On 27-Feb-06, at 8:48 PM, Dave Crocker wrote:
An identity is a set of assertions concerning a particular
subject identifier.
This definition seems to apply to the concept in Dick's ID-2
talk, but we should be careful. Do we want to say that any set
of assertions
...
Do you have a suggestion Dave? I hope you are not one of those
people that just poo-poos what other people do! :-)
Thank heavens you included the dash between the poos. I might have
gotten
confused about what you were concerned about.
Glad you are not confused
I think i mentioned in any earlier post that I feel obligated to offer
alternative text, in these situations, when I think I understand
enough of the
goals of those seeking chartering. In this case, I don't even feel
close to
that understanding, although the single-signon example does help.
Part of the problem I am seeing is that that example is nicely
concrete and very
much in the human realm, yet folks including Lisa seem fine with
definitions
that are entirely abstract. To me this seems entirely contradictory.
So I'll attempt to lob an example of the sort I am suggesting is
needed, but
without any real faith that it will be in the same ballpark as the
bat you folks
are swinging.
- - - -
An identity is a globally unique reference to an online user or
agent. The form
of the reference is a URI. <<There are some serious dragons in a
statement that
general, but they will hold their breath, for now. /d>> Associated
with an
identity is a collection of information that describes
characteristics of the
identity and/or privileges imparted to the identity. The
information about an
identity can be divided into subsets, according to the different
functional
roles performed by the user or agent.
This is where we differ. You are talking about "an identity" like it
is an object. I see identity as being *all* the things about me.
What you call identity above, I would call an identifier.
<< Meta-suggestions: DIX should define an identity object first,
and make sure
it can be carried in multiple ways, unless there is something
special in the
semantics of the exchange mechanism. /d >>
I was not involved, but HTTP did not need to define an object in
order to be able to move things around.
An initial application of DIX will be to permit users to have a
single step of
authenticating themselves to a DIX client and then having that
client be able to
perform other authentications, on behalf of the user, to servers
around the
Internet.
If all we are doing is solving SSO with DIX, then we might as well
stop now!
Identity is *so* much more then username and password -- although not
having to have a different username and password for each site is
*nice*, it is not all that compelling for sites to adopt. That is a
user issue. Making it easy for users to give sites data is compelling.
The web took off because it was browsable. You did not need to type
stuff in. Automating the movement of identity data is what DIX is
about. SSO is a small subset of that.
<< By the way, one problem with this example is that it is not
obvious what it
is that requires an interoperable standard, as opposed to a common
database and
agent on a single machine, as folks already have. Where is the
requirement for
a distributed mechanism on the client side? /d >>
that is because we are not just doing SSO -- need a common language
for sites to make queries to get identity data
The presentation was entertaining. It contained at least one
statement of equivalence that I find unpersuasive from just its
assertion. The equivalence of identity = reputation is a strong and
Wearing my email anti-abuse hat, I will certainly claim that
anything called
"reputation" is grotesquely relative. It is not even close to "the
same as" the
identity of the thing having the reputation.
your reputation is part of your identity ...
Glad you found it entertaining. The key point was that identity is
much more then a username and password.
or less.
if I change my password, I have not changed my identity. (Well,
not usually. I
did build an email service, once that used the password to ensure
uniqueness of
identity, but that was an anomoly is the design world, I think...)
we need to be using the same definition of identity for this
conversation to make sense :)
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
