Hi Eric,
On Friday, May 17, 2002 2:44 AM Eric Brunner-Williams in Portland Maine
wrote:
Eric Brunner-Williams in Portland Maine writes:
> At the November P3P f2f a vendor took the position that
> policy evaluation was actually much more complex than
> advertized (true), and another vendor took the position that
> policies should be expressed without reference to a DOM
> tree, and be carried in-band. At the conclusion of that
> meeting, compact representations on state management
> mechanism instances entered the P3P spec.
<snip>
> A representation format is useful. It could be in ASN.1, in
> XML, in BNF, and it could even be expressed as a MIB. There
> are a lot of choices.
This is true. I also have a preference for XML, as long as we
also have in mind that a compact encoding will perhaps be also
needed, ...
> An event model is useful. It could be asymmetric. It could
> be symmetric. There are a lot of choices.
How would this event model work in our context? Is that in the
scope of our discussions?
> A group or address-equivalence model is useful. It could be
> a GIPC built on unicast, it could be multicast. There are a
> lot of choices.
You mean the GIPC of http://www.opengroup.org/RI/technologies/gipc/?
I would rather take the draft: "Securing Group Management in IPv6 with
Cryptographically Generated Addresses" of C. Castelluccia and
G. Montenegro (draft-irtf-gsec-sgmv6-00.txt). But we are not so far now.
> Another bit of related tech is APPEL, spun off from P3P,
> November '00.
I know APPEL. How can it help us?
> Half the time I don't know where I am. The other half the
> time I don't know what time it is.
>
> I'd like locality representation format(s)
> and
> I'd like temporal representation format(s)
> and
> I'd like representation peering mechanism(s)
> and
> I'd like convergence mechanism(s)
> and
> I'd like interface(s) to AAA mechanism(s)
Yes, and to privacy enhancement AAA mechanisms.
But what are the convergence mechanisms? Negotiation
of formats, etc?
> [Basically, I'd like an NLP that looks and smells like NTP, with simple
and
> secure variants, having zippo to do with GPS or carrier network
knowledge,
> except as one possible, non-authoritative, source of l-and/or-t data, and
> capable of supporting j-random policy requirements, as opposed to being
> just their weak pseudo-technical restatements.]
I don't think I understood... Can you help me?
Regards,
Jorge
--------------------------------------------
Dr. Jorge R Cuellar T +49 89 636-47 585
Security
CT IC 3
Siemens jorge.cuellar@mchp.siemens.de
----------------------------------------------
Received on Wed May 22 17:04:10 2002
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:23 EST