Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [higgins-dev] entities, and digital identities


Paul

You make a statement that DIs "will have claims as well as attributes". Given I don't know what the semantic differences that you are making between claims and attributes, I am not at a point to provide a feedback. One thing I do want to say is that.. we need to make sure we agree on those terms and what they mean.  In the note I sent last night in response to Dale, I was trying to differentiate claims and attributes... simply said.. wrt runtime vs persistance. here is more on that:

Attributes: An identity has a set of attributes that defines the characteristics of that entity. Some of those attributes are relevant to that identity in a given context (e.g., name, account number, etc) and some that are specific to particular roles that they may take on in that given context. Some of these attributes may also be shared across different contexts.  For example, Bob Smith has email-address, phone number, passport information, finger print data, etc about him which may be shared across with his employer, port control authority, etc. Bob Smith has an attribute of platinumCustomer, and preferredColor in the context of “customer” to Clothes-R-Us.

Digital Claim - An assertion made by a claimant of the value or values of one or more attributes of a digital subject, typically an assertion which is disputed or in doubt. In this context of discussion, assertions are about the attributes of an identity.
Examples:


A claim could just convey an identifier—for example, that the subject's student number is 490-525, or that the subject's Windows name is FRED. This is the way many existing identity systems work.
Another claim might assert that a subject knows a given key—and should be able to demonstrate this fact.
A set of claims might convey personally identifying information—name, address, date of birth and citizenship, for example.
A claim might simply propose that a subject is part of a certain group—for example, that she has an age less than 16.
And a claim might state that a subject has a certain capability—for example, to place orders up to a certain limit, or modify a given file.


-Raj




"Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>
Sent by: higgins-dev-bounces@xxxxxxxxxxx

03/10/2006 02:44 PM

Please respond to
"Higgins (The Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>

To
"'Higgins (The Trust Framework) Project developer discussions'" <higgins-dev@xxxxxxxxxxx>
cc
Subject
RE: [higgins-dev] entities, and digital identities





Inline
 
-----Original Message-----
From:
higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Dale Olds
Sent:
Thursday, March 09, 2006 4:38 PM
To:
higgins-dev
Subject:
[higgins-dev] entities, and digital identities

 
I would like to discuss some terms in the context of Higgins interfaces and classes. At this point I would rather not revisit any of these terms in the sense of the identitygang lexicon, but see if we can reach a common understanding in a more narrow scope of Higgins interfaces and code.

Entity
====

I know that "entity" is not in the interfaces or classes and is not modeled directly, but I find it useful (and even necessary) to describe things in the real world and we should be clear about what we consider to be "real" and "things". I think "entity" is the most likely term. Claims, attributes, digital identities, digital subject, and principals all purport to be data about something -- some entity. I think of an "entity" as anything that can be identified in human conversation. This is very close to the identity gang lexicon, except that it would include "concept" in the list with person, physical object, animal, and juridical entity. In fact, I think of a juridical entity as a conceptual entity that incurs legal policy. Also, note that a false assertion is still a concept -- we can identify it and talk about it.

So it is useful to think of an entity as anything that can be identified in human conversation.

Yes. Humans and the topics of their conversations live in the “real” world--the world of entities. In a digital system the entities (which could include concepts (I justed added concept to the Higgins wiki’s definition of Entity)) are called digital subjects, or just subjects for short. The reason for the distinction is that subjects can either (a) exist only in the digital world (and have no “real” world equivalent) or (b) be digital representations of real world entities.
BTW, sorry to add complexity, but the distinction between subject and digital identity is also worth making here. As Nataraj Nagaratnam (aka Raj) has tried to explain to me, a subject could be represented by a collection of more than one digital identities, not just one digital identity.
There is much discussion on the identitygang list that two identities can be identical -- but I think that's because the discussion strays between entities (anything that can be identified) (subjects) and digital identities (a chunk of data). Of course a particular chunk of data (e.g. a set of attributes) can be insufficient to distinguish between two entities, but humans CAN distinguish between the entities or we could not talk about them. The distinction between entities may be as simple as sequence or physical position, be we can identify them or we could not discuss them.
Agreed.



Digital Identity
===========

In networked systems we commonly store data about an entity. I think this corresponds most closely with Digital Identity. It consists of a chunk of structured data.

Yes. Let me have a try. A digital identity is represented as a chuck of structured data that is “about” some subject within a given context. There may well be other digital identities in other contexts that are also about that same subject. There could even be N>1 digital identities that are about the same subject.
At this point I see no difference between the terms attributes, attribute value assertions, and claims when applied to that structured data. Sometimes sets of attributes are stored as an entity within a larger entity (e.g a user account within a directory service).
As I try to follow you, I’d say that a “user account” is a digital identity. A digital identity that is a about a subject that stands for a real world entity called a user. A directory service is (I think) modeled as a hierarchical set of contexts.
Sometimes a set of attributes are presented as part of some interaction with another entity (e.g. name.password authentication, update address book, present credit card info, etc.).
Yes. A digital identity containing the appropriate set of claims (a special kind of attribute where the “claimant” of the value of the attribute is known) is presented as part of some interaction…
Is this the difference between "digital subject", "digital identity", and "claims" -- merely notions of persistence and larger or smaller subset of attributes?
 If so, it seems like the higgins interface can have class definitions for digital identity, and attribute, and not (yet) need classes for digital subject, claims, persona, party, etc.
Digital subjects are not modeled in Higgins. Only digital identities. In the current version DIs have attributes, but very soon (v0.3) they will have claims as well as attributes.
A persona is just a synonym for DI. A party won’t be modeled either because a party is a real person. Digital subjects won’t be modeled explicitly either.
>From what I have seen of the demo code, it seems like a Facet corresponds to a digital identity. Is this where you see it going?
Yes. I apologize. One of the last steps in the milestone 0.3 plan is to refactor the code to be consistent with the Higgins/idgang definitions. You are correct.  Every occurrence of Facet will be replaced with DigitalIdentity (among other changes).


--Dale
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev


Back to the top