Monday, May 02, 2005

fyi From simple identity assertions to... identity ontology


Pointer to blogpost:

Kobielus kommentary:
I like Razzel’s discussion of “identity ontologies.” It’s a good organizing framework for understanding the potential for semantic match or mismatch among identity-asserting and identity-relying parties in any interaction.

My sense is that identity ontologies among asserting and relying parties overlap when they share commonly recognized identity authorities (e.g., PKI root CAs, authoritative directories, SAML authentication authorities), who establish and sustain the shared trust, federation, risk management, and policy framework within which parties can interact for their mutual advantage. Those frameworks naturally require common formats (aka, schemas) for the identity, trust, policy, and other assertions/claims that parties interchange in such an environment.

As to Razzel’s notion of identity “micro-formats,” it seems to me that this is applicable to environments wherein end-entities are their own authorities, issuing assertions (or “self-declarations”) on their own behalf and in self-declared assertion formats (or in one-off or one-time or ad-hoc per-relationship formats). In such an environment, the asserting and relying parties must find an intersection among authorities and formats (and among the trust relationships within which those authorities/formats exist) in order to interact securely for mutual advantage. If neither party recognizes each other as a self-assertion authority for a particular transaction, then the intersection among their identity ontologies is null. "I would trust you if and only if some trusted third-party says you exist and tells me somethiing useful about you. And you say you feel the same about me. Our solemn promises to each other are meaningless without third-party vouching."

The "micro-formats" can be as microscopic as the scope of the self-declaration and the scope/depth/duration of the relationship within which various attributes are being asserted. "I'm willing to recognize your self-assertion of membership in a peer-to-peer informal social network for the purpose of swapping information of mutual interest to people like us who self-assert such membership."

From a post of a few months ago, here’s my broader identity ontology, within which the notion of self-authority/assertion/declaration (and negotiated identity micro-formats, or ad-hoc assertion schemas) can be best be understood:

• Identity is a uniquely denotative set of one or more attributes associated with a designated entity.
• Identity is issued, owned, asserted, vouched, interchanged, controlled, disclosed, and administered by one or more recognized authorities, which may be the designated entity itself (i.e., self-declaration) and/or various third parties with responsibility over various roles, transactions, or scenarios in which that entity participates (and who may provision or deprovision some aspect of the entity’s identity at their pleasure, will, or whim, depending on their power over him/her/it in various spheres).
• Identity is queried, retained, and relied upon by one or more other parties when engaging in various relationships or interactions, public or private, with the designated entity.
• Identity is control over the entity that it designates, and that control may reside to varying degrees in the designated entity, various recognized identity authorities, and/or various relying parties.

By the way, “my ontology” has a special meaning in my own personal ontology of working. When I embark on a new research project (be it a freelance article, research report, or whatever), I attempt to quickly get my head around the topic by a) immersing myself in the latest, most comprehensive research on that topic and b) sketching out, on a single piece of paper, a graphical overview of all the principal entities and relationships (with appropriate boxes, labels, lines, and arrows) among all of those entities/relationships. Then I sit and stare and contemplate on that single jam-packed sheet of paper.

Which I refer to as “My Ontology.” Yeah, I’m a myontologist.