Hello all, During last teleconference, I have asked a question that has not been answered during the call. Ingo suggested to ask to the whole list. Short: Where to put the limit, for a thing or object, between a simple list of attributes and a whole/real "identity" for that object? Does the object need a minimal computing power to have an identity? Or the simple fact to be able to answer a request (even if it is "passive") is enough for that? Are there other criteria (like, for an object, just having a unique ID)? Another question: in a lot of cases, instead of a proper identity, doesn't an object in fact just carrying or using its owner's identity? A bit longer: Nowadays, a lot of devices, objects and things are able to communicate, either actively or passively (upon request, as with RFID). Most of those objects have an identifier and often a set of attributes. Some of them are able to react to their environment. But in some cases, it seems to me that certain object don't have a "digital identity" on their own. I think that they just carry a set of complementary attributes for another entity, or just have a set of attributes, but not a "real" identity, or act on behalf of another entity. Examples: - A light-bulb has an address (IPv6?) and some attributes (e.g. firstUsed:<a date> and onFor:<a duration>). Is it a real identity? - A micro-chip has just an ID number. Isn't that number just an attribute of the identity of the pet wearing it under its skin? - Consider a car. It sometimes act on behalf of its owner or driver (when paying a toll), and sometimes for itself (when connected to the computer of the garage). - What is the difference between an economic good with a paper label with a serial number, or with a label with a barcode or with a passive contactless chip (RFID)? Does only the latter have a (digital) identity? Should we build a typology of identities (or "nearly identities")? If we can define the wider spectrum of possible identities definitions, then we can choose which part of that spectrum we want to address in the WG. Finally, objects acting on behalf of their owners or with the identities of their owners (e.g. a smartphone sending a notification) seem to be something quite common. The owner's identity is then pervasive and exists (sometimes partially and momentarily) in several objects at the same time. The identity has different forms in the various objects, depending on their needs and their capabilities, but it's really the same everywhere. I think that situation dramatically needs an "overarching Identity Framework" to "recognize and manage identities across different solutions". Do you agree? I'm sorry for posting this so late. Please ask me if my poor English is not understandable. Regards, -- Benoît Bailleux Orange Labs, P&S / Architecture — Security — Enablers Open Source referent Phone: +33 2 96 05 20 37