An identity is a set of assertions concerning a particular subject
identifier.
This definition seems to apply to the concept in Dick's ID-2 talk, but
we should be careful. Do we want to say that any set of assertions
...
Do you have a suggestion Dave? I hope you are not one of those people
that just poo-poos what other people do! :-)
Thank heavens you included the dash between the poos. I might have gotten
confused about what you were concerned about.
I think i mentioned in any earlier post that I feel obligated to offer
alternative text, in these situations, when I think I understand enough of the
goals of those seeking chartering. In this case, I don't even feel close to
that understanding, although the single-signon example does help.
Part of the problem I am seeing is that that example is nicely concrete and very
much in the human realm, yet folks including Lisa seem fine with definitions
that are entirely abstract. To me this seems entirely contradictory.
So I'll attempt to lob an example of the sort I am suggesting is needed, but
without any real faith that it will be in the same ballpark as the bat you folks
are swinging.
- - - -
An identity is a globally unique reference to an online user or agent. The form
of the reference is a URI. <<There are some serious dragons in a statement that
general, but they will hold their breath, for now. /d>> Associated with an
identity is a collection of information that describes characteristics of the
identity and/or privileges imparted to the identity. The information about an
identity can be divided into subsets, according to the different functional
roles performed by the user or agent.
<<This leads to all sorts of questions about how the different personnas are
distinguished. And, by the way, using a URI model raises the obvious question
about whether an identity can have more than one associated URI and what it
means if it does. There is also the small matter of multiple people (identities)
sharing the same personna, such as store co-manager, conference paper reviewer,
and the like. /d>>
DIX is transaction mechanism for identity information. <<obvious questions:
you mean dix semantics cannot transit via email? equally obvious question: why
does this need a new transfer mechanism? >>
<< Meta-suggestions: DIX should define an identity object first, and make sure
it can be carried in multiple ways, unless there is something special in the
semantics of the exchange mechanism. /d >>
An initial application of DIX will be to permit users to have a single step of
authenticating themselves to a DIX client and then having that client be able to
perform other authentications, on behalf of the user, to servers around the
Internet.
<< By the way, one problem with this example is that it is not obvious what it
is that requires an interoperable standard, as opposed to a common database and
agent on a single machine, as folks already have. Where is the requirement for
a distributed mechanism on the client side? /d >>
The presentation was entertaining. It contained at least one
statement of equivalence that I find unpersuasive from just its
assertion. The equivalence of identity = reputation is a strong and
Wearing my email anti-abuse hat, I will certainly claim that anything called
"reputation" is grotesquely relative. It is not even close to "the same as" the
identity of the thing having the reputation.
(By way of example, for a few folks on this list, there is a set of people among
whom I have a reputation of being patient and kind. And, yes, they and the IETF
community are perceiving the same identity... There is a reason I said
"grotesque".)
provocative claim. If the sort of definition of identity on which the
WG's effort (implicitly) rests includes this equivalence, it deserves
to be justified better.
No, it deserves to be fixed.
Glad you found it entertaining. The key point was that identity is much
more then a username and password.
or less.
if I change my password, I have not changed my identity. (Well, not usually. I
did build an email service, once that used the password to ensure uniqueness of
identity, but that was an anomoly is the design world, I think...)
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
