[ietf-enroll] Proposed use cases

[Paul Hoffman / VPNC]

Greetings again. At the BOF, there was a request to include proposed 
use cases in the charter. This part of the BOF discussion got a bit 
unclear, but it is important to remember that we are talking about 
using or generating three things:

     1. An identifier, within a namespace controlled by the service
        provider, for the service consumer.
     2. Keying information to be used for identity confirmation.
     3. A set of service consumer permissions. These permissions
        describe to the provider the services that the consumer
        wants to access, and they describe to the consumer what
        services offered by the provider will be accessible.

We started talking about "person to person", "person to machine", and 
"machine to machine", but I think these distinctions break down 
because it isn't clear when the person or machine is simply relaying 
established information or is creating it themselves.

A different way to look at the typical use cases is:

- Bringing a new device into a network. Examples are enrolling a 
newly-purchased cell phone and buying temporary access to wireless 
Internet connection.

- Getting a certificate from a certificate authority based on a 
pre-established shared secret. For example, a VPN administrator might 
have told a corporate CA that anyone who uses a specific nonce should 
be given a certificate for any identity within a certain range, or a 
mail administrator has told a CA that anyone who is reachable on a 
particular mail server can get a certificate for mail usage.

Do these usages make sense? Are there other significant ones that we 
want to include in the charter?

--Paul Hoffman, Director
--VPN Consortium