-----Original Message-----
From:
higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Dale Olds
Sent: Thursday, March
09, 2006 4:38 PM
To: higgins-dev
Subject: [higgins-dev] entities,
and digital identities
I would like to discuss
some terms in the context of Higgins interfaces and classes. At this point I
would rather not revisit any of these terms in the sense of the identitygang
lexicon, but see if we can reach a common understanding in a more narrow scope
of Higgins interfaces and code.
Entity
====
I know that "entity" is not in the interfaces or classes and is not
modeled directly, but I find it useful (and even necessary) to describe things
in the real world and we should be clear about what we consider to be
"real" and "things". I think "entity" is the most
likely term. Claims, attributes, digital identities, digital subject, and
principals all purport to be data about something -- some entity. I think of an
"entity" as anything that can be identified in human conversation.
This is very close to the identity gang lexicon, except that it would include
"concept" in the list with person, physical object, animal, and
juridical entity. In fact, I think of a juridical entity as a conceptual entity
that incurs legal policy. Also, note that a false assertion is still a concept
-- we can identify it and talk about it.
So it is useful to think of an entity as anything that can be identified in
human conversation.
Yes. Humans and the topics of their conversations live in the “real”
world--the world of entities. In
a digital system the entities (which could include concepts (I justed added concept to the Higgins wiki’s
definition of Entity)) are called digital
subjects, or just subjects
for short. The reason for the distinction is that subjects can either (a) exist
only in the digital world (and have no “real” world equivalent) or (b)
be digital representations of real world entities.
BTW, sorry to add
complexity, but the distinction between subject
and digital identity is also
worth making here. As Nataraj Nagaratnam (aka Raj) has tried to explain to me, a
subject could be represented by a collection of more than one digital identities, not just one digital identity.
There is much discussion
on the identitygang list that two identities can be identical -- but I think
that's because the discussion strays between entities (anything that can be
identified) (subjects) and
digital identities (a chunk of data). Of course a particular chunk of data
(e.g. a set of attributes) can be insufficient to distinguish between two
entities, but humans CAN distinguish between the entities or we could not talk
about them. The distinction between entities may be as simple as sequence or
physical position, be we can identify them or we could not discuss them.
Agreed.
Digital Identity
===========
In networked systems we commonly store data about an entity. I think this
corresponds most closely with Digital Identity. It consists of a chunk of
structured data.
Yes. Let me have a try. A digital
identity is represented as a chuck of structured data that is “about”
some subject within a given context. There may well be other digital identities
in other contexts that are also about that same subject. There could even be
N>1 digital identities that are about the same subject.
At this point I see no
difference between the terms attributes, attribute value assertions, and claims
when applied to that structured data. Sometimes sets of attributes are stored
as an entity within a larger entity (e.g a user account within a directory
service).
As I try to follow you, I’d say that a “user account”
is a digital identity. A digital identity that is a about a subject that stands for a real world entity called a user. A directory service
is (I think) modeled as a hierarchical set of contexts.
Sometimes a set of
attributes are presented as part of some interaction with another entity (e.g.
name.password authentication, update address book, present credit card info,
etc.).
Yes. A digital identity containing the appropriate set of claims (a
special kind of attribute where the “claimant” of the value of the
attribute is known) is presented as part of some interaction…
Is this the difference
between "digital subject", "digital identity", and
"claims" -- merely notions of persistence and larger or smaller
subset of attributes?
If so, it seems
like the higgins interface can have class definitions for digital identity, and
attribute, and not (yet) need classes for digital subject, claims, persona,
party, etc.
Digital subjects are not modeled in Higgins. Only digital
identities. In the current version DIs have attributes, but very soon (v0.3) they
will have claims as well as attributes.
A persona is just a synonym for DI. A party won’t be modeled
either because a party is a real person. Digital subjects won’t be
modeled explicitly either.
>From what I have seen
of the demo code, it seems like a Facet corresponds to a digital identity. Is
this where you see it going?
Yes. I apologize. One of the last steps in the milestone 0.3 plan
is to refactor the code to be consistent with the Higgins/idgang definitions.
You are correct. Every occurrence of Facet will be replaced with DigitalIdentity
(among other changes).
--Dale