RE: [802.21] Security SG: Definition of Administrative Domain
Yoshi,
Based on the discussions we had in HOKEY last week, I am not sure this
is a good definition.
Why would we want to say that end systems are assumed to interoperate
with mutual trust? That is not true today in a AAA based administrative
domain. Besides, we probably should look at the definition of a 'key
management domain', rather than an 'administrative domain'.
It may be easier to find a definition if we scope it down to the
context.
- gabor
-----Original Message-----
From: ext Yoshihiro Ohba [mailto:yohba@TARI.TOSHIBA.COM]
Sent: Wednesday, December 05, 2007 6:16 PM
To: STDS-802-21@LISTSERV.IEEE.ORG
Subject: [802.21] Security SG: Definition of Administrative Domain
We have a home work raised in November meeting to revise the definition
of Administrative Domain (AD).
RFC 1136 has a good definition of AD. Here is revised definition of AD
with borrowing and slightly modifying text in RFC 1136:
"
Administrative Domain
A collection of End Systems, Intermediate Systems, and authority.
The components which make up the domain are assumed to interoperate
with a significant degree of mutual trust among themselves, but
interoperate with other Administrative Domains in a mutually
suspicious manner.
Administrative Domains can be organized into a loose hierarchy
that reflects the availability and authoritativeness of
authentication and authorization information. This hierarchy does
not imply administrative containment, nor does it imply a strict
tree topology.
"
I believe this addresses all issues related to administrative domain
definition.
Comments?
Yoshihiro Ohba