Jeff, Joel, All I think declaring proxy out of I2RS architecture scope is a good thing. Not only this would simplify thing for I2RSs, FWIW it would allow for a single I3RS client to support arbitrary hierarchies of applications.
Igor -----Original Message----- From: i2rs [mailto:[email protected]] On Behalf Of Jeffrey Haas Sent: Tuesday, July 14, 2015 2:40 PM To: Joel M. Halpern Cc: [email protected] Subject: Re: [i2rs] some doubt about "draft-ietf-i2rs-ephemeral-state-00".// I-D Action: draft-ietf-i2rs-ephemeral-state-00.txt Joel, On Tue, Jul 14, 2015 at 02:22:01PM -0400, Joel M. Halpern wrote: > The architecture does not have a proxy. It only has Clients, who > may be acting on behalf of applications. Those applications are not > consider, by the I2RS system, to be I2RS Clients. > > Secondary identity is not a full proxy mode. secondary identities > are not authenticated. They do not have priorities. They are > included in the architecture to ease attribution. It is understood that secondary-identity is only a traceability detail. > So no, if A and B are applications, working through a common I2RS > client, then their operations are handled by the client. The > requirements only call for the client priority to be assigned to > those operations. Given the above, I think it is fair to say that proxies are completely out of scope. While this simplifies things, I'm not sure it's the best thing long-term. > As a nice-to-have, allowing clients to specify different priorities > for different operations is acceptable. But it is not necessary. As a nice-to-have, I don't believe the architecture clearly explains such an ability to alter priority. Please work with Alia to update the architecture document to clarify this if you believe this property is important. -- Jeff _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
