listinfo/dg-idot
 
 
  
 
 
  -- 
 Nat Sakimura (=nat) Chairman, OpenID Foundation
 http://nat.sakimura.org/
 @_nat_en   
  
 _______________________________________________
DG-IDoT mailing list
DG-IDoT at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idot
 
 
 
_______________________________________________
DG-IDoT mailing list
DG-IDoT at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idot


 
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/dg-idot/attachments/20150724/36e07635/attachment-0001.html>


More information about the DG-IDoT mailing list