Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [802.21] Security SG: Definition of Administrative Domain



<Snip>
We can wait and see how HOKEY defines it. But is it not true that within 
an administrative
domain (a.k.a. Security Domain), there will be some trust relationships?

regards,
-Subir

Gabor Bajko wrote:
> Yoshi,
>
> Based on the discussions we had in HOKEY last week, I am not sure this
> is a good definition. 
>
> Why would we want to say that end systems are assumed to interoperate
> with mutual trust? That is not true today in a AAA based administrative
> domain. Besides, we probably should look at the definition of a 'key
> management domain', rather than an 'administrative domain'. 
>
> It may be easier to find a definition if we scope it down to the
> context.
>
> - gabor
>
> -----Original Message-----
> From: ext Yoshihiro Ohba [mailto:yohba@TARI.TOSHIBA.COM] 
> Sent: Wednesday, December 05, 2007 6:16 PM
> To: STDS-802-21@LISTSERV.IEEE.ORG
> Subject: [802.21] Security SG: Definition of Administrative Domain
>
> We have a home work raised in November meeting to revise the definition
> of Administrative Domain (AD).
>
> RFC 1136 has a good definition of AD.  Here is revised definition of AD
> with borrowing and slightly modifying text in RFC 1136:
>
> "
> Administrative Domain
>
>   A collection of End Systems, Intermediate Systems, and authority.
>   The components which make up the domain are assumed to interoperate
>   with a significant degree of mutual trust among themselves, but
>   interoperate with other Administrative Domains in a mutually
>   suspicious manner.
>
>   Administrative Domains can be organized into a loose hierarchy
>   that reflects the availability and authoritativeness of
>   authentication and authorization information.  This hierarchy does
>   not imply administrative containment, nor does it imply a strict
>   tree topology.
> "
>
> I believe this addresses all issues related to administrative domain
> definition.
>
> Comments?
>
> Yoshihiro Ohba
>