RE: Minutes for Dec 1 Trust-elevation call

["Mary Ruddy" <mary@meristic.com>]

Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee

1 December, 2011

 

1. Call to Order and Welcome.

 

2. Roll Call

Attending (please notify me if you attended the meeting but are not on the list below)

Abbie Barbir, Bank of America  - y

Anil Saldhana, Red Hat  

Brendan Peter, CA Technologies  -y

Carl Mattocks, Bofa

Cathy Tilton, Daon

Charline Duccans, DHS

Duane DeCouteau

Colin Wallis, New Zealand Government - y

Dale Rickards, Verizon Business  - y

David Brossard, Axiomatics

Dazza Greenwood - y

Debbie Bucci, NIH 

Deborah Steckroth, RouteOne LLC

Detlef Huehnlein, Federal Office for Information

Don Thibeau, Open Identity Exchange 

Doron Cohen, SafeNet

Doron Grinstein, BiTKOO – y

Ed Coyne, Dept Veterans Affairs - y 

Ivonne Thomas, Hasso Plattner Institute

Jaap Kuipers, Amsterdam - y

Jeff Broburg, CA

John Bradley

John "Mike" Davis, Veteran's Affairs

John Walsh, Sypris Electronics

Julian Hamersley, Adv Micro Devices

Kevin Mangold, NIST - y

Marcus Streets, Thales e-Security

Marty Schleiff, The Boeing Company

Mary Ruddy, Identity Commons  - y

Massimiliano Masi, Tiani "Spirit" GmbH  - y

Nick Pope, Thales e-Security

Peter Alterman, NIST  - y

Rebecca Nielsen, Booz Allen Hamilton  - y

Rich Furr, SAFE-BioPharma Assn

Ronald Perez, Advanced Micro Devices

Scott Fitch Lockeed Martin

Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y

Shahrokh Shahidzadeh (Intel Corp)y

Tony Rutkowski – y

Thomas Hardjono, M.I.T.  - y

William Barnhill, Booz Allen Hamilton

Cathy

Other new person

70 percent of the voting members were present at the meeting.  We did have quorum.

 

We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el - chat room text is included at the end of the minutes.

 

2. Agenda review and approval

Abbie asked if there were any changes to the agenda. No changes proposed.  Agenda was taken as is.

3. Approve Minutes

Abbie pointed out that we need to append the notes from the last call into today’s meeting as a “meeting discussion” as there wasn’t quorum at the last meeting. Therefore there were no official minutes for the last meeting as it didn’t have official status.

**Mary took an action item for this.

Abbie discussed some of guest speakers for our next calls.  Google will present their Street Identity Project on the next call.  Hopefully they will contribute documents.  

Dick Brackney will be presenting on x.1254 (which is based on 800-63 in the January timeframe. He will send the official document and present. So that this TC will be totally aware, the document is due for determination shortly thereafter.  So the presented version should be close to what the final doc would be. 

Hopefully afterwards Version will also provide input. So we will have vendor participation to help in identifying the method examples.

Normally we would have a call on December 29th.  Abbie proposed to cancel this for the holidays.  He asked that if anyone really wants to have one, they should speak.  (silence)

There was agreement to cancel the meeting for the 29th.

Abbie asked Dale if there was anyone at Verizon willing to talk about and demo their work. 

Dale agreed to arrange.   Dale explained that the work is being done under the universal identity services banner at Verizon, within her team.  Verizon acquired Terremark.  They just finished NIST LOA 1, 2 and 3 certifications.

** Action item for Dale to arrange for Verizon talk and demo 

Abbie indicated he would like to get a person from OIX to talk about their attribute and trust work on a future TC call.

4.  The Role of Tokens in Trust Elevation, presentation by Rakesh Radhakrishnan, Bank of America 

Abbie posted a link for the slide deck for today’s presentation in the chat room.

Rakesh had Sun identity access management experience before joining BofA. He is the author of numerous books on identity and policy.  He is currently working on a book on attributes and context.

Rakesh started on Slide 3. Tokenization is a highly evolving space.  Rapid adoption in last few years. There are 5 characteristics of the token process.  Rather than just passing attributes, they can be condensed and compressed. Cisco has a product that includes DPI, and other functions in one platform. For VPN connectivity it generates a bunch of tokens.  That token is generated by logic that passes through a bunch of attributes sets, 150 attributes, and determines if it needs to be quarantined or blacklisted.  There are tokenized representations of these attributes. This is one value proposition.  Second, there could be a lot of metadata associate with token types. Tokens are also cryptic.  When intelligence info is passed, it needs to be secured.  Most tokens are encrypted and hashed.  Because the fact that these token are validated against other authoritative sources, these tokens are more of a run time artifact

Slide 4 – look at the number of tokens involved.  Biometric tokens, TPM tokens, etc. All of these tokens have token characteristics as well.  You can have tokens representing some type of access function.  In digital rights management, the licensing key is a token that is generated.  While and black lists can be tokenized. Trusted platform storage acts as hard tokens.

There are software tokens, for example OTP. Can have tokens that are only used within an enterprise. Tokens can also represent a subject. A component of human DNA, device and software can be combined as a token artifact.  The same can be applicable on the resource side.  Trust tokens are an evolving space.  Resource tokens are evolving rapidly.  Integrity tokens generally pertain to the environment.  Mostly within XACML space. 

Acton and context and conditions are also needed to determine integrity – a trusted network stack or threat token could be leveraged to determine integrity.

Radiant Logic solutions extract our info to provide a composite run time view of attributes: 

If you see all these attributes, generate this token type or that.  Subject risk can be put into tokens – smart tokens that represent behavior of individuals, mostly employees.  SailPoint has an access review process.  They create a risk rating on resources.

They are transaction token types such as SWIFT. The whole tokenization is happening especially for sensitive data and in the financial industry. Data tokenization has been around for 20-30 years. Tokenization is a process, there are token typings.  Typing has lots of implications.  

Also there is a notion of tokens representing control functions.  There are tokens for validations. Data masking and data redaction all use that as a pre condition.  They allow for intelligence, alignment and control.

Slide 5 - Assurance, integrity and risk levels are used in combination for decision making

There can be tokens representing depth.  The more tokens representing a subject or resource the deeper you are going in the OSI stack.  There are 9 layers of potential tokens to help in decision making.  Large institutions could have lots of token types.

It is about role based access control, not access based access control. We will have an exponential explosion of attributes. How do we streamline that?  That whole space can be addressed.  That is, a simulation token type with alignment of laptop and biometric and OTP, all those tokens combined could provide a very high level of assurance for employees, if those additional token are chained with integrity and computed assurance level. The same can be applied to the risk associated with a transaction. 

RFID tokens and USB tokens are pretty powerful - dual edged swords that can also provide threats.  It is good if you know the USB device, but a third party USB is a threat. All these are for run time intelligent decision making.

Last slide is about reference material. Once, tokens were for authentication only. Now the scope is huge.  There are a lot of benefits from moving in the direction of tokenization. Thank you. 

Abbie discussed slide 6. For elevated trust and assurance levels, he thinks our work should take a look at this for our 3rd deliverable.  We have to ask how we can convey information.  Using attributes on their own gets out of hand. It will be helpful to map attributes to a smaller set that can be shipped by a token.

-          Identity assurance levels concern the quality of the credential itself.  Ten levels may to too overwhelming.  TCG has done a lot of work.  There is also TASC 3 that has done good work in RDF tokens.  My understanding is there is a lot in the notation of  SAML we can use 

-          Not sure how much can be standardized. It all depends on context. Is computed for the particular enterprise and transaction.

Abbie stated what we did agree on is the 4 LOAs from NIST don’t address that. In addition to LOA 1-3, we are going to be using LOA-1.2, 1.5, etc. Our room to play is within those parameters.  The definition of “LOA-1.5” could be relative.

This is why our work must rate other trust frameworks.  I think the driving strategy is the addition of an extra factor, if it helps to reduce the set of vulnerabilities.  If a factor has the same set of vulnerabilities, it doesn’t increase trust.

It could help if we create a trust framework of 5 levels. When doing trust levels, it is just about the subject or trust resources.  Abbie said end point security should apply. The source also reflects access to resources and faith in device (device and its software.) It would help to develop a framework.

·         Lowest level – trivial 

·         Level 5 – have done much to validate different level and integrity of the process – this has implications for a control function that could be exercised. So that kind of a taxonomy.

Abbie asked for Tony’s input. 

Tony said there are some institutions binding with NIST and these 4 levels, but the most elegant was a scheme that identified an entire array of factors – there is enormous granulation . That has always been his preference. But people like to gravitate to quantum levels.  He mentioned ENISA.

**Action item to get a link for to ENISA. 

It was commented that the CAB forum is doing the most currently and the TC should have a close binding with them going forward.

Abbie also mentioned Entrust.

The ABA forum was also mentioned as source of solutions. 

Tony also mentioned TCG as well.  

There was a discussion of which parent companies currently owned companies of interest.

It was suggested that determining trust levels and assurance levels can be part of a paper.  There should be some platform where tokens can be changed at run time.

It was commented that Ping supports this.  Ping also has an SDK to define your own tokens, so one can play around. There is a lot of traction around that also. I truly believe there is value around implementations. It may take another 10 year or 2-3 years.

5.  Mary to continue F2F details and action items 

Abbie said the editors need to post the skeleton of the document so we can discuss it in the next call. At least we should know the basic structure.

Mary discussed the status of structuring the first deliverable.  We have 7 method examples that were identified in the first F2F. We have started a spreadsheet of methods and method characteristics that we have put aside until we complete the initial survey.  In order to complete the initial survey we are identifying organizations that can help and existing documents with relevant content.

A discussion about scheduling an editors working call to review these and discuss the project road map was taken off line.

**Action item to schedule an editor’s working call so that we can move forward with the format.

6. Editors update and road map

Mary explained that number of component pieces for the first deliverable had been drafted. For example the list of organizations that the TC should liaise with as part of the survey was sent to the list. 

We have also begun accumulating method examples.  An outline of the first deliverable including appendices such as a dictionary has also been created. 

To be continued off line.

 

7. Update on TC funding request from Member Section and next F2F meeting

Peter indicated that the steering committee would review the budget this week and the next.

It was commented that having the next face-to-face at the same hotel as the NIST meeting makes sense as it will save money.

It would be useful for planning purposed to know if anyone intends to resource additional services – web access, etc.

Peter will report back when he has news.

 

8. Attendance Update

We made quorum.

 

9. Conclude meeting

Abbie made a motion to Adjourn.  Dazza seconded it.  The meeting was adjourned.

 

Log for chat room for the call: http://webconf.soaphub.org/conf/room/trust-el -

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 

 

abbie1: Passcode: 637 218 8139

Int'l Toll: 1-980-939-6928

Dial-In Numbers - (Please see Conference Shortcuts Below)

Int'l Toll: 1-980-939-6928 Local

- Australia, Sydney: +61 (0) 2 8064 4811

abbie1 morphed into abbie

abbie: 1. Roll Call

2. Agenda review and Approval

3. Approve Minutes

4. Role of Tokens in Trust Elevation, presentation by Rakesh Radhakrishnan, Bank of America (about 30 minutes (link will be provided to the slides asap))

5. Mary to continue F2F details details and action items 

6. Editors update and road map

7. Update on TC funding request from Member Section and next F2F meeting

8. Attendance Update

9. Conclude meeting

abbie: rakesh talk at http://www.oasis-open.org/apps/org/workgroup/trust-el/members/upload.php

anonymous1 morphed into Jaap Kuipers (Id Network Netherlands)

David Brossard - Axiomatics: Dear all, I cannot attend the phone call today... Apologies

David Brossard - Axiomatics: I will be reading what's going on here

David Brossard - Axiomatics: ALl the best!

Rebecca Nielsen (Booz Allen Hamilton): I'm finishing up another meeting, I'll be a few minutes late to the phone call, but I will be joining.

abbie: http://www.oasis-open.org/apps/org/workgroup/trust-el/documents.php

abbie: for rakesh talk

Massimiliano Masi (Tiani Spirit): Hello everybody

Please change your name from 'anonymous' using the Settings button

anonymous1 morphed into Doron Grinstein

Carl Mattocks: greetings

Rakesh : Hello everyone - this seems like the who's who in the IAM space

Rakesh : Abbie Tony Colin Doron Thomas

Rakesh : very impressive

Rakesh : I will attend these calls moving forward in 2012 - since Trust Elevation is critical for Banks

Tony Rutkowski: Sounds like we should have a close working relationship with TCG.  How do we do that?

Tony Rutkowski: What are boundaries with the PKI universe - which is a token species?

Deb Bucci: I am monitoring the activity as well ...

Colin Wallis (NZGovt): Very thought provoking presentation. Thanks Rakesh 

Rakesh : Hi Colin - whats your email at NZgovt

Rakesh : will shoot an emial abt the IDM event

Rakesh : or you can email me at rakesh.radhakrishnan@bankofamerica.com

Colin Wallis (NZGovt): Will do. Cheers.

Rakesh : http://www.openauthentication.org/webfm_send/13

Rakesh : nice paper

Rakesh : Tony - see paper for relationship between PKI and Tokens

Jaap Kuipers (Id Network Netherlands): Jaap is here

Thomas Hardjono (MIT): Bye all.

>>>>>>>>>>>>>>>>>>>>> 

Notes from meeting discussion on 17 November, 2011

 

1. Call to Order and Welcome.

 

2. Roll Call

Attending (please notify me if you attended the meeting but are not on the list below)

Abbie Barbir, Bank of America  - y

Anil Saldhana, Red Hat 

Brendan Peter, CA Technologies

Carl Mattocks, Bofa

Cathy Tilton, Daon

Charline Duccans, DHS

Duane DeCouteau

Colin Wallis, New Zealand Government - y

Dale Rickards, Verizon Business 

David Brossard, Axiomatics

Dazza Greenwood

Debbie Bucci, NIH 

Deborah Steckroth, RouteOne LLC

Detlef Huehnlein, Federal Office for Information

Don Thibeau, Open Identity Exchange  - y

Doron Cohen, SafeNet

Doron Grinstein, BiTKOO

Ed Coyne, Dept Veterans Affairs - y 

Ivonne Thomas, Hasso Plattner Institute

Jaap Kuipers, Amsterdam

Jeff Broburg, CA

John Bradley

John "Mike" Davis, Veteran's Affairs

John Walsh, Sypris Electronics

Julian Hamersley, Adv Micro Devices

Kevin Mangold, NIST - y

Marcus Streets, Thales e-Security

Marty Schleiff, The Boeing Company

Mary Ruddy, Identity Commons  - y

Massimiliano Masi, Tiani "Spirit" GmbH  - y

Nick Pope, Thales e-Security

Peter Alterman, NIST  - y

Rebecca Nielsen, Booz Allen Hamilton  - y

Rich Furr, SAFE-BioPharma Assn – y

Ronald Perez, Advanced Micro Devices

Scott Fitch Lockeed Martin

Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y

Shahrokh Shahidzadeh (Intel Corp)  -y

Tony Rutkowski – y

Thomas Hardjono, M.I.T. 

William Barnhill, Booz Allen Hamilton

47 percent of the voting members were present at the meeting.  We did not have quorum.

 

We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el - chat room text is included at the end of the minutes.

 

2. Agenda review and approval

There were no additions.

3. Approve Minutes

We deferred approval of the previous minutes, due to lack of quorum. 

Abbie noted that due to a bug in TC event calendar and the recent clock change the event was listed at 9:00 AM rather than 10:00. 

4. Mary to review F2F details and action items 

Mary explained that we started by agreeing that there were four factors: the traditional who you are, what you have and what you know, and context.  We also agreed on a definition of trust elevation. As part of next steps, Mary started a spreadsheet with the categories of trust elevation methods discussed: biometrics, UN/PW, OTP, tokens, KBA, end point identity, and context.  During the F2F, a couple of subcategories were suggested: whether the method is primary or secondary, and the boundary for the method [e.g. session.] Mary captured these and method sub variations in a spreadsheet.

There was discussion.

Colin commented that a method may be added, but doesn’t necessarily make trust stronger if they have the same level of weakness.

Abbie agreed a secondary method is no help if the vulnerabilities are the same

Rebecca noted that this is an area of interest. 

Abbie commented that we haven’t captured this component.  We are still trying to explain strength and explain what we are trying to protect.  We need to nail this down pretty quickly in order to start putting the information into the deliverable.  One thing we need to talk about is the definition of trust-el.

During the F2F we came up with a definition (statement) on trust elevation.

Abbie commented that we will need to bless this.  We should only refine it now if we need to do it now.

Mary read the statement (which is in the notes from the F2F):

Trust elevation is increasing the strength of trust by adding factors from the same or different categories of methods that don’t have the same vulnerabilities. There are four categories of methods: who you are, what you know, what you have and the context. Context includes location, time, party, prior relationship, social relationship and source. Elevation can be within the classic four NIST and ISO/ITU-T levels of assurance or across levels of assurance.

Mary talked about possible next steps, such as identifying which threats we are trying to protect against, and therefore which weakness holes we need to fill with trust elevation.

It was commented that there are distinctions between strength of passwords 8 vs. 4 character, etc.  Yet a longer password is no help against social engineering and key logging attacks. Rather than talking about how a modification affects some and not other approaches, we need to develop a mechanism to depict this in the document.  

It was commented that we need to structure this in the next couple weeks so editors can start taking the use cases and quickly plugging them in.

Mary made a suggestion about evolving the categories in a spreadsheet to capture the data on methods.

Peter commented that we are analyzing the data before we finish collecting the data.  This is a risk.  We should gather the data then, do the analysis, otherwise we are biasing the data.

Rebecca was not sure she agreed.  But she noted that it was important to have the data.

Peter commented, we don’t even know the range of information we will get.  We are speaking out of ignorance.

Abbie said we can document now. We know at the end of the day we can do the analysis.  When we do it, is a different topic.  

Tony talked about intriguing similar considerations in other groups. This group can add value by engaging in outreach.

Abbie said that we need to liaison with this Kantara group quickly.  

It has to be on the action item agenda here.  He knows more about ITU-T and will look into how to leverage that relationship.

Tony talked about the importance of understanding the sea change in last week or two in terms of driving more of the cyber security changes and trust. So OASIS enhancing that relationship will be good.

Don led the meeting from this point forward.

Peter asked Tony to send us the list of documents we need in our reading room.

Tony agreed.

We need to be reaching out to right documents or groups with relevant activities.

Tony reminded the group about the 3GGP.  It was not clear to him if there was a pre existing relationship and OASIS.

Peter commented that that is something Abbie should find out about in the board meeting. We have some forum, but it is not really official.  This is something we need to work on.

Tony commented that 3GGP is massive = all other stands bodies together in this trust and identity space. Because of the players involved, they have considerable control over the infrastructure

Don asked to review a list of those groups relevant to our work:

·         ITF (IETF?  sp?)

·         Q4 and Q10 

·         ETSI

·         OIX for trust framework

·         OMA (sp?)

Tony said PC68 (sp?) is about banking trust.

Abbie said a new multifactor doc coming. 

Europe is driving a new trust mechanism.  They are extremely active.

ETSI (European Telecommunications Standards Institute) is the code name for the electronic signatures technical committee – joined at the hip with the euro commission to establish PKI for Europe.

Don asked for an overview.

Peter explained that he and Judy were engaged with ETSI for 5 or 6 years.  He is not arguing with Tony.  The group may or may not be ahead of us.

Don explained that he is hoping we can do a bit of a triage and see which groups are going to be the most value adding. Maybe we can establish individuals who will be our active links and inform the group.

Peter commented that Tony is well connected.  He is the right guy.

Don suggested that we might want to consider having a liaison activity like Peter suggested with Tony for some of these key groups.  

We need to triage to make a pragmatic distinction on these things.

5) Hand over of use cases to Editors.   

Mary explained that we spent the second half on the face-to-face on use cases. The use cases were documented (as original input or notes) in the minutes of the face-to-face.  She also plans to put the use-cases, etc into a separate document that would become a section of the first deliverable.

She asked for additional use cases, and noted that a couple of the use cases presenters had action items to follow-up with more detailed write-ups of their use cases.

Brendan asked for a list.

6) TC funding request from Member Section and next F2F meeting

Peter provided a status update. The OASIS member section steering committee is putting together its budget requests for 2012 and as part of that, the member section is asking for budget requests. This year we are trying to collect the request for resources in categories. 

·         Travel

·         Professional services

·         Tech services

·         Admin services

·         Conference and event services

We had the official call right after the face-to-face. Abbie has proposed to the member section a budget of $30K for the coming year. We don’t know what the member section will grant, but the request has been made. The budget request was for 3 categories:  $13K professional services for phase 2 deliverable, $8K for face-to-face meetings and $9K to defray travel expenses for independents.  The next potential face-to-face meeting being proposed is to discuss the phase one results, documentation and data. We think a face-to-face would be pretty useful, and to minimize travel, we are looking at having a 1 or 2 day meeting after the NIST/NSTIC event on March 13-14 http://www.nist.gov/nstic/upcoming-workshops.html.  This would be March 16 and 17.  Perhaps starting end of day on the 15th after the NIST/NSTIC meeting has ended.

So Abbie should follow-up as the budget request makes its way through the process.

Mary said that as part of the budgeting process she has put a preliminary request into the Holiday Inn where the NIST/NSTIC event is being held, for space for a Trust-el face-to-face meeting after the NIST event.  Further details would need to be worked out if/when funding was received.

Don asked if anyone had questions or concerns about the request for funding.

Mary asked how long this budget process takes.

Abbie responded that the steering committee has to agree on the request, and then it goes back to the board to approve.  The board meets monthly.   Abbie explained there was no new input from the current month’s board meeting.  The December 15 board meeting is the earliest they can look at the budget request.

Peter commented we are assuming the member section budget will be comparable to 2011.

Abbie noted it is up to the steering committee to send requests to the board.  He will support it when it comes to the board.

Peter noted our budget request is just that, a request.  We will see what the board tells the member section and what the member section tells the board.

Don asked if there were any more questions about the current state of play on the request for funding.  Hearing no other questions, he moved on.

Mary reviewed the remaining action items from the face-to-face that had been sent to the list that had not yet been covered. (Leveraging the NIST/NSTIC event was one of these).

Don commented on the benefit of the common sense leveraging of the NIST/NSTIC event that TC members would already be attending.  He noted that since we didn’t have quorum, we couldn’t put this to a motion on the call.  He commended that using the event as a forcing function to put our work in the broad context of the OASIS/NSIT meeting was good.  

Don asked to indicate in the minutes that there were no objections.  

Don also said it would be nice to hear if folks are comfortable with what is going on and what had been discussed.

Rich replied he is comfy.

Don noted that he was hearing no objecting or seeing none and said he took this as a good sign. 

Don summarized that it is also a good sign to be building out our 2012 planning and awareness of liaison activities with other groups that are highly related; and to be continuing in the work about getting use cases organized and into the system with some of the other reference doc identified earlier.  This is fair work for laying our foundation.

Don asked if there were any more issues.

Hearing none, he called for a close and thanked all on the call.  We will continue on building momentum thru the holidays.

The meeting concluded.

>>>>>>>>>>>>>>>>>>>> 

anonymous morphed into Rich Furr

anonymous1 morphed into Tony Rutkowski

abbie: yes

anonymous morphed into Kevin Mangold (NIST)

Don Thibeau Open Identity Exchange : sorry to join late

Mary Ruddy: Trust elevation is increasing the strength of trust by adding factors from the same or different categories of methods that dont have the same vulnerabilities. There are four categories of methods: who you are, what you know, what you have and the context. Context includes location, time, party, prior relationship, social relationship and source. Elevation can be within the classic four NIST and ISO/ITU-T levels of assurance or across levels of assurance.

Don Thibeau Open Identity Exchange : mary can you post the agenda for this meeting thanks

colin_nz: Source..does that cover device?

Don Thibeau Open Identity Exchange : source is both device and channels e.g.

Don Thibeau Open Identity Exchange : telephone

Don Thibeau Open Identity Exchange : can we generate a list of liaison groups relevant to our work

colin_nz: Hmm..not sure will quite do it. Some handhelds are more vulnerable than others. Isn't it Google's system that can interrogate the device as part of authentication?

Tony Rutkowski: I argue that cloud infrastructure are rapidly putting an end to the PSTN and the Internet; and getting liaisons estabished with the many emerging industry cloud venues is important as well.

Tony Rutkowski: (Grammar isn't enhanced by chat...  aargh)

abbie: 30 K

abbie: id trust meeting in march with NIST

Kevin Mangold (NIST): Putting an end to the Internet?

Tony Rutkowski: Indeed...a logical extrapolation of a global cloud architecture.  It's also a more stable, extensible result.  We get rid of the PSTN and the Internet in one cosmological event. 

Kevin Mangold (NIST): Hmmm... how would one use this cloud infrastructure without the Internet?

abbie: dropping out

Tony Rutkowski: How would it be without the PSTN - which is a significantly larger and more important infrastructure.  This gets us into religous arguments about exactly what "the Internet" is.  Any Internet universe religious dogma one adhers to, pretty much spells the same cosmological end.

Tony Rutkowski: ps. previous cloud infrastructures were variously based on X.25 (e.g., Minitel) or SS7 (e.g., Intelligent Network).  The protocols for schlepping bits don't make much difference.