[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
RE: [higgins-dev] entities, and digital identities
|
Paul
You make a statement that DIs "will
have claims as well as attributes". Given I don't know what the semantic
differences that you are making between claims and attributes, I am not
at a point to provide a feedback. One thing I do want to say is that..
we need to make sure we agree on those terms and what they mean. In
the note I sent last night in response to Dale, I was trying to differentiate
claims and attributes... simply said.. wrt runtime vs persistance. here
is more on that:
Attributes: An identity has a set
of attributes that defines the characteristics of that entity. Some of
those attributes are relevant to that identity in a given context (e.g.,
name, account number, etc) and some that are specific to particular roles
that they may take on in that given context. Some of these attributes may
also be shared across different contexts. For example, Bob Smith
has email-address, phone number, passport information, finger print data,
etc about him which may be shared across with his employer, port control
authority, etc. Bob Smith has an attribute of platinumCustomer, and preferredColor
in the context of “customer” to Clothes-R-Us.
Digital Claim - An assertion made by
a claimant of the value or values of one or more attributes of
a digital subject, typically an assertion which is disputed or in
doubt. In this context of discussion, assertions are about the attributes
of an identity.
Examples:
A claim could just convey an identifier—for
example, that the subject's student number is 490-525, or that the subject's
Windows name is FRED. This is the way many existing identity systems work.
Another claim might assert that a subject
knows a given key—and should be able to demonstrate this fact.
A set of claims might convey personally identifying
information—name, address, date of birth and citizenship, for example.
A claim might simply propose that a subject
is part of a certain group—for example, that she has an age less than
16.
And a claim might state that a subject has
a certain capability—for example, to place orders up to a certain limit,
or modify a given file.
-Raj
"Paul Trevithick"
<paul@xxxxxxxxxxxxxxxxx>
Sent by: higgins-dev-bounces@xxxxxxxxxxx
03/10/2006 02:44 PM
Please respond to
"Higgins (The Trust Framework) Project developer discussions"
<higgins-dev@xxxxxxxxxxx> |
|
To
| "'Higgins (The Trust Framework)
Project developer discussions'" <higgins-dev@xxxxxxxxxxx>
|
cc
|
|
Subject
| RE: [higgins-dev] entities, and digital
identities |
|
Inline
-----Original Message-----
From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx]
On Behalf Of Dale Olds
Sent: Thursday, March 09, 2006 4:38 PM
To: higgins-dev
Subject: [higgins-dev] entities, and digital identities
I would like to discuss some terms
in the context of Higgins interfaces and classes. At this point I would
rather not revisit any of these terms in the sense of the identitygang
lexicon, but see if we can reach a common understanding in a more narrow
scope of Higgins interfaces and code.
Entity
====
I know that "entity" is not in the interfaces or classes and
is not modeled directly, but I find it useful (and even necessary) to describe
things in the real world and we should be clear about what we consider
to be "real" and "things". I think "entity"
is the most likely term. Claims, attributes, digital identities, digital
subject, and principals all purport to be data about something -- some
entity. I think of an "entity" as anything that can be identified
in human conversation. This is very close to the identity gang lexicon,
except that it would include "concept" in the list with person,
physical object, animal, and juridical entity. In fact, I think of a juridical
entity as a conceptual entity that incurs legal policy. Also, note that
a false assertion is still a concept -- we can identify it and talk about
it.
So it is useful to think of an entity as anything that can be identified
in human conversation.
Yes. Humans and the
topics of their conversations live in the “real” world--the world of
entities. In a digital system the entities (which could include
concepts (I justed added concept to the Higgins wiki’s definition
of Entity)) are called digital subjects, or just subjects
for short. The reason for the distinction is that subjects can either (a)
exist only in the digital world (and have no “real” world equivalent)
or (b) be digital representations of real world entities.
BTW, sorry to add
complexity, but the distinction between subject and digital identity
is also worth making here. As Nataraj Nagaratnam (aka Raj) has tried to
explain to me, a subject could be represented by a collection of more than
one digital identities, not just one digital identity.
There is much discussion on the
identitygang list that two identities can be identical -- but I think that's
because the discussion strays between entities (anything that can be identified)
(subjects) and
digital identities (a chunk of data). Of course a particular chunk of data
(e.g. a set of attributes) can be insufficient to distinguish between two
entities, but humans CAN distinguish between the entities or we could not
talk about them. The distinction between entities may be as simple as sequence
or physical position, be we can identify them or we could not discuss them.
Agreed.
Digital Identity
===========
In networked systems we commonly store data about an entity. I think this
corresponds most closely with Digital Identity. It consists of a chunk
of structured data.
Yes. Let me have a
try. A digital identity is represented as a chuck of structured
data that is “about” some subject within a given context. There may well
be other digital identities in other contexts that are also about that
same subject. There could even be N>1 digital identities that are about
the same subject.
At this point I see no difference
between the terms attributes, attribute value assertions, and claims when
applied to that structured data. Sometimes sets of attributes are stored
as an entity within a larger entity (e.g a user account within a directory
service).
As I try to follow
you, I’d say that a “user account” is a digital identity. A digital
identity that is a about a subject that stands for a real world
entity called a user. A directory service is (I think) modeled as
a hierarchical set of contexts.
Sometimes a set of attributes are
presented as part of some interaction with another entity (e.g. name.password
authentication, update address book, present credit card info, etc.).
Yes. A digital identity
containing the appropriate set of claims (a special kind of attribute where
the “claimant” of the value of the attribute is known) is presented as
part of some interaction…
Is this the difference between
"digital subject", "digital identity", and "claims"
-- merely notions of persistence and larger or smaller subset of attributes?
If so, it seems like the
higgins interface can have class definitions for digital identity, and
attribute, and not (yet) need classes for digital subject, claims, persona,
party, etc.
Digital subjects are
not modeled in Higgins. Only digital identities. In the current version
DIs have attributes, but very soon (v0.3) they will have claims
as well as attributes.
A persona is just
a synonym for DI. A party won’t be modeled either because a party is a
real person. Digital subjects won’t be modeled explicitly either.
>From what I have seen of the
demo code, it seems like a Facet corresponds to a digital identity. Is
this where you see it going?
Yes. I apologize.
One of the last steps in the milestone 0.3 plan is to refactor the code
to be consistent with the Higgins/idgang definitions. You are correct.
Every occurrence of Facet will be replaced with DigitalIdentity (among
other changes).
--Dale
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev