I agree with Bob, the term identifier is unambiguous for the semantic described, the term identity has other meanings.
For example anyone who reads the Boondocks is familiar with Hughy's 'identity politics' definition of identity. Dick's membership of Star Alliance Gold is apparently central to his concept of self identity. I am all up for writing a protocol that resolves identifiers for people if that is what people want to do first. But if we are only doing that I really want to avoid terms like 'identity' altogether. > -----Original Message----- > From: RL 'Bob' Morgan [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 14, 2006 5:33 PM > To: Digital Identity Exchange > Subject: Re: [dix] What is "identity"? > > > > Consensus on moving forward based on this definition? > > Eh, no. > > This definition encapsulates the unfortunate confabulation of > "identity" > and "identifier" that appears to me to be the cause of much > of the confusion in discussions about this stuff. > > An identity is any subset of attributes of an individual which > identifies this individual within any set of individuals. > > Set A is the set of all people in the building I'm in now. > We're all employees of the University of Washington. So my > attribute "employee of the UW" doesn't identify me within Set > A, hence is not part of my identity by this defintion. Set B > is the set of people attending next week's bar bof. Only one > of them, me, is a UW employee, so my attribute "employee of > the UW" does distinguish me, hence is part of my identity. > So when I send "UW employee" on the wire, am I sending > "identity information" or not? > > This is a useless definition for doing a protocol design, > because it's only meaningful in the context of a particular > interpreting party (ie, the party that wants to "identify" > (more accurately, distinguish) one individual from another in > a set they are using (and it's especially useless because > that party isn't even referred to in the definition). > What's useful in a protocol design is a definition that > refers to the information being transmitted. > > In fact the useful definition is the one that has already > been promoted by Kim Cameron and subjected to endless > discussion in the identitygang context > (http://www.identitygang.org/DigitalIdentity): > > Digital Identity > > Definition: The digital representation of a set of Claims > made by one > Party about itself or another Digital Subject. > > where I would modify this slightly and say that it is exactly > the definition of "digital identity exchange": > > The transmission of digital representation of a set of > Claims made by > one Party about itself or another Digital Subject, to one > or more other > Parties. > > which is supposedly what we're here to talk about. > > The distinction that the "subset of attributes" definition is > grasping at but failing to address is that between (1) the > entire mass of "stuff about me" that constitutes a Subject's > (aka entity's/individual's) identity (subsets of which > constitute an identity in any particular context), and > (2) those attributes that are specifically designed to > distinguish one Subject from another, which we call > "identifiers" (eg username, UUID, SSN, Subject Name, etc). > Authentication operations have traditionally involved the use > of identifiers, so people tend to associate them with > "identity", and obviously identifier attributes are often > useful in any real identity system. > > But in the modern world we observe that identifiers may or > may not be needed in any particular act of system access or > personal info exchange, hence the importance of opening up > "digital identity exchange" to be potentially any "stuff > about me". That is, in many cases the relying party doesn't > need "attributes that identify this individual within a set > of individuals", it just needs enough info to do its job. > > This is why modern systems like SAML put emphasis on > including attributes in authentication operations, and define > identifier values that specifically mean "not a useful > identifier for you" (see section 8.3.8 of SAML 2.0 Core). > > - RL "Bob" > > On Tue, 14 Mar 2006, John Merrells wrote: > > > > > I just wanted to close out a thread and check there's agreement: > > > > On 28-Feb-06, at 2:46 AM, Ben Laurie wrote: > > > >> "An identity is any subset of attributes of an individual which > >> identifies this individual within any set of individuals. > So usually > >> there is no such thing as the identity, but several of them." > > > > A couple of list members (Jefsey, Dick) seconded this definition. > > > > I can go with this too, although it seems a little complex. > > > > Consensus on moving forward based on this definition? > > > > John > > > > > > _______________________________________________ > > dix mailing list > > [email protected] > > https://www1.ietf.org/mailman/listinfo/dix > > >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
