David,
Thanks for the comments. We took these up on the call today and will incorporate this, as we understand it, into the draft by next week’s call. In particular under definition and recommendations.
Sal
From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of David L. Wasley
Sent: Tuesday, March 27, 2012 1:26 PM
To: Colin Wallis
Cc: dg-am@kantarainitiative.org
Subject: Re: [DG-AM] definition of Identity Attribute for the report
WRT :
On Mar 26, 2012, at 4:24 PM, Colin Wallis wrote:
OK, so x.1252 (not 1254 which is entity authentication assurance) does not specifically define ‘Identity attribute’.
But I think the term can be derived from the following definitions.
Arguably, the ‘NOTE’ is not helpful given some of the AM DG discussion.
But overall, I think it is fair to say that the ITU-T definitions represent a reasonable compromise on the range of opinions expressed.
Cheers
Colin
6.30 identity: A representation of an entity in the form of one or more attributes that allow the
entity or entities to be sufficiently distinguished within context. For identity management (IdM)
purposes, the term identity is understood as contextual identity (subset of attributes), i.e., the variety
of attributes is limited by a framework with defined boundary conditions (the context) in which the
entity exists and interacts.
NOTE – Each entity is represented by one holistic identity that comprises all possible information elements
characterizing such entity (the attributes). However, this holistic identity is a theoretical issue and eludes any
description and practical usage because the number of all possible attributes is indefinite.
6.9 attribute: Information bound to an entity that specifies a characteristic of the entity.
I think the above captures the essence. The NOTE is simply to recognize that there is no bound to this definition.
So back to "attributes" which as I recall is the subject of this DG. Assuming that a Subject can legitimately "claim" an abstract identifier that is bound to a unique record in an IdMS, what "attributes" might be contained in that record? The issues that come to mind include:
- semantics: how is an attribute defined such that a RP can understand what it might receive? E.g. "Name" -- is that Full Given Name at Birth, or ...? Etc.
- syntax: how is the information presented to a RP? Is "age" "19" or "over 18" or "microseconds since birth" or ...
- grammar: are there adjectives, e.g. Student; undergraduate; etc.
- authoritativeness: how and when was that attribute acquired, determined and/or maintained? And how would an ISP convey that to an RP?
Etc.
David