Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [802.21] Security SG: Definition of Administrative Domain



Yoshi,

Based on the discussions we had in HOKEY last week, I am not sure this
is a good definition. 

Why would we want to say that end systems are assumed to interoperate
with mutual trust? That is not true today in a AAA based administrative
domain. Besides, we probably should look at the definition of a 'key
management domain', rather than an 'administrative domain'. 

It may be easier to find a definition if we scope it down to the
context.

- gabor

-----Original Message-----
From: ext Yoshihiro Ohba [mailto:yohba@TARI.TOSHIBA.COM] 
Sent: Wednesday, December 05, 2007 6:16 PM
To: STDS-802-21@LISTSERV.IEEE.ORG
Subject: [802.21] Security SG: Definition of Administrative Domain

We have a home work raised in November meeting to revise the definition
of Administrative Domain (AD).

RFC 1136 has a good definition of AD.  Here is revised definition of AD
with borrowing and slightly modifying text in RFC 1136:

"
Administrative Domain

  A collection of End Systems, Intermediate Systems, and authority.
  The components which make up the domain are assumed to interoperate
  with a significant degree of mutual trust among themselves, but
  interoperate with other Administrative Domains in a mutually
  suspicious manner.

  Administrative Domains can be organized into a loose hierarchy
  that reflects the availability and authoritativeness of
  authentication and authorization information.  This hierarchy does
  not imply administrative containment, nor does it imply a strict
  tree topology.
"

I believe this addresses all issues related to administrative domain
definition.

Comments?

Yoshihiro Ohba