Well, finally having had a chance to review this, I have a few issues and comments.  I apologize for the degree of changes this post suggests but I feel that significant clarity could be achieved.

First of all, WRT the glossary: the text refers to the KI IAF Glossary as normative.  However, that was derived at least in part from NIST 800-63 and it's notion of "identity" is seriously flawed.  To wit:

Identity

A unique name for a single person. Because a person’s legal name is not necessarily unique, identity must include enough additional information (for example, an address or some unique identifier such as an employee or account number) to make a unique name. 

It further describes "subject" as

Subject

An entity that is able to use an electronic trust service subject to agreement with an associated subscriber. A subject and a subscriber can be the same entity.

The AMDG glossary then defines

Identity Attribute

Information bound to a subject identity that specifies a characteristic of the subject.

Then, under Gap #1, it states that "... identity proofing [establishes] the set of Identty Attributes ... necessary ... to infer ... who an individual is (i.e., the identity of the individual)". 

All this seems rather inconsistent.  Perhaps that is the point but then I would suggest it be stated clearly up front.

I hope that we can quash any use of "who" in this context.  In particular, I would avoid ever using the term "who the Subject is" since that is a source of major confusion when discussing identity management.  What is the answer to "who"?  It depends on context.  Then what is "identity"?  That is the question to be addressed.

I suggest something like:

Identity Subject (or just Subject)   The physical person that is the subject of a record in an identity management system.

Identity           The set of information about a Subject that is true.  It is highly unlikely that any one Identity Provider (IdP) will have a complete Identity for any given Subject.

Identity Attributes     Individual components of Identity.  Some attributes are unique to the individual; others are shared with other Subjects.  The degree with which the validity of each Attribute is known will vary depending on how or where it was acquired, whether it can change over time, and the nature of the Source of Authority (SOA).

Identity Assertion     One or more Identity Attributes that together identify a Subject to a Relying Party (RP) within the context that the Subject wishes to be known.  There must be a trust relationship between the RP the Identity Assertion Provider (IAP).  The RP also may require an assertion of trustworthiness of the Identity Attributes provided.


Finally, I would reorder the "gaps" so that there is a better flow of concepts and ideas.

Gap (new order)      Gap (current)

1 Terminology             1

2 Contexts                    4

3 Business sets         2

4 Schema                    5

5 Categorization         3

6 Interoperability         6

7 Trust                          7

8 Consent                    8

9 Governance              9

 

Sorry about the massive post.  Attached is a markup with additional comments and suggestions.

            David