Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [802.21] Security SG: Scope issues



Yoshi,
My preferences are added below.
Let me back up my responses...
My personal opinion is that we should start with a focused scope and not
try to make this Security TG the 'kitchen sink'. E.g. if you start
adding other authentication mechanisms besides EAP, besides the
complexity going up exponentially, which other mechanisms would you add
and where do you stop?
Let's try to solve something that we have a fairly good understanding
about first.
I'm sure that having this focused scope is going to give us plenty of
work and at least a good chance to get a spec done in a reasonable time
frame (my guesstimate 3-4 yrs). If we throw in all the other use cases,
I'm concerned that it will take much longer to come up with a spec.

-Marc

-----Original Message-----
From: Yoshihiro Ohba [mailto:yohba@TARI.TOSHIBA.COM] 
Sent: Wednesday, December 12, 2007 6:37 AM
To: STDS-802-21@LISTSERV.IEEE.ORG
Subject: [802.21] Security SG: Scope issues

In November meeting, we had a straw poll related to scope issues on
SSOH (Security Signaling Optimization during Handover) problem.  The
result was:

  Support EAP: Yes(20)/No(0) 
  Support Non-EAP: Yes(10)/ No(7)
  Support inter-technology handover: Yes(21)/No(0)

We need more detailed discussion to make a decision.  Please state
your opinion (as detailed as possible) on the scope-related issues
listed below by next Security SG teleconference on December 18, 2007.
If those issues are resolved, we will be in a good position to come to
an agreement on PAR/5C in January!

Issue 1: Should we support non-EAP in addition to EAP?
<MM> No. 

Issue 2: Should we support handover to/from non-802 networks in
addition to handover within 802 networks?
<MM> No.

Issue 3: Should we support inter-administrative-domain handover?
<MM> Preferably No. I'm fine if we focus on the intra-domain handovers
first.

The definition of "administrative domain" is given below:

"
Administrative Domain

  A collection of End Systems, Intermediate Systems, and
  subnetworks operated by a single organization or administrative
  authority.  The components which make up the domain are assumed
  to interoperate with a significant degree of mutual trust among
  themselves, but interoperate with other Administrative Domains
  in a mutually suspicious manner.

  Administrative Domains can be organized into a loose hierarchy
  that reflects the availability and authoritativeness of
  authentication and authorization information.  This hierarchy does
  not imply administrative containment, nor does it imply a strict
  tree topology.
"

Best Regards,
Yoshihiro Ohba