Open Identity terminology, and the Web
Danny Ayers
[[
Digital Identity
Definition: A digital representation of a set of Claims made by one
Party about itself or another Digital Subject.
Claims
Definition: An assertion made by a Claimant of the value or values of
one or more Identity Attributes of a Digital Subject, typically an
assertion which is disputed or in doubt.
Digital Subject
Definition: An Entity represented or existing in the digital realm
which is being described or dealt with.
Party
Definition: A natural person or a juridical entity.
]]
from (links from):
http://wiki.idcommons.net/index.php/Digital_Identity
How do they look in Web terms?
Easy one: on the Web, a Digital Subject is a resource.
WebArch in itself doesn't go far into the real world, but the Semantic
Web does - an OID Party seems to correspond moderately well to
foaf:Agent (although this is probably a lot broader - a more accurate
term could be derived from it).
Claims is a little trickier.
When merely considered as assertions, it's not too bad - assertions on
the Web are representations of resources - my blog is a set of
assertions, if you post a comment there you'd be making assertions
about resources in that space. Semantic Web technologies offer a way
of expressing/making assertions in the logical sense (which would
ideally correspond 1:1 with the human language assertions of my
blog/comments). But Claims goes a step meta: assertions about
assertions. I guess Claims would map to the combination of the
representation assertions and information about the agent(s) making
those assertions.
I reckon treating this lot as a whole for a Web-oriented definition of
Digital Identity is viable but non-trivial.
While there have been huge amounts of work done around dealing with
(potentially contradictory) assertions in the Semantic Web context,
it's mostly been focussed on the declarative, logical side (starting
with simple reasoning and inference, going on to proof), with actual
system implementation covering areas like access control being thin on
the ground. A lot of the academic work I've seen gets difficult really
fast.
The Open Identity material seem much more implementation-oriented, but
(to my eyes) inextricably tied to the protocols along with behavioural
semantics. While building a system that actually works is the ultimate
goal, from what I've seen the logical side of OpenId seems weak (which
is significant if we're talking about provable trust mechanisms). I
feel a little embarrassed for Attribute Exchange, it tries so hard to
be a Web-friendly data language, but misses the point by reinventing
much of RDF without its solid grounding. (XRI and XDI also seem to
create a lot of complexity in a quasi-proprietary form when the same
functionality is mostly already available with standard (Semantic) Web
systems).
That isn't to say that these approaches are necessarily incompatible.
For example, AE should be relatively straightforward to map to the RDF
model - it's just another domain-specific data language. There are a
lot of those around :-)
Back in 1997 Tim Berners-Lee was talking about the "Oh yeah?" button
to validate claims, and I suspect that if you wanted to implement that
today, the quickest way would involve drawing on a lot of the OpenID
material.
http://www.w3.org/DesignIssues/UI.html#OhYeah
Cheers,
Danny.
--