RE : RE : data point - anonymous E.164 number usage
- Date: Sat, 28 Feb 2004 10:24:35 +0100
>> As you say, it's proving that this entity has the right to use a given
E.164 number
>> is what matters. Unfortunately that usually means identifying this
entity... :-)
Not sure Jim...
If the allocation of an E.164 number to XYZ is accompanied with a validation
piece (password, certificate, digsig key or whatever it is...) which becomes
invalid as soon as XYZ is not anymore owner of the number and that this
piece is checked every time XYZ want to use her/his number in relation to a
service (not only ENUM but every service which require the use of an E.164
number), then you do not need to identify the person. In that case you have
only to check if the validation piece is valid.
This, of course, needs a review of the E.164 number allocation policy which
is national matter...
In my opinion, we should focus on a generic solution (not only related to
ENUM).
Today, I can use my mobile number to register for a web based SMS service
which offers me to send SMS from the web keeping my mobile number (it works
also with anonymous prepaid!). The registration check is made via SMS (you
get a "validation" password via SMS). The problem is: when I cease the
contract with my mobile operator I can continue to send SMS using my old
mobile number. Of course I can not get any reply to the SMS I have sent
because the number is not allocated anymore (unless the associated ENUM
Domain & NAPTR remain active after the E.164 number has been deactivated...
;o) )
In my opinion, there are two critical things:
1 - the point where an E.164 number is registered for a service (it can be
ENUM, SMS, etc... but also telephony)
2 - the point where an E.164 number is not used anymore by the user and
given back to the "allocator" (at this time, all registrations made with
this number must be cancelled. For this, it is necessary that all service
providers who have a relationship with the number be informed accordingly or
that all those service providers make a periodic check of the validation
piece.
Is it a way to work on ?
-----Message d'origine-----
De : Jim Reid [
]
Envoy� : vendredi, 27. f�vrier 2004 23:43
� : Olivier.Girard@localhost
Cc : ag@localhost jseng@localhost enum-l@localhost
enum-trials@localhost enum-trial@localhost
Objet : Re: RE : data point - anonymous E.164 number usage
>>>>> "Olivier" == Olivier Girard <Olivier.Girard@localhost
>>>>> writes:
Olivier> Dear All, I think we should make a difference here. In my
Olivier> opinion, the interest of validation in ENUM is not to
Olivier> know WHO is owner of an E.164 number or WHO has the right
Olivier> to use an ENUM domain name. The role of ENUM validation
Olivier> is primarily the ensure that only the one who has the
Olivier> right to use an E.164 number can use the associated ENUM
Olivier> domain name. Nothing more.
Absolutely! There is a very subtle but important difference here and you're
right to underline it.
I think we're all guilty of being too loose with our terminology and
confusing identity with authentication and/or validation. The identity of
whatever it is that registers an E.164 number shouldn't matter. As you say,
it's proving that this entity has the right to use a given E.164 number is
what matters. Unfortunately that usually means identifying this entity...
:-)