Hi Permissions and Privileges (without examples) to me are Access or Authority attributes not Identity attributes. This comes back to the definition of scope. Claims are in the realm of Trust or what I clumsily refer to as Identity Attribute Metadata Attributes or Information Attributes about Identity Attributes. ugh From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Salvatore D'Agostino Sent: Friday, 23 March 2012 6:47 a.m. To: 'Dagg, Kenneth'; dg-am@kantarainitiative.org Subject: Re: [DG-AM] definition of Identity Attribute for the report Thanks Ken, OK so if we move away from ITU f, toward "Identity Attribute is information that contributes to establishing the identity (a unique name) of a single person?" Yes attributes can support a "higher level of authN" but also are related to authZ independent of or in combination with name or identifier. It depends on the attribute types, so might we expand this to include ".. contributes to establishing the identity (unique name) and "permissions/privileges/claims" of an individual" Not sure what the actual word is there and put these 3 in as example/suggestion. From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Dagg, Kenneth Sent: Thursday, March 22, 2012 12:56 PM To: dg-am@kantarainitiative.org Subject: [DG-AM] definition of Identity Attribute for the report I checked for the term Identity Attribute in the IAF Glossary and did not find it. As such, I did not send a note to the IAWG. However, the following terms are in the glossary: * Attribute - a property associated with an individual * Identity - a unique name for a single person. Because a person's legal name is not necessarily unique, identity must include enough additional information (for example, an address or some unique identifier such as an employee or account number) to make a unique name. * Identification - Process of using claimed or observed attributes of an individual to infer who the individual is. * Identity Proofing - The process by which identity related information is validated so as to identify a person with a degree of uniqueness and certitude sufficient for the purposes for which that identity is to be used. The AMDG report currently defines Identity Attribute as Information bound to a subject identity that specifies a characteristic of the subject. I suggest that this definition is not in alignment with the definitions contained in the IAF glossary. While I have nothing against the definitions contained in ITU-T X.1252 I would suggest that we remain consistent and aligned with KI definitions. I believe the following would be more aligned, "Identity Attribute is information that contributes to establishing the identity (a unique name) of a single person?" Comments? Or reasons not to use this definition (other than it's not the ITU definition)? BTW: I have updated the report. I added a glossary and some text about RP requirements. I also took the opportunity to align the recommendations at the start of the report with the recommendations at the end. Ken Kenneth Dagg Senior Project Co-ordinator | Coordonnateur de projet supérieur Security and Identity Management | Sécurité et gestion des identités Chief Information Officer Branch | Direction du dirigeant principal de l'information Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada Ottawa, Canada K1A 0R5 Kenneth.Dagg@tbs-sct.gc.ca<mailto:Kenneth.Dagg@tbs-sct.gc.ca> Telephone | Téléphone 613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter | Téléimprimeur 613-957-9090 Government of Canada | Gouvernement du Canada [X] ==== CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you. ====