Raj,
I should
have been more careful. What I should have said is that in version 0.2 DIs consist
of a set of attributes (just a set of attribute/value slots without any “claimant”
information for each) whereas in version 0.3 DIs will consist of a set of claims where each claim is comprised of a “claimant”
and an attribute/value (as one would expect from the definitions).
I agree
about the need to be as clear as possible on the terms. I’ve taken and
adapted your “Attributes” para from your email and added it into
this page: http://spwiki.editme.com/IdentityAttribute.
The definition of Claim here: http://spwiki.editme.com/Claim.
So I think we’re now in perfect sync.
I’ve edited
all of the Higgins term definition wiki pages (such as the links above) to
include links to the corresponding Identity Gang definitions instead of
duplicating the text. To make the links work better, I split up all of the
Identity Gang definitions into their own pages (see http://www.identitygang.org/Lexicon).
-Paul
Paul
You
make a statement that DIs "will have claims as well as attributes".
Given I don't know what the semantic differences that you are making between
claims and attributes, I am not at a point to provide a feedback. One thing I
do want to say is that.. we need to make sure we agree on those terms and what
they mean. In the note I sent last night in response to Dale, I was
trying to differentiate claims and attributes... simply said.. wrt runtime vs
persistance. here is more on that:
Attributes: An identity has a set of attributes
that defines the characteristics of that entity. Some of those attributes are
relevant to that identity in a given context (e.g., name, account number, etc)
and some that are specific to particular roles that they may take on in that
given context. Some of these attributes may also be shared across different
contexts. For example, Bob Smith has email-address, phone number,
passport information, finger print data, etc about him which may be shared
across with his employer, port control authority, etc. Bob Smith has an
attribute of platinumCustomer, and preferredColor in the context of
“customer” to Clothes-R-Us.
Digital Claim - An assertion made by a claimant of the value or values of one or
more attributes of a digital subject, typically an assertion
which is disputed or in doubt. In this context of discussion, assertions are
about the attributes of an identity.
Examples:
A claim could just convey an identifier—for example, that the
subject's student number is 490-525, or that the subject's Windows name is
FRED. This is the way many existing identity systems work.
Another
claim might assert that a subject knows a given key—and should be able to
demonstrate this fact.
A set
of claims might convey personally identifying information—name, address,
date of birth and citizenship, for example.
A
claim might simply propose that a subject is part of a certain group—for
example, that she has an age less than 16.
And a
claim might state that a subject has a certain capability—for example, to
place orders up to a certain limit, or modify a given file.
-Raj
"Paul Trevithick"
<paul@xxxxxxxxxxxxxxxxx>
Sent
by: higgins-dev-bounces@xxxxxxxxxxx
03/10/2006 02:44 PM
Please
respond to
"Higgins (The Trust Framework) Project developer discussions"
<higgins-dev@xxxxxxxxxxx>
|
|
To
|
"'Higgins (The Trust Framework) Project
developer discussions'" <higgins-dev@xxxxxxxxxxx>
|
cc
|
|
Subject
|
RE: [higgins-dev] entities, and digital identities
|
|
Inline
-----Original
Message-----
From: higgins-dev-bounces@xxxxxxxxxxx
[mailto:higgins-dev-bounces@xxxxxxxxxxx] On
Behalf Of Dale Olds
Sent: Thursday, March 09, 2006 4:38 PM
To: higgins-dev
Subject: [higgins-dev] entities, and digital identities
I would like to discuss some terms in the context of Higgins interfaces and
classes. At this point I would rather not revisit any of these terms in the
sense of the identitygang lexicon, but see if we can reach a common
understanding in a more narrow scope of Higgins interfaces and code.
Entity
====
I know that "entity" is not in the interfaces or classes and is not
modeled directly, but I find it useful (and even necessary) to describe things
in the real world and we should be clear about what we consider to be
"real" and "things". I think "entity" is the most
likely term. Claims, attributes, digital identities, digital subject, and
principals all purport to be data about something -- some entity. I think of an
"entity" as anything that can be identified in human conversation.
This is very close to the identity gang lexicon, except that it would include
"concept" in the list with person, physical object, animal, and
juridical entity. In fact, I think of a juridical entity as a conceptual entity
that incurs legal policy. Also, note that a false assertion is still a concept
-- we can identify it and talk about it.
So it is useful to think of an entity as anything that can be identified in
human conversation.
Yes. Humans and the topics of their
conversations live in the “real” world--the world of entities. In a digital system the entities
(which could include concepts (I justed added concept
to the Higgins wiki’s definition of Entity)) are called digital subjects, or just subjects for short. The reason for the
distinction is that subjects can either (a) exist only in the digital world
(and have no “real” world equivalent) or (b) be digital
representations of real world entities.
BTW, sorry to add complexity, but the distinction
between subject and digital identity is also worth making
here. As Nataraj Nagaratnam (aka Raj) has tried to explain to me, a subject
could be represented by a collection of more than one digital identities, not just one digital identity.
There is much discussion on the identitygang list that two identities can be
identical -- but I think that's because the discussion strays between entities
(anything that can be identified) (subjects)
and digital identities (a chunk of data). Of course a particular
chunk of data (e.g. a set of attributes) can be insufficient to distinguish
between two entities, but humans CAN distinguish between the entities or we
could not talk about them. The distinction between entities may be as simple as
sequence or physical position, be we can identify them or we could not discuss
them.
Agreed.
Digital Identity
===========
In networked systems we commonly store data about an entity. I think this
corresponds most closely with Digital Identity. It consists of a chunk of
structured data.
Yes. Let me have a try. A digital identity is represented as a chuck
of structured data that is “about” some subject within a given
context. There may well be other digital identities in other contexts that are
also about that same subject. There could even be N>1 digital identities
that are about the same subject.
At this point I see no difference between the terms attributes, attribute value
assertions, and claims when applied to that structured data. Sometimes sets of
attributes are stored as an entity within a larger entity (e.g a user account
within a directory service).
As I try to follow you, I’d
say that a “user account” is a digital
identity. A digital identity
that is a about a subject that
stands for a real world entity
called a user. A directory service is (I think) modeled as a hierarchical set
of contexts.
Sometimes a set of attributes are presented as part of some interaction with
another entity (e.g. name.password authentication, update address book, present
credit card info, etc.).
Yes. A digital identity containing
the appropriate set of claims (a special kind of attribute where the
“claimant” of the value of the attribute is known) is presented as
part of some interaction…
Is this the difference between "digital subject", "digital
identity", and "claims" -- merely notions of persistence and
larger or smaller subset of attributes?
If so, it seems like the higgins interface can have class definitions for
digital identity, and attribute, and not (yet) need classes for digital
subject, claims, persona, party, etc.
Digital subjects are not modeled in
Higgins. Only digital identities. In the current version DIs have attributes,
but very soon (v0.3) they will have claims as well as attributes.
A persona is just a synonym for DI.
A party won’t be modeled either because a party is a real person. Digital
subjects won’t be modeled explicitly either.
>From what I have seen of the demo code, it seems like a Facet corresponds
to a digital identity. Is this where you see it going?
Yes. I apologize. One of the last
steps in the milestone 0.3 plan is to refactor the code to be consistent with
the Higgins/idgang definitions. You are correct. Every occurrence of
Facet will be replaced with DigitalIdentity (among other changes).
--Dale
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev