Hi Scott, Welcome to the list ;-) Great input! Had a first look at it. Let's check what terms and concepts we can adapt or refer to. Regards, Ingo From: Scott Shorter [mailto:sshorter@electrosoft-inc.com] Sent: Mittwoch, 11. Dezember 2013 15:58 To: Friese, Ingo Cc: dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] IDoT document "Concepts of identity in the interent of things Hi all, I've been lurking on this list for a bit, not sure if I've remembered to introduce myself. Very interested in this topic. Good doc, Ingo. The section on object identifiers makes me think of a standard the SCAP suite called Asset Identificationhttp://scap.nist.gov/specifications/ai/. The specification is NISTIR 7693http://csrc.nist.gov/publications/nistir/ir7693/NISTIR-7693.pdf and it has some good discussion of identifiers. The data model includes literal identifiers (e.g. MAC address), synthetic identifiers (assigned names and numbers) and relationship identifiers of various sorts, including device relationships like "Host X is part of System Y", "Host X is on Network Z", as well as human relationships such as who owns or administers the asset. Regards, Scott On Wed, Dec 11, 2013 at 4:49 AM, mailto:Ingo.Friese@telekom.de> wrote: Dear All, I hope you all are doing well and having a nice holiday season. As discussed in our conf-call last week, I uploaded a "very-very early draft of our concept paper "Concepts of identity in the Internet oft Things". We'd like to develop this paper step by step to a use-full document helping users, architects, engineers, managers and decision makers to understand identity in the context of the IoT. I'd like to encourage you to have a look at the paper. Add your comments or take care of a topic that you are interested in. None of the current paragraphs is ready. It is rather more a small TOC. It is currently more or less 1 page, but I'm sure it will grow with your help. If you have ideas, suggestions, questions please let me know. https://kantarainitiative.org/confluence/download/attachments/67010606/Conce... Thank you in advance! Best regards, Ingo _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.orgmailto:DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot -- Scott Shorter, Principal Security Engineer, Electrosoft Services Inc. sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com O: 703-437-9451 x21 M: 240-994-7793

Scott, That's great. Do you mind to write a first attempt about object identifier in our document with regard to the NIST doc? Ingo From: Scott Shorter [mailto:sshorter@electrosoft-inc.com] Sent: Mittwoch, 11. Dezember 2013 16:56 To: Friese, Ingo Cc: dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] IDoT document "Concepts of identity in the interent of things Thanks Ingo, glad to be here. One takeaway I got from that document is the wide range of types of assets out there to be identified. In addition to devices the data model includes systems, networks, software, data, services, organizations and individuals (and more). The document definitely expanded my notion of what Non Person Entity authentication covers and what a detailed system asset inventory should contain. - Scott On Wed, Dec 11, 2013 at 10:25 AM, mailto:Ingo.Friese@telekom.de> wrote: Hi Scott, Welcome to the list ;-) Great input! Had a first look at it. Let's check what terms and concepts we can adapt or refer to. Regards, Ingo From: Scott Shorter [mailto:sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com] Sent: Mittwoch, 11. Dezember 2013 15:58 To: Friese, Ingo Cc: dg-idot@kantarainitiative.orgmailto:dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] IDoT document "Concepts of identity in the interent of things Hi all, I've been lurking on this list for a bit, not sure if I've remembered to introduce myself. Very interested in this topic. Good doc, Ingo. The section on object identifiers makes me think of a standard the SCAP suite called Asset Identificationhttp://scap.nist.gov/specifications/ai/. The specification is NISTIR 7693http://csrc.nist.gov/publications/nistir/ir7693/NISTIR-7693.pdf and it has some good discussion of identifiers. The data model includes literal identifiers (e.g. MAC address), synthetic identifiers (assigned names and numbers) and relationship identifiers of various sorts, including device relationships like "Host X is part of System Y", "Host X is on Network Z", as well as human relationships such as who owns or administers the asset. Regards, Scott On Wed, Dec 11, 2013 at 4:49 AM, mailto:Ingo.Friese@telekom.de> wrote: Dear All, I hope you all are doing well and having a nice holiday season. As discussed in our conf-call last week, I uploaded a "very-very early draft of our concept paper "Concepts of identity in the Internet oft Things". We'd like to develop this paper step by step to a use-full document helping users, architects, engineers, managers and decision makers to understand identity in the context of the IoT. I'd like to encourage you to have a look at the paper. Add your comments or take care of a topic that you are interested in. None of the current paragraphs is ready. It is rather more a small TOC. It is currently more or less 1 page, but I'm sure it will grow with your help. If you have ideas, suggestions, questions please let me know. https://kantarainitiative.org/confluence/download/attachments/67010606/Conce... Thank you in advance! Best regards, Ingo _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.orgmailto:DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot -- Scott Shorter, Principal Security Engineer, Electrosoft Services Inc. sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com O: 703-437-9451 x21tel:703-437-9451%20x21 M: 240-994-7793tel:240-994-7793 -- Scott Shorter, Principal Security Engineer, Electrosoft Services Inc. sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com O: 703-437-9451 x21 M: 240-994-7793

Scott...Excellent! This would be great. Looking forward to it...;-) Ingo From: Scott Shorter [mailto:sshorter@electrosoft-inc.com] Sent: Donnerstag, 12. Dezember 2013 13:52 To: Friese, Ingo Cc: dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] IDoT document "Concepts of identity in the interent of things Guess I walked right into that one. I'll be glad to take a shot at it. I see the next meeting is 12/17, I'll try to provide something before then but no promises. - Scott On Thu, Dec 12, 2013 at 7:09 AM, mailto:Ingo.Friese@telekom.de> wrote: Scott, That's great. Do you mind to write a first attempt about object identifier in our document with regard to the NIST doc? Ingo From: Scott Shorter [mailto:sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com] Sent: Mittwoch, 11. Dezember 2013 16:56 To: Friese, Ingo Cc: dg-idot@kantarainitiative.orgmailto:dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] IDoT document "Concepts of identity in the interent of things Thanks Ingo, glad to be here. One takeaway I got from that document is the wide range of types of assets out there to be identified. In addition to devices the data model includes systems, networks, software, data, services, organizations and individuals (and more). The document definitely expanded my notion of what Non Person Entity authentication covers and what a detailed system asset inventory should contain. - Scott On Wed, Dec 11, 2013 at 10:25 AM, mailto:Ingo.Friese@telekom.de> wrote: Hi Scott, Welcome to the list ;-) Great input! Had a first look at it. Let's check what terms and concepts we can adapt or refer to. Regards, Ingo From: Scott Shorter [mailto:sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com] Sent: Mittwoch, 11. Dezember 2013 15:58 To: Friese, Ingo Cc: dg-idot@kantarainitiative.orgmailto:dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] IDoT document "Concepts of identity in the interent of things Hi all, I've been lurking on this list for a bit, not sure if I've remembered to introduce myself. Very interested in this topic. Good doc, Ingo. The section on object identifiers makes me think of a standard the SCAP suite called Asset Identificationhttp://scap.nist.gov/specifications/ai/. The specification is NISTIR 7693http://csrc.nist.gov/publications/nistir/ir7693/NISTIR-7693.pdf and it has some good discussion of identifiers. The data model includes literal identifiers (e.g. MAC address), synthetic identifiers (assigned names and numbers) and relationship identifiers of various sorts, including device relationships like "Host X is part of System Y", "Host X is on Network Z", as well as human relationships such as who owns or administers the asset. Regards, Scott On Wed, Dec 11, 2013 at 4:49 AM, mailto:Ingo.Friese@telekom.de> wrote: Dear All, I hope you all are doing well and having a nice holiday season. As discussed in our conf-call last week, I uploaded a "very-very early draft of our concept paper "Concepts of identity in the Internet oft Things". We'd like to develop this paper step by step to a use-full document helping users, architects, engineers, managers and decision makers to understand identity in the context of the IoT. I'd like to encourage you to have a look at the paper. Add your comments or take care of a topic that you are interested in. None of the current paragraphs is ready. It is rather more a small TOC. It is currently more or less 1 page, but I'm sure it will grow with your help. If you have ideas, suggestions, questions please let me know. https://kantarainitiative.org/confluence/download/attachments/67010606/Conce... Thank you in advance! Best regards, Ingo _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.orgmailto:DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot -- Scott Shorter, Principal Security Engineer, Electrosoft Services Inc. sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com O: 703-437-9451 x21tel:703-437-9451%20x21 M: 240-994-7793tel:240-994-7793 -- Scott Shorter, Principal Security Engineer, Electrosoft Services Inc. sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com O: 703-437-9451 x21tel:703-437-9451%20x21 M: 240-994-7793tel:240-994-7793 -- Scott Shorter, Principal Security Engineer, Electrosoft Services Inc. sshorter@electrosoft-inc.commailto:sshorter@electrosoft-inc.com O: 703-437-9451 x21 M: 240-994-7793