►
From YouTube: IETF92-MILE-20150325-0900
Description
MILE meeting session at IETF92
2015/03/25 0900
A
If
you
have
kind
of
thoughts,
additionally,
the
place
where
feedback
would
be
good
is
there's
different
styles,
with
which
to
present
the
final
kind
of
schema,
whether
it's
down
to
how
you
want
to
see
kind
of
spacing.
How
do
you
want
to
see
you
know
types
defined
versus
natively
kind
of
embedding
kind
of
classes?
If
you
have
strong
feelings
about
kind
of
either
of
those
be
great
to
put
on
a
list.
B
B
B
So
would
anyone
here
be
willing
to
do
that
so
and
what
just
it
entails,
just
making
sure
everything
matches
up
between
so
I'm?
Sorry,
so
we
have
how
many
oh
great
good.
So
we
have
three
thank
you
because
it's
it's
so
easy
to
miss
stuff
and
we
had
a
slew
of
them
on
the
first
one.
It's
just
much
easier.
If
we
can
thank
you.
Yeah.
A
I
mean
the
other
thing
that
would
help
in
addition
to
the
UML
and
the
XML
is
that
we've
been
trying
to
keep
keep
a
changelog
going
about
what's
different
I
know
we're
not
very
good
about
that.
I
mean
I,
find
things.
Aren't
we
missing
all
the
time?
So
if
in
you
and
out
of
that
pass,
if
you
could
take
a
look
at
that,
that
would
be
greatly
appreciated
future
implementers.
Well,
thank
you.
C
Can
ask
ke
Glen
question
about
I
assume
there
are
tools
that
can
help
too,
or
is
it
more
than
that,
just
making
sure
that
XML
matches
the
EML
scheme.
A
A
I
think
I'm
saying
how
about
some
you
tools
that
will
take
the
UML
and
compared
to
the
schema,
and
I
was
making
the
comment
that
will
use
uml
light
a
little
bit.
I'm
not
sure
house
tricky
worried,
especially
the
way
we
represented
in
the
text.
I
actually
don't
know
how
we'd
extracted
someone.
Someone
has
a
piece
of
tech
that
I
can
extract
that
ask
yarn
I'm
all
ears,
that'd,
be
great,
actually,
I've
been
really
exciting.
Actually,
all
right
next
slide.
A
I
just
want
to
talk
about
some
of
these
issues
in
depth
now,
so
the
mailing
list
has
been
really
active
in
the
last
day
or
two
on
this
particular
issue.
So
we
talked
about
this
about
a
year
and
a
half
ago
about
the
fact
that
the
software
type,
the
IDF
software
type,
which
is
a
way
to
just
describe
an
application
or
a
piece
of
kind
of
software.
Whether
it's
saying
hey,
I
got
my
data
from
this
piece
of
software
or
this
piece
of
software
was
targeted.
A
We
have
this
data
type
to
explain
that
we
went
back
and
forth
about
a
year
ago.
Just
about
switz
was
kind
of
mentioned.
We
said
punt
at
that
time.
In
Honolulu
we
said
we
had
a
lot
of
different
options
at
this
point.
We
really
do
have
to
decide
and
so
the
four
options
it
leads
to
four
options.
I
think
we
have
our
use
oval,
you
swig,
don't
do
anything
just
say:
that's
someone
else.
A
Someone
else
is
going
to
do
that
with
additional
data,
or
the
last
approach
is
to
support
multiple
techniques
to
include
one
and
two
and
use
something
like
the
IDF
sei
extension
or
the
Edam
kind
of
draft
just
to
put
in
an
eye
on
a
registry
things
like
one
and
two
and
potentially
other
things
and
then
have
a
blob
to
represent
what
that
raw
format
would
be.
So
we
have
a
number
of
things
said
kind
of
on
the
mailing
list.
Are
there
other
things
to
add
to
set
conversation.
C
Type
of
identifies
and
the
registers
might
change
all
the
time.
So
you
don't
want
to
be.
You
know,
corner
yourself
by
yeah.
F
So
this
is
Sean
trainer,
so
I
think
I
kind
of
took
the
bait
on
this
one
right.
So
for
me,
I
like
it.
This
way
like
ophelie
is
like
kind
of
like
some
of
the
de
facto
standard
rate,
and
it's
used
there's
a
thousands
of,
maybe
hundreds
of
thousands,
maybe
correct
me.
It
seemed
really
weird
to
force
everybody
to
go
to
sweat
right.
When
I
first
started
looking
at
slid,
it
was
maybe
a
little
confusing
whether
you
had
the
pain
to
get
a
number.
F
That
would
be
bad
for
open
source
people,
so
that
didn't
seem
to
make
first.
I
didn't
seem
to
make
sense.
So
if
we
pics
wit-
and
we
make
everybody
switch
from
oval,
that
seems
weird
right,
then
we
could
come
up
with
a
mapping
scheme.
Is
that
what
we
really
want
to
do?
I,
don't
know
and
then
don't
define
it
all
seems
like
kind
of
not
really
doing
anything.
It
seems
like
maybe
supporting
both
seems
like
the
way
to
go
and
I.
F
B
A
So
so
I
mean
I
get,
I
tend
to
support
for
is
the
right
answer
so
a
bit
of
a
pulling
that
thread
a
little
bit.
If
you
guys
remember
what
we
did
with
the
enum
draft,
which
is
to
say
yes,
it's
really
hard
to
have
enumerated
references
but
as
it
turns
out,
if
we're
going
to
create
the
I
enter
registry
and
create
an
XML
format.
A
That's
probably
useful
across
the
ITF
for
folks
that
are
on
an
XML
representation,
and
maybe
others
will
even
use
the
I
at
a
registry
as
well,
so
talking
kind
of
with
sockem
and
I'm
looking
at
how
to
adam
that
the
get
theirs.
Is
there
because
benefits
of
the
working
group
to
take
the
this
kind
of
thinking
to
implement
option
for
for
software
type
and
to
create
a
very,
very
short
draft
in
the
light
it
kind
of
in
the
same
vein
as
the
Edam
draft
for
this
as
well,
and
this
would
be
useful
to
sac.
E
E
E
A
G
E
E
A
I
mean
I.
Think
four
is
the
answer,
so
Adam
and
I
will
work
to
get
a
draft.
A
skeleton
draft
that
will
reference
will
create
a
separate
extension
for
I/o
def
software
type.
Also,
you
have
a
different
name
space
and
in
addition,
we
will
bring
the
list.
The
conversation
about
you
know,
reuse,
the
eye
on
a
reg,
traded,
crayton,
uin
register.
Okay,.
H
1001
question
regarding
number
four
I:
guess
the
current
mechanics
like
enim
or
I
will
excite
both
of
them
can
be
used
as
well.
What
we
have
to
have
when
you
drop
I
use
it
or
any.
You
are
going
talk
about
it
at
least,
but
why
we
have
and
add
any
reason
to
create
a
new
draft
on
that
and
because
what
extensibility
we
are
using
iron
on
table
both
of
the
inner
and
also
either
they're,
both
of
them
are
using
that
I
am
table
for
the
extension,
and
this
is
a
chance
for
us
to
the
extensions.
H
A
The
way
I
would
answer
that
is
that
I
guess
I
think
it
goes
back
to
the
conversation
of
do
we
need
a
new
I
enter,
cable
or
not
because
right
now
in
IDF,
SEI
and
Edom,
each
one
of
the
different
classes
that
are
defined
the
class
of
themselves
aren't
the
problem,
it's
what
I
in
a
registry
they're
bound
to.
So
if
it
turns
out
that
we
can
reuse
one
of
the
ini
registries
that
gab
who'd
actually
make
sense
to
reference.
One
of
those
are
the
ones
I
think.
A
E
H
A
Is
it
expert
review
for
SEL?
Don't
turn
a
little
over
one
in
a
month
where
I
guess
is
it?
Yes,
okay,
I
think
we
should
take
a
look
at
the
options
and
why
don't
we
kind
of
stereo
stare
at
it
again
and
you
can
make
sure
that
that's
part
of
the
conversation,
so
that
will
be
the
purpose
of
paper
going
in
the
transit
so.
G
C
Image
package
so
looks
like
we're
going
with
option
for
and
then
we
need
a
little
bit
of
discussion
or
some.
You
know
if
you
want
to
discuss
privately
and
then
circulate
in
the
mailing
list.
Your
ideas
that
would
be
good,
make
sense.
Ok,.
A
We
have
all
the
xml
isms
of
how
you
represent
those
things,
the
problem
that
what
we
don't
have
is
what
is
the
actual
representation
of
the
difference
of
the
other,
the
different
dns
fields
and
we
kind
of
talked
about
it.
I
think
we
initially
started.
It's
actually
not
listed
here
is
that
just
use
dig
output
as
a
blob
and
kind
of
put
it
in
there.
That
honestly
was
a
good
answer,
and
so
we
need
to
think
about
a
little
bit
more
also
not
in
this
was
sorry.
It
actually
is
option.
A
Two,
it
was
include
comma
separated
values
and
in
Honolulu
we
talked
a
little
bit
more.
Where
Paul
said,
I
have
a
JSON
draft.
Why
don't
we
use
the
JSON
draft,
then
with
them?
There
was
further
discussion
on
the
list
about
hey.
Why
don't
we
just
punt
on
this?
The
same
way,
we
would
have
punted
on
the
last
and
say
it's
additional
data,
it's
someone
else's
problem
and
then
there's
the
possibility
that
no
one
has
taken
up
work
on
is
someone
could
actually
XML
eyes.
A
The
JSON
draft
were
kind
of
come
up
with
a
representation
for
all
the
different
dns
types,
so
either
way,
I
think
we
need
to
decide
I
think
two
things
we
need
to
decide
whether
we
still
want
to
do
this
or
we're
going
to
get
a
pun
on
this
outright.
Or
can
we
want
to
adopt
one
of
these
I
guess
that
punch
on
on
it
is
honestly
option
three.
Do
we
want
to
implement
one
one,
two
or
four?
Where
does
anyone
else
have
anything
to
add
to
the
discussion
on
the
mailing
list,
the
feedback
to
date?
A
A
D
D
A
F
Strong
feeling
so
Shawn
Turner
no
strong
feelings
here.
The
only
thing
about
referring
to
the
other
draft
is
trying
to
figure
out
what
the
status
is.
So
is
it
anyway.
It's.
C
A
D
We're
standards
track
and
that's
experimental,
that's
exactly
that's
exactly
right,
yeah,
so,
okay
and
then
the
second
thing
is.
Does
anybody
actually
think
that
number
for
one
defining
related?
Does
anybody
not
think
that
creating
the
XML
for
DNS
is
not
the
correct
way?
We
just
don't
want
to
do
the
work
I
sense
that
it
is
a
little
bit
of
that
I
mean
if
there's
a
lot
of
head
nodding.
I
just
is
there
anybody
who
thinks
that's
not
the
case.
B
Kathleen
Moriarty
I'm
an
agreement
and
I've,
been
you
know
inserts
where
you
know
they
show
me
what
they're
doing
I
used
to
do
this
stuff.
I,
don't
anymore
and
DNS
is
huge
for
them
right.
They
rely
on
lookups
and
sharing
pics.
You
know
data
that
you
can't
find
anymore,
because
the
who
is
information
is
gone
and
dns
lookups
are
gone,
but
they
still
need
to
show
the
history
of
attack
profile.
B
A
A
Yeah,
so
this
is
another
one,
that's
in
the
tracker
and
the
origin
of
this
is
cross,
walking,
I
think
actually,
in
this
case
it
was
standard
on
the
incident
reporting.
One
of
the
things
that
one
of
the
things
that
that's
cut
we
wanted
to
capture
is
what
is
the
cause
of
the
incident
and
so
I
think
the
question
of
put
on
the
table
is
50.
70
bits
doesn't
do
it
sei?
Does
it
through
I
owed
f
dash
SEI?
Can
the
weakness
class
if
the
need
is
specifying
the
cause
of
an
incident?
A
Is
that
weakness
class
from
the
SEI
drafts
efficient?
Does
anyone
want
to
see
something
different
and
so
again
the
weakness
class
I
mean
talk,
is
going
to
correct
me
here.
I
mean
that
again
is
a
pointer
would
be
a
pointer
to
an
external
registry.
That
would
be
a
dictionary
of
kind
of
weaknesses.
I
think
other
options
would
include
trying
to
define
our
own
dictionary.
C
H
H
A
So
that's
that's
an
option.
Why
don't
we
put
it
on
the
list
and
see
whether
there's
any
kind
of
feelings
one
way
our
kind
of
the
other
but
I?
What
I
hear
is
no
excitement.
You
define
your
own
dictionary,
which
I
think
is
a
very
good
idea.
It's
a
question
of.
What's
the
right
way
to
point2
points
to
someone
else's
dictionary.
A
A
That's
that's
one
kind
of
path,
the
other
way
to
say
it
is
not
references
at
all,
and
someone
just
drops
the
the
sei
reference
through
additional
data
and
then
I
think
the
third
option
is
to
potentially
drop
the
you
know
something
through
the
e
nom
draft
as
a
way
I
mean
I,
think
part
of
it
comes
it
comes
down
to
if
we
acknowledge
its.
That
talking
about
weaknesses
is
the
thing
that's
of
concern.
A
Do
we
want
to
just
say
yes,
SE
I
can
handle
it
if
you
want
it
pulled
in
or
to
be,
one
is
explicitly
with
if
you
70
this
reference.
We
know
that
this
is
important.
Go
to
this
place.
To
read
about
I
mean
it's
a
little
bit
of
a
kind
of
a
design
approach
about
how
we
fold.
In
honestly,
the
all
the
great
thinking
that
the
sei
ask
that
was
missed
in
the
draft.
H
Christian
I
think
you
have
a
lot
of
insight,
but,
on
the
other
hand,
other
end
of
the
discussion
that
draft
and
I
only
speak
trust
would
be
ready,
a
large
document.
So
that's
not
so
easy
to
read.
It
is
possible
to
split
some
content
so
that
guidance
raft
we
could
cater
to
that
would
be
able
to
write
some
content
of
this
I
guess.
H
A
Okay,
so
I
just
wanted
to
point
out
something
didn't
make
this
Lodge,
and
this
is.
This
is
my
fault.
I
got
in
various
feedback
from
folks
that
have
looked
at
the
looked
at
the
text
and
they
gave
different
feedback.
I
put
it
on
the
mailing
list
and
so
this
morning,
so
I
can
make
it
to
the
slide.
So
I
just
wanted
to
kind
of
point
it
out,
but
you
can
read
the
details
on
the
mailing
list.
First,
one
of
its
a
feedback
was,
I
have
to
share
tens
or
hundreds
of
thousands
of
a
particular
indicator.
A
Think
big
long
text,
file
of
IP
addresses
I'm.
Not
all
that
excited
the
feedback
was
you
know
they
weren't
all
that
excited
to
wrap
each
individual
IP
address
with
all
the
XML,
and
they
said:
wouldn't
it
be
really
great
if
we
had
one
big
tag
that
I
could
drop?
My
big
long
list
of
IP
address
in
IP
addresses
in,
and
so
the
thing
I
was
sharing.
A
Just
was
just
honestly
a
lot
lot
more
kind
of
simple
and
so
I
think
what
I
was
saying,
something
on
the
order
of
bulk
observables,
so
bulk
observables
going
to
say:
what's
what?
What
is
there
one
per
row
of
on
the
list
and
we
would
support
get
some
subset
of
the
observables
we
currently
have
was
one
bit
of
feedback.
The
other
bit
of
feedback
was
the
counter
right
now
only
counts
particular
rates
actual
measured
rates.
A
It
would
be
really
nice
to
also
convey
things
like
peak
rates
or
average
rates
and
actually
might
be
kind
of
others
that
can
of
worms.
So
that
was
one
bit
of
feedback,
and
then
there
is
this
notion
of
right
now
we
can
describe
the
observed
protocol,
but
the
observed
protocol
number
like
the
tcp
port,
may
not
actually
be
associated
with,
what's
actually
using
that
port.
So
if
Iran
HTTP
on
you
know,
830
71
I
might
there's
a
way
to
say
I
ran
a
371
tcp,
but
there's
no
way
to
say
that
that
was
HTTP.
A
C
C
We
can
talk
offline
about
you
know,
maybe
we'll
pick
a
date
in
early
April
to
start
the
process
and
do
you
have
any
changes
outstanding,
I'm
and
turn
to
remember.
Do
you
have
an
unpublished
version
of
the
draft
that
you
would
like
to
I?
Do.
C
Okay
yeah
earlier
about.
G
G
G
Okay,
this
is
a
red
wines
that
now
the
one
three
four
five
weeks
down
the
roster
etfs
and
hours
so
now,
I
rabies,
anomalous,
dot
p.m.
is
in
today's
topics
and
then
our
80s
and
that
are
updated
status.
So
next
I'll
freeze,
okay,
this
rested
on
our
update,
we're
doing
an
hour
three
masses,
so
I'll
degree
with
an
open
source
of
module
between
PI
sins
and
I.
Did
the
Parsis
and
I
detective
documents
and
the
developer,
but
the
design
of
the
rabies
normal
shape
and
is
designed
for
word
as
simple
as
possible.
G
So
na
sono
are
three
I
know.
Maybe
I
know
this
M
is
misspelled.
Pi
b
ib
is
a
generator
when
a
Python
code
is
an
and
it
can
be
also
generated.
In
such
modules.
Formality
of
x,
SD
button
are
generated,
module
tend
to
be
inherited,
now,
complexity
of
excess
see
so
little
bit
the
complex
and
a
little
bit.
They
are
easy
to
use,
so
they
oppose
a
create
a
scratch
and
during
a
person
edge,
it's
an
idea
and
I
XML
covers
so
an
I
describe
that
I
dysfunction
and
in
section
7.2,
so
next
I'll
place.
G
It
is
also
a
famous
module
who
are
taking
an
IO
day
when
I
xml
file
and
I
I
would
appear
missing,
is
also
spa.
Jewelry
to
empower
and
the
developer
is
no
se
young
from
Ray
Isaac,
baby
and
personalize
it
and
I
with
the
document
as
before.
So
now,
I
wouldn't
rape
and
it
also
pop
icon's
employed
in
preferences
and
I
described,
see
section
7.3,
ok!
Next,
please.
G
So
this
is
today's
again
the
key
topics
and
update
or
implementations,
or
example,
so
on
and
six
SDK
I
explained
any
Ross
IIT
as
an
equal
role,
and
that
this
was
an
hour
other
implementations
and,
according
to
venice
art,
postcards
at
develop
now
and
six
sdk
today
and
a
popular
tickets
open
source.
So
we
are
not
change
the
portion
from
another
implementation
to
open
source
implementations
and,
of
course,
on.
We
also
envision
the
opportunities
that
is
enough.
Community
support
software,
for
example
in
vwz.
G
At
this
moment,
when
our
maybe
another
section
with
draft
it
was
rough
getting
a
degree.
The
plan
to
support
currently
is
a
support.
These
tools
on
are
repeating
on
our
equine,
so
Isaiah
a
crime
reporting
tool
name
is
an
e
crisp.
Maybe
he's
an
available
as
a
anomaly
study
to
wanna
use,
an
idea
on
maybe
Annie
may
be
due
to
nature
way.
P
GG.
This
is
our
precinct,
so
they
are
certain,
are
reporting
combating
I
ODF
second
Thank
You,
Now,
Jessie,
marathi
and
I,
introduce
a
saint
Otis
me
to
Anna.
G
Dak
me
cigarette
ash
navigate.
Thank
you
very
much
and
maybe
I
know
it.
I
know.
Ariana
Guetta
informations
from
an
IP
GG
and,
of
course
we
will
share
this
kind
of
information
to
another
steak
with
such
as
the
panels
is
an
odd
one
draft.
This
section
is
also
known
and
necessary,
wanna
and
also
an
array.
Isaac
is
an
hour.
Research
and
education
network
and
Isaac
means
that
maybe
an
hour
yo,
showing
I
know
she
sent
our
conceptions
and
they
also
supported
on
our.
We
know,
I
odf
tools.
G
This
is
also
another
werster
on
our
research
after
the
community
software.
So
in
such
case
of
a
community
service
software,
maybe
we
I
need
help
to
an.
I
gather
information
and
it
is
very
helpful
to
you
home
at
Marion
Greece.
Thank
you
very
much.
It's
just
one
or
my
today,
topics
oh
yeah.
This
is
a
summer
easily
and
what
I
did
again
on
the
base
of
these
and
other
varieties
and
updating
I'd
1990
months
and
I
envisioned
ability
signal,
equities,
not.
F
Hi
Shawn
Turner
great.
This
is
awesome.
I
love
having
this
Kosta,
as
people
can
know
where
to
go
and
go
get
stuff.
The
only
the
only
thing
I
would
caution
you
about
is
fine,
never
close
the
document
waiting
for
everyone
to
give
you
input
at
some
point.
You
have
to
say
about
12
of
these
or
six,
let's
move
on
and
publisher.
We
have,
they
went
out
again
into
shock
for
me.
D
E
I
I
All
right,
thank
you
guys
so
here
today
to
talk
about
the
Rollie
draft
resource,
oriented
light
weight
indicator
exchange.
I
have
approximately
10
slides
and
approximately
10
minutes,
so
we'll
go
through
pretty
quickly
on.
I
think
probably
the
best
approach
is
to
kind
of
run
through
the
content.
It's
simply
a
quick
overview
and
introduction
for
members
of
the
team
is
the
group
who
perhaps
have
not
looked
at
the
draft.
It's
been
out
there
for
a
while
and
really
this
is
just
kind
of
to
to
bring
it
to
the
fore
so
next
slide.
Please.
I
Okay,
well,
yeah
yeah,
you
guys
can
can
click
forward
we're
going
to
talk
about
what
is
the
rolly
draft
and
at
a
very
high
level
what
motivated
it.
So.
The
idea
here
is
that
a
while
back
I
had
the
opportunity
to
work
on
a
POC
implementation,
we're
essentially
setting
up
a
proof-of-concept
consortium
to
exchange
information
using
I/o
death
and
rid
the
learnings
that
came
out
of
that
experience,
kind
of
lead
to
the
rolly
draft.
I
I
Little
bit
delay
on
the
slides.
That's
why
it
was
your
pause
here.
Ok,
so
the
high-level
goals,
high
level
goals
of
the
draft
were
to
make
it
easier
to
do
simple,
sharing
the
notion
that
anyone
with
a
feed
reader
can
participate.
Anyone
with
an
HTTP
client
can
publish.
The
idea
was
that
it
would
reduce
the
need
for
operational
coordination
between
the
parties
that
are
doing.
The
sharing
on
the
notion
also
was
to
leverage
existing
identity
management
investments.
I
So,
obviously,
a
lot
of
investment
is
gone
in
over
the
last
number
of
years
and
building
out
identity
management,
infrastructure,
everything
from
sam'l
20
off
to
and
everything
in
between
I
think
we
have
something
of
a
disconnect
in
that
the
authentication
and
authorization
of
existing
message
based
interactions
has
the
notion
of
identity
of
the
parties
rather
than
identity
of
the
individuals
that
are
representing
those
parties.
I
think
I
think
that's
something
that
perhaps
is
a
gap
that
we
could
close.
I
Another
idea
here
is
that
we
can
avoid
a
heavier
requirements
for
distributed
policy
enforcement.
The
notion
that,
once
a
message
is
exchanged
that
we're
relying
on
distributed
policy
enforcement,
I've
imagined
an
iodophor
rid
message
that
has
been
a
sent
in
response
to
a
query.
Enforcement
mechanisms
have
to
occur
and
will
occur
at
the
destination.
I
The
approach
enrollee
was
to
emphasize
enforcement
that
the
source,
essentially
resulting
in
an
elusive
coupling
between
the
parties,
also
a
lack
of
a
requirements
avoid
a
requirement
for
a
lot
of
state
management
on
the
side
of
the
provider,
improving
the
scalability
of
the
provider.
Really
nothing,
that's
Noom
here.
I
This
is
really
a
an
attempt
to
adopt
the
approach
taken
by
essentially
the
rest
of
the
web,
which
is
that
you
want
to
be
as
stateless
as
possible
I
in
your
interactions
and
again
we're
talking
about
transport
related
state,
maintaining
session
state
information
at
the
transport
layer
for
interactions
between
the
peers.
We
want
to
minimize
that
overhead
state
management
next
slide.
Please.
I
Okay,
so
I
probably
spoken
ahead
of
my
slides-
I
do
that
a
lot.
That's
okay
saves
us
time
on
the
slides,
basically
on
when
I
did
this
in
the
POC
implementation
that
I
had
the
chance
to
work
on.
I
realized
that
there
was
a
non-privileged
trivial
investment
needed
to
participate,
regardless
of
the
specific
role
that
the
party
was
going
to
be
fulfilling
if
you're
playing
the
role
of
purely
a
consumer
and
not
a
publisher,
you
needed
to
build
much
of
the
same
infrastructure
that
a
publisher
would
build
using
an
approach,
as
described.
I
The
goal
was
that
for
many
use,
cases
for
many
participant
roles
being
able
to
do
an
identity-based
authorization
and
participating
via
a
restful
feed
would
be
sufficient
and
appropriate
for
those
use
cases
it
doesn't
exclude
other
uses,
it's
more
supplementing
and
enabling
participation
for
those
that
don't
have
all
of
the
infrastructure
necessary
for
the
distributed
state
management.
Next
slide.
Please.
I
Okay,
so
some
use
case
examples
that
God
just
go
through.
This
is
real
quick.
This
is
kind
of
the
the
nuts
and
bolts
try
to
ground
some
of
what
I've
said
in
realistic,
tangible
use
cases.
Imagine
a
case
where
there's
a
red
query:
the
the
burden
to
actually
do
the
compute
task.
In
really
responding
to
the
query
falls
on
the
provider.
I
It
falls
on
the
server
who's
serving
that
response,
whereas
what
I
think
we
see
in
other
examples
of
a
big
data
data
crunching
problem
is
that
we
put
the
burden
of
consuming
the
feed
on
the
client.
So
it
kind
of
reverses
things
in
a
sense
that,
if
I
want
a
specific,
let's
say
complicated,
query
could
be
any
number
of
elements
in
the
predicate
that
the
task
of
actually
sorting
through
that
could
fall
to
the
client
rather
than
to
the
server.
I
It's
simply
another
option
to
have
in
the
case
of
a
red
report
on
the
use
case
that
we
stumbled
into
when
we
were
doing
the
POC
work
was
that
doing
the
distributed
transactional
integrity
made
things
a
little
bit
challenging
in
terms
of
maintaining
State
on
the
server
with
a
more
restful
style.
The
server
typically
does
not
maintain
application
state
and,
as
a
result,
did
improve
scalability
next
slide.
Please.
I
Yeah
and
in
many
cases
here
by
the
way
that
we
talked
about
in
the
rolly
draft,
that
the
payload
can
be
either
rid
containing
I,
o
def
or
I,
o
def
alone
either
one
of
those
would
be
supportable
on
some
business
use
cases.
The
idea
here
is
to
support
broad
sharing.
So
imagine
a
government
agency
sharing
indicator
repository
broadly
with
citizens
in
the
private
sector.
I
The
notion
of
a
internet
accessible
repository
that
followed
something
like
the
Rollie
draft
would
enable
people
to
to
explore
and
discover
in
that
repository
and
effectively
obtain
what
was
needed
with
less
investment
on
the
client
side.
A
second
use
case,
the
private
sector
organization,
publishing
intelligence,
feed
to
a
subscribing
I-
think
that's
a
use
case-
that's
well
handled
today,
but
would
not
be
excluded
by
Rowley.
It
would
simply
be
also
supported
on
private
sector
organization,
accepting
incident
reports
from
partners
and
customers
again
I
like
this
one,
because
it
enables
broad
participation.
I
I
So
a
little
bit
on
the
relationship
to
existing
RFC's,
as
I
said,
this
is
complementary
to
the
existing
RFC's.
The
idea
is
to
leverage
immediate,
which
is
commonly
done
in
restful
implementations.
We
make
use
of
that
HTTP
media
type
header
on
any
other
representations
besides
Adam
and
XML
are
possible,
but
that's
what
I
chose
to
do
in
that?
First:
double
zero
draft.
The
use
of
existing
HTTP
return
codes
would
I
think
be
sufficient
to
enable
clients
to
interoperate
between
the
existing
endpoint
and
any
new
endpoints
that
were
introduced.
I
So
a
summary
wrapping
up.
Basically,
the
notion
is
that
I
personally
kind
of
view,
the
cyber
security
challenge
as
an
asymmetric
conflict
attributes
that
I
attribute
to
a
an
attacker
generally
loosely
coupled
collaboration
patterns
with
a
high
degree
of
technical
agility,
really
looking
at
an
environment
with
continuous
evolution
and
adaptability
of
the
tactics
and
methods.
I
My
approach
to
this
I
concluded
that
the
message
based
architectures
function
optimally
when
deployed
and
operated
in
a
symmetric
fashion,
and
I
was
looking
to
complement
that
with
an
asymmetric
approach
that
would
hopefully
enable
the
economics
and
the
scalability
that
are
needed
in
order
to
enable
sharing
between
people
who
couldn't
participate
today.
I
D
My
school's
got
this
guy
know
the
name
of
mal
and
he'd,
be
sitting
out
there
and
he'd
be
interested
in
seeing
how
many
things
he
can
host
you
to
fill
up
your
database,
or
maybe
he
would
say
well,
can
I.
Do
this
query
to
Tommy's.
G
D
For
server
for
generating
the
response
to
me
so
that
nobody
else
can
find
out
what's
happening
on
the
asymmetric,
as
you
say,
thats
attack
vector
can
be
using
attacked
me
against
what
you
propose
here.
How
would
you
address
that
and
mitigate
those
operations.
I
Okay,
a
good
question.
I
assume
I
don't
have
to
repeat
the
question.
I
think
the
the
short
answers.
One
thing,
I
kind
of
skipped
over
in
the
in
the
presentation
was
the
assumption
that
we
would
leverage
existing
identity
management
infrastructures
existing
situations
today,
as
I
said
using
things
like
a
sam'l
assertion
to
authenticate
yourself
or
in
the
case
of
an
interactive
end
user,
something
like
OS
to
authentication
token.
The
idea
is
that
the
endpoint
is
still
protected
right
unless
you
can
have
multiple
levels
of
access
and,
of
course,
some
information
might
be
completely
public.
I
I
B
Kathleen
Moriarty,
so
this
is
I
guess
with
no
hat
on
for
this.
Just
an
observation
when
I
walked
around
a
floor
last
year
with
products,
rest
was
the
most
commonly
used
interface.
People
weren't
using
rowley
may
not
be
aware
of
it,
but
this
interface
is
used
very
commonly
on
internal
networks.
To
do.
I
So
Thank
You
Kathleen
that
that's
good
to
know.
I
enjoy
the
the
data
point
from
the
real
world.
I
think
the
issue
is
that
this
is
a
real
opportunity
that
basically
people
are
generally
using
lightweight
HTTP,
restful
approach
and,
of
course,
I
think
that
immediately
implies.
They
need
to
standardize
it
in
order
to
achieve
interoperability
and.
B
F
How
does
Shawn
Turner
it's
just
kind
of
a
general
comment?
I
went
to
nanog
in
February
and,
like
six
of
the
24
presentations
were
about
d
das
and
some
of
the
complaints
where
the
stuff
is
too
hard
to
use
the
existing
things
are
really
too
hard
to
use,
so
anything
that
makes
it
easier
for
the
operators
to
actually
be
able
to
report.
This
thing
up
is
really
good
and
I
think
that
they
kind
of
get
how
to
do
restful
things
and
people
kind
of
understand
how
to
do
that.
I
Thank
You
Sean
yeah
I
mean
to
add
to
that
comment.
The
idea
that
the
the
restful
approach
can
get
you
started,
perhaps
think
of
it.
Like
the
you
know,
the
the
big
toe
in
the
water
or
you
know,
whatever
analogy
you
want
to
use
whatever
metaphor,
it
enables
you
to
begin
participating
in
the
sharing
and
build
up
over
time
on
it's
very
likely.
I
At
least
I
thought
you
know
in
my
experience
in
the
PSC,
it
was
very
likely
that
some
people,
some
organizations
participating
in
a
sharing
network
in
a
consortium
start
out
by
being
read
only
and
then
eventually
kind
of
move
up
the
food
chain
and
become
full-fledged
members
on
so
again.
Another
opportunity
to
leverage
the
investment
we've
already
got
in
the
existing
representation
formats
and
be
able
to
use
those
in
a
wide
variety
of
use,
cases
that
we
perhaps
wouldn't
address
otherwise.
I
C
Thank
you
for
your
presentation
will
try
to
push
on
your
dog.
You
know
to
progress
your
document
after
we've
done
the
50
70
base,
but
in
the
meantime,
if
you
have
any
updates,
make
them
and
also
try
to
get
application
area
review
of
you
know
the
way
you
use
rest.
Okay,
thank
you
very
much.
I'm
until
I
can
find
people
but
I'll
try.
C
I
One
last
comment
is
that
this
is
obviously
a
ten-minute
segment,
so
it's
hard
to
cover
all
of
these
cases.
I'd
encourage
people
to
take
a
look
at
the
first
couple
of
sections
of
the
draft
I
do
in
the
draft.
Try
to
lay
out
some
of
the
rationale.
I
tend
to
do
that.
You
know
many
years
doing.
Architecture,
work,
I,
I
feel
compelled
to
lay
out
the
rationale
as
to
how
we
got
to
this
point.
So
I'd
appreciate
feedback
on
on
those
sections.
I
C
Yeah,
okay!
Well,
thank
you
for
coming
and
you
have
present
I'm,
not
sure
how
much
time.