[P2P-F] Fwd: PeerPoint Requirements Definition -- Section 1. Identity Management
Poor Richard
poor.ricardo at gmail.com
Thu Jul 12 12:47:48 CEST 2012
The following is an excerpt from a recent addition to the *PeerPoint Open
Requirements Definition and Design Specification Proposal* (currently a
shared Google Doc at
https://docs.google.com/document/d/1TkAUpUxdfKGr_5Qio2SlZcnBu_sgnZWdoVTZuD_Regs/edit#).
The PeerPoint project is an open and collaborative effort to develop
requirements, standards, and specifications for peer-to-peer internet
technologies that will promote fair and sustainable societies. On-going
updates to this topic will be made at the above link. Your collaboration is
invited! - PR
-------- Forwarded message ----------
From: <building-a-distributed-decentralized-internet at googlegroups.com>
Group:
http://groups.google.com/group/building-a-distributed-decentralized-internet/topics
PeerPoint Requirements Definition -- Section 1. Identity
Management<http://groups.google.com/group/building-a-distributed-decentralized-internet/t/40960ee40698b940>
The first step in defining the problem space of identity management is
to
define identity. What is it? From The Free Dictionary<
http://www.thefreedictionary.com/>(tfd.com):
*identity*: 1. The collective aspect of the set of characteristics by
which
a thing is definitively recognizable or known
*PeerPoint Terms and Definitions*
- *entity*: anything that has a definite, recognizable identity, whether
a person, group, organization, place, object, computer, mobile device,
concept, etc.
[image: Identity conceptual view]
<http://en.wikipedia.org/wiki/File:Identity-concept.jpg>
- *attribute*: any characteristic, property, quality, trait, etc. that
is inherent in or attributed to an entity. An entity has one or more
attributes and an attribute has one or more values. For example "the sky
(entity) has color (attribute) of blue (value)." This
entity-attribute-value (EAV)
model is sometimes called a "triple" as in the Resource Description
Framework (RDF).
An attribute (which is also a kind of entity) may have attributes of its
own. These are often logically nested in a hierarchical fashion. For
example, an address may be an attribute of a company but also an entity
with attributes of street, city, state, etc. An entity may have multiple
instances of the same attributes, such as multiple aliases or addresses.
(Different programming languages, protocols, frameworks, and
applications
may organize the entity-attribute-value model differently; or use
different terms such as object for entity or property for attribute; but
this is probably the most generic approach.)
[image: Rdf-graph3]<http://commons.wikipedia.org/wiki/File:Rdf-graph3.png
>
- *identity*: a definitive and recognizable set of attribute-value pairs
(or
entity-attribute-value triples) for a particular entity. The set of
attribute-value pairs may be partial or exhaustive, depending on the
intended purpose of the identity construct.
- *identification (ID)*: a dataset (value, record, file, etc) which
represents
the most concise amount of
information required to specify a particular entity and distinguish it
from
others. An ID may be local to a particular context, such as a company
employee ID or inventory number, or it may be universal. Examples of
universal ID are Global Trade Item Numbers (GITN)
<http://en.wikipedia.org/wiki/Global_Trade_Item_Number>
and uniform resource identifiers (URI)
<http://en.wikipedia.org/wiki/Universal_Resource_Identifier>
The ID typically consists of a smaller quantity of data than the
full identity dataset and only represents or refers to the full identity.
*Identity management problem space*
The PeerPoint requirements will explore various parts of the Identity
Management <http://en.wikipedia.org/wiki/Identity_management> problem
space, all of which overlap or interpenetrate each other:
1. description
2. classification
3. identity provisioning and discovery (directory services,
including identity & directory linking, mapping, and federation)
4. authentication (validation/verification, security tokens, security
token services)
5. authorization (access control, role-based access control, single
sign-on)
6. security (anonymity, vulnerabilities, risk management)
*1. Description*
Description is meant here in its most general sense as the entire set of
attributes and values that describe an entity, and not simply a
"description" box or field in a record. This is the aspect of identity
management which establishes the attributes and values by which an
entity
is typically recognizable or known in a particular context. A
description
can attempt to be exhaustive, but in most cases it is only as complete
as
required for its intended purpose in a given application.
PeerPoint requirements
- Identity management functions should be consistent across all
PeerPoint applications, so the requirements should be implemented as
part
of a PeerPoint system library from which all applications, middleware,
API s, etc. can call the necessary
functions. Interfaces or connectors must be provided for
non-PeerPoint-compatable systems.
- There are many methods in existing software applications, protocols,
and frameworks to describe the identity of entities. The PeerPoint
identity
management solutions must inter-operate with as many of these as
possible.
For that reason the PeerPoint descriptions of entities must be as
generic,
modular, composable, and extensible (open-ended) as possible.
- PeerPoint user interfaces (UI) must allow users to extend and
customize entity descriptions in as intuitive a manner as possible
without
reducing or destroying the interoperability of the descriptions with
those
of other platforms. One approach is to provide user input forms with the
most common or universal attributes for various types of entities,
combined
with fields for additional user-defined attribute-value pairs as well as
simple tags.
- In both standardized and customizable parts of entity descriptions,
the UI should provide as much guidance as possible about the most
typical
names and/or value ranges for attributes without locking the user in to
these "preferred" or popular choices.
One of the most basic entities in social networking systems is the
person,
member, or user account. The identity description for such an entity is
commonly called a "user profile." User profiles are also found in most
applications that involve online collaboration. The most primitive form
of
user account consists of a user ID (or UID) and a password, where both
the
ID and password are simple alphanumeric strings. But increasingly, user
accounts for social and collaborative applications include elaborate
user
profiles. Facebook is a good example, having one of the most extensive
user
profiles of any internet application.
This is a partial screenshot of Poor Richard's Facebook Profile
<https://www.facebook.com/po.richard?sk=info>
The information in a Facebook User Profile is organized into numerous
logical categories. Some not shown above include the user's friends,
Facebook groups to which the user belongs, and a personal library of
documents and images. Other profile sections include unlimited free-form
text.
Many of the profile data categories such as "Arts and Entertainment" may
include unlimited numbers of "likes" or tags. These are added via an
intuitive interface in which the user begins typing something such as
a-r-e-t-h-a- -f-r-a-n-k... and as the user types, a list of matching
tags
is displayed and continuously updated with each keystroke, showing
possible matches from the Facebook database. If no match is found by the
end of typing, the entered tag label is displayed as-is with a generic
icon. Facebook's database of entities in the various categories is
created
and maintained primarily by Facebook users who create Facebook "pages"
for
people, groups, companies, products, movies, authors, artists, etc.
Other social network sites have profile features not found in the
Facebook
User Profile. Google + adds a feature to the "friends" data category
called
"circles" and a homepage feature called "hangouts". Google + users can
organize friends into user-defined categories called circles that
inter-operate with other Google apps, and can create live audio-video
chat
groups with user-defined membership. LinkedIn has additional profile
data
categories for resumes, cvs, and employment references, recommendations
or
testimonials.
In addition to users, on various social networks accounts may be created
for special-interest groups, fan clubs, companies, organizations, and
topic
pages of all kinds. The structures of the profiles for different types
of
accounts on different networks vary widely.
Very limited, generic profiles are also hosted by services such as
Gravatar
<http://en.gravatar.com/>and About.me <
http://en.wikipedia.org/wiki/About.me>.
Sample Gravatar <http://en.gravatar.com/> profile:
OpenID Simple Registation
<http://openid.net/specs/openid-simple-registration-extension-1_0.html>
is an extension to the OpenID <http://en.wikipedia.org/wiki/OpenID>
Authentication protocol that allows for very light-weight profile
exchange.
It is designed to pass eight commonly requested pieces of information
when
an End User goes to register a new account with a web service.
Gravatar and OpenID SR are simple examples of what PeerPoint will call a
meta-profile.
PeerPoint requirements:
- the capability to create and maintain meta-profiles for any type of
entity
- intuitive user interface for creating, customizing, and maintaining
meta-profiles
- allow the creator of a profile to determine where any portion of it is
stored and with whom any portion of it is shared
- capability to synchronize the PeerPoint meta-profile with profiles in
non-PeerPoint applications
*2. **Classification: "people, places and things"*
Different kinds of entities have different kinds of descriptions, so an
important part of the identity management problem is the problem of
sorting
things into various categories. Sorting things into categories or
classes
is often called categorization or classification.
Classification systems are often called taxonomies. Examples might
include the index of an encyclopedia, a library card catalog, or a
glossary
of internet terms.
In the case of information systems, the term ontology
<http://en.wikipedia.org/wiki/Ontology_%28information_science%29>
means "a rigorous and exhaustive organization of some knowledge domain
that
is usually hierarchical and contains all the relevant entities and their
relations." "An ontology renders shared vocabulary and taxonomy which
models a
domain with the definition of objects and/or concepts and their
properties and relations.
Ontologies are the structural frameworks for organizing information and
are
used in artificial intelligence<
http://en.wikipedia.org/wiki/Artificial_intelligence>,
the Semantic Web <http://en.wikipedia.org/wiki/Semantic_Web>, systems
engineering <http://en.wikipedia.org/wiki/Systems_engineering>, software
engineering <http://en.wikipedia.org/wiki/Software_engineering>,
biomedical
informatics <http://en.wikipedia.org/wiki/Biomedical_informatics>,
library
science <http://en.wikipedia.org/wiki/Library_science>, enterprise
bookmarking <http://en.wikipedia.org/wiki/Enterprise_bookmarking>, and
information
architecture <http://en.wikipedia.org/wiki/Information_architecture> as
a
form of knowledge representation<
http://en.wikipedia.org/wiki/Knowledge_representation>
about the world or some part of it. The creation of domain ontologies is
also fundamental to the definition and use of an enterprise architecture
framework <http://en.wikipedia.org/wiki/Enterprise_architecture_framework
>.
Another related term in information systems is namespace
<http://en.wikipedia.org/wiki/Namespace_%28computer_science%29>,
often used in relation to wiki structures and directory
services <http://en.wikipedia.org/wiki/Directory_service>.
In identity management, two of the main systems of categories, or
taxonomies, would be categories of entities and categories of
attributes.
Attributes are themselves categories of values (the attribute "color" is
a
category of colors: red, blue, green, etc.).
Examples of high-level categories of entities might include:
- people
- groups
- organizations
- places
- internet technologies
- devices
Examples of very high-level categories of attributes could include:
- Material properties <http://en.wikipedia.org/wiki/Material_properties>
- Chemical properties <http://en.wikipedia.org/wiki/Chemical_property>
- Physical properties <http://en.wikipedia.org/wiki/Physical_property>
- Mental properties <http://en.wikipedia.org/wiki/Mental_properties>
- Economic attributes
These taxonomies become semantic web<
http://en.wikipedia.org/wiki/Semantic_web>
ontologies <http://en.wikipedia.org/wiki/Ontology_%28computer_science%29>
when they are defined in machine-readable protocols such as:
- Resource Description Framework<
http://en.wikipedia.org/wiki/Resource_Description_Framework>(RDF)
- Web Ontology Language<
http://en.wikipedia.org/wiki/Web_Ontology_Language>(OWL)
- Extensible Markup Language <http://en.wikipedia.org/wiki/XML> (XML)
- Simple Object Access Protocol <http://en.wikipedia.org/wiki/SOAP>(SOAP)
- Description of a Project <http://en.wikipedia.org/wiki/DOAP> (DOAP)
(an RDF schema <http://en.wikipedia.org/wiki/RDF_Schema> and XML
<http://en.wikipedia.org/wiki/Extensible_Markup_Language>vocabulary to
describe software project)
- Service Provisioning Markup Language<
http://en.wikipedia.org/wiki/Service_Provisioning_Markup_Language>(SPML)
is an XML <http://en.wikipedia.org/wiki/XML>-based framework, being
developed
by OASIS <http://en.wikipedia.org/wiki/OASIS_%28organization%29>, for
exchanging user, resource and service provisioning information between
cooperating organizations
- Friend of a friend
<http://en.wikipedia.org/wiki/FOAF_%28software%29>(FOAF)
(a machine-readable
ontology <http://en.wikipedia.org/wiki/Ontology_%28computer_science%29>describing
persons, their activities and their relations to other people
and objects.
*Linked Data* <http://en.wikipedia.org/wiki/Linked_Data>
One great advantage of machine-readable ontologies is the ability to
semantically link data across the web.
*Linking open-data community project*
The goal of the W3C Semantic Web Education and Outreach<
http://en.wikipedia.org/w/index.php?title=Semantic_Web_Education_and_Outreach&action=edit&redlink=1>group's
Linking
( . . . )
[The preceding was an excerpt from a recent addition to the *PeerPoint
Open Requirements Definition and Design Specification
Proposal*(currently a shared Google Doc at
https://docs.google.com/document/d/1TkAUpUxdfKGr_5Qio2SlZcnBu_sgnZWdoVTZuD_Regs/edit#).
The PeerPoint project is an open and collaborative effort to develop
requirements, standards, and specifications for peer-to-peer internet
technologies that will promote fair and sustainable societies. On-going
updates to this topic will be made at the above link. Your collaboration is
invited! - PR]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ourproject.org/pipermail/p2p-foundation/attachments/20120712/51921dc7/attachment.htm
More information about the P2P-Foundation
mailing list