Hi

 

I would remove the qualification in brackets '(a unique name)' as identity is often established using a number of different identity attributes of which name is only part.

 

We do perhaps then need to define other attributes that are in the scope of the work we are doing i.e. attributes that provide information in relation to the identity attributes but that are not identity attributes in themselves. e.g. Date of Birth may be considered an identity attribute but the start and end dates for the timeframe in which a person uses a preferred name are other related attributes. I would also think that a lot of the attributes that relate to trust will not qualify as identity attributes.

 

Just my business perspective thoughts

 

Cheers

 

Jo

 

From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Dagg, Kenneth
Sent: Friday, 23 March 2012 5:56 a.m.
To: dg-am@kantarainitiative.org
Subject: [DG-AM] definition of Identity Attribute for the report

 

I checked for the term Identity Attribute in the IAF Glossary and did not find it.  As such, I did not send a note to the IAWG.

 

However, the following terms are in the glossary:

 

* Attribute - a property associated with an individual

* Identity - a unique name for a single person. Because a person’s legal name is not necessarily unique, identity must include enough additional information (for example, an address or some unique identifier such as an employee or account number) to make a unique name.

* Identification - Process of using claimed or observed attributes of an individual to infer who the individual is.

* Identity Proofing - The process by which identity related information is validated so as to identify a person with a degree of uniqueness and certitude sufficient for the purposes for which that identity is to be used.

 

The AMDG report currently defines Identity Attribute as Information bound to a subject identity that specifies a characteristic of the subject.

 

I suggest that this definition is not in alignment with the definitions contained in the IAF glossary. While I have nothing against the definitions contained in ITU-T X.1252 I would suggest that we remain consistent and aligned with KI definitions. I believe the following would be more aligned, "Identity Attribute is information that contributes to establishing the identity (a unique name) of a single person?"

 

Comments? Or reasons not to use this definition (other than it’s not the ITU definition)?

 

BTW: I have updated the report. I added a glossary and some text about RP requirements.  I also took the opportunity to align the recommendations at the start of the report with the recommendations at the end.

 

Ken

 

 

Kenneth Dagg
Senior Project Co-ordinator | Coordonnateur de projet supérieur
Security and Identity Management | Sécurité et gestion des identités
Chief Information Officer Branch | Direction du dirigeant principal de l'information
Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5
Kenneth.Dagg@tbs-sct.gc.ca

Telephone | Téléphone 613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter | Téléimprimeur 613-957-9090
Government of Canada | Gouvernement du Canada

 

 

 

====
CAUTION:  This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====