Hi
Permissions and Privileges (without examples) to me are Access or Authority attributes not Identity attributes. This comes back to the definition of scope. Claims are in the
realm of Trust or what I clumsily refer to as Identity Attribute Metadata Attributes or Information Attributes about Identity Attributes. ugh
From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org]
On Behalf Of Salvatore D'Agostino
Sent: Friday, 23 March 2012 6:47 a.m.
To: 'Dagg, Kenneth'; dg-am@kantarainitiative.org
Subject: Re: [DG-AM] definition of Identity Attribute for the report
Thanks Ken,
OK so if we move away from ITU f, toward "Identity Attribute is
information that contributes to establishing the identity (a unique name) of a single person?"
Yes attributes can support a “higher level of authN” but also are related to authZ independent of or in combination with name or identifier.
It depends on the attribute types, so might we expand this to include “.. contributes to establishing the identity (unique name) and “permissions/privileges/claims” of an individual”
Not sure what the actual word is there and put these 3 in as example/suggestion.
From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org]
On Behalf Of Dagg, Kenneth
Sent: Thursday, March 22, 2012 12:56 PM
To: dg-am@kantarainitiative.org
Subject: [DG-AM] definition of Identity Attribute for the report
I checked for the term Identity Attribute in the IAF Glossary and did not find it. As such, I did not send a note to the IAWG.
However, the following terms are in the glossary:
* Attribute - a property associated with an individual
* Identity - a unique name for a single person. Because a person’s legal name is not necessarily unique, identity must include enough additional information (for example,
an address or some unique identifier such as an employee or account number) to make a unique name.
* Identification - Process of using claimed or observed attributes of an individual to infer who the individual is.
* Identity Proofing - The process by which identity related information is validated so as to identify a person with a degree of uniqueness and certitude sufficient for
the purposes for which that identity is to be used.
The AMDG report currently defines Identity Attribute as Information bound to a subject identity that specifies a characteristic of the subject.
I suggest that this definition is not in alignment with the definitions contained in the IAF glossary. While I have nothing against the definitions contained in ITU-T
X.1252 I would suggest that we remain consistent and aligned with KI definitions. I believe the following would be more aligned, "Identity Attribute is information that contributes to establishing the identity (a unique name) of a single person?"
Comments? Or reasons not to use this definition (other than it’s not the ITU definition)?
BTW: I have updated the report. I added a glossary and some text about RP requirements. I also took the opportunity to align the recommendations at the start of the
report with the recommendations at the end.
Ken
Kenneth Dagg
Senior Project Co-ordinator | Coordonnateur de projet supérieur
Security and Identity Management | Sécurité et gestion des identités
Chief Information Officer Branch | Direction du dirigeant principal de l'information
Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5
Kenneth.Dagg@tbs-sct.gc.ca
Telephone | Téléphone 613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter | Téléimprimeur 613-957-9090
Government of Canada | Gouvernement du Canada