[TSG-Access-RD] Draft deck for Kobe

Hollenbeck, Scott shollenbeck at verisign.com
Mon Feb 25 20:17:37 UTC 2019 

After thinking about it a bit more, I think I’ve discovered an issue. It goes back to what I said during the face-to-face about the need for the AE and the TE to have access to the same underlying requestor data because the authorization code doesn’t transmit any information about the requestor or the bits they’ve elected to share with the relying party. That’s maintained in some local state that both the AE and TE need to have access to, so separation of these functions to different operational entities might not work well in practice.



In an attempt to address this I’ve just added two docs to our Google drive with a named prefix of “Mermaid Diagram SAH 2019-02-25”. Please take a look. You’ll see that I’ve combined the AE and TE bits into an IdP actor, and added a new “Authorization Service” actor that can be called by the Proxy to examine the RDAP query and the tokens to make an authorization decision that’s returned to the proxy for action. I *think* this is what the ICANN staff participants have described, so please correct me if I have that wrong. If this is, however, correct, the diagram Gustavo created needs an edit: removal of the arrow between the Authorization Service and the client.



Scott



From: TSG-Access-RD <tsg-access-rd-bounces at icann.org> On Behalf Of Andrew Newton
Sent: Monday, February 25, 2019 2:52 PM
To: Eleeza Agopian <eleeza.agopian at icann.org>
Cc: tsg-access-rd at icann.org
Subject: [EXTERNAL] Re: [TSG-Access-RD] Draft deck for Kobe



Works for me.



On Mon, Feb 25, 2019 at 12:35 PM Eleeza Agopian <eleeza.agopian at icann.org<mailto:eleeza.agopian at icann.org>> wrote:

   Thank you Francisco and Gustavo.



   Team, would this graphic work for your Kobe presentations?





   From: TSG-Access-RD <tsg-access-rd-bounces at icann.org<mailto:tsg-access-rd-bounces at icann.org>> On Behalf Of Francisco Arias
   Sent: Friday, February 22, 2019 4:20 PM
   To: tsg-access-rd at icann.org<mailto:tsg-access-rd at icann.org>
   Subject: Re: [TSG-Access-RD] Draft deck for Kobe





   On 2/22/19, 4:17 PM, "Gustavo Lozano" <gustavo.lozano at icann.org<mailto:gustavo.lozano at icann.org>> wrote:



   I modified Scott’s diagram and created a new one that I think could be used:



   https://docs.google.com/document/d/1djMdahDhtg8g9KlFxiIXR554ebTuT6tnKCsDrtX8GUM/edit#heading=h.gjdgxs



   Feeback is appreciated.



   Regards,

   Gustavo



   From: TSG-Access-RD <tsg-access-rd-bounces at icann.org<mailto:tsg-access-rd-bounces at icann.org>> On Behalf Of Hollenbeck, Scott via TSG-Access-RD
   Sent: Friday, February 22, 2019 11:37
   To: Francisco Arias <francisco.arias at icann.org<mailto:francisco.arias at icann.org>>
   Cc: tsg-access-rd at icann.org<mailto:tsg-access-rd at icann.org>
   Subject: Re: [TSG-Access-RD] [Ext] RE: Draft deck for Kobe



   So edit the diagram as you see fit.



   Scott



   From: Francisco Arias <francisco.arias at icann.org<mailto:francisco.arias at icann.org>>
   Sent: Friday, February 22, 2019 2:21 PM
   To: Hollenbeck, Scott <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>>
   Cc: tsg-access-rd at icann.org<mailto:tsg-access-rd at icann.org>; Eleeza Agopian <eleeza.agopian at icann.org<mailto:eleeza.agopian at icann.org>>
   Subject: [EXTERNAL] Re: [Ext] RE: [TSG-Access-RD] Draft deck for Kobe



   Yes, however, they can be separate entities. And in our model, we may want to highlight that possibility.



   --

   Francisco



   On 2/22/19, 11:19 AM, "Hollenbeck, Scott" <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>> wrote:



   They are part of the Identity Provider function.



   Scott



   From: Francisco Arias <francisco.arias at icann.org<mailto:francisco.arias at icann.org>>
   Sent: Friday, February 22, 2019 2:02 PM
   To: Hollenbeck, Scott <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>>
   Cc: tsg-access-rd at icann.org<mailto:tsg-access-rd at icann.org>; Eleeza Agopian <eleeza.agopian at icann.org<mailto:eleeza.agopian at icann.org>>
   Subject: [EXTERNAL] Re: [Ext] RE: [TSG-Access-RD] Draft deck for Kobe



   There are no authorizing bodies in the diagram.



   --

   Francisco



   On 2/22/19, 11:00 AM, "Hollenbeck, Scott" <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>> wrote:



   They’re all there, just wrapped into layers of abstraction. It all depends on just how simple someone wants the graphic to be.



   Scott



   From: Francisco Arias <francisco.arias at icann.org<mailto:francisco.arias at icann.org>>
   Sent: Friday, February 22, 2019 1:15 PM
   To: Hollenbeck, Scott <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>>
   Cc: tsg-access-rd at icann.org<mailto:tsg-access-rd at icann.org>; Eleeza Agopian <eleeza.agopian at icann.org<mailto:eleeza.agopian at icann.org>>
   Subject: [EXTERNAL] Re: [TSG-Access-RD] Draft deck for Kobe



   Scott,



   Isn’t that diagram incomplete (e.g., it doesn’t even include of all the actors)?



   --

   Francisco



   On 2/22/19, 10:08 AM, "TSG-Access-RD on behalf of Eleeza Agopian" <tsg-access-rd-bounces at icann.org<mailto:tsg-access-rd-bounces at icann.org> on behalf of eleeza.agopian at icann.org<mailto:eleeza.agopian at icann.org>> wrote:



   I do like that one – what do others think?



   https://drive.google.com/open?id=15lzO7E7m50CCJgMfZy5jh_UI2egrtNfO [drive.google.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__drive.google.com_open-3Fid-3D15lzO7E7m50CCJgMfZy5jh-5FUI2egrtNfO&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=VbweciUcwYQpIOZDSxl0ezGd1hGDtd-0BvgAgfmwfE0&m=HyLUiGcNMT-QVoVCkUlr-LevN9szrDKUeOqBhuEoRTA&s=iw45lcY_5SRdhJJEMzX4CSrnm9PbpqTCzJuR7MRRufw&e=>



   From: Hollenbeck, Scott <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>>
   Sent: Friday, February 22, 2019 9:45 AM
   To: Eleeza Agopian <eleeza.agopian at icann.org<mailto:eleeza.agopian at icann.org>>
   Cc: tsg-access-rd at icann.org<mailto:tsg-access-rd at icann.org>
   Subject: [Ext] RE: Draft deck for Kobe



   Well, there’s always the “RDAP Model 1” picture/document that’s now in our Models_OlderVersions archive...



   Scott



   From: TSG-Access-RD <tsg-access-rd-bounces at icann.org<mailto:tsg-access-rd-bounces at icann.org>> On Behalf Of Eleeza Agopian
   Sent: Friday, February 22, 2019 12:35 PM
   To: tsg-access-rd at icann.org<mailto:tsg-access-rd at icann.org>
   Subject: [EXTERNAL] [TSG-Access-RD] Draft deck for Kobe



   Dear TSG-RD team,



   We’ve developed a draft deck for your presentations in Kobe. I’ve uploaded it to the Google drive here: https://drive.google.com/open?id=1XhyUUFEq8QhJcncjs0hoGQoL37RyC8pNnvtMU01ShDk [drive.google.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__drive.google.com_open-3Fid-3D1XhyUUFEq8QhJcncjs0hoGQoL37RyC8pNnvtMU01ShDk&d=DwMFAg&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YHDWysfNgG9kn4Mk3Oyp9ccgD3bKUf2w88Lvdup8hZw&m=smicEdaVqzLDg9ltixPK8od-2Xr6rYK-tG0Shv8E6jU&s=FXkTabH6mswh83axQx-OdBGkZ171UC0on2Nm8wtUzuA&e=> In particular, please note the comment on the design diagram. Wondering if it would be possible to develop a simpler version of that graphic to display for your presentations?



   We can discuss more on our upcoming calls prior to Kobe.



   Thank you,

   Eleeza





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/tsg-access-rd/attachments/20190225/cb812932/attachment-0001.html>

More information about the TSG-Access-RD mailing list