<br><div class="gmail_quote"><div class="gmail_quote">The following is an excerpt from a recent addition to the <b>PeerPoint Open Requirements Definition and Design Specification Proposal</b>
(currently a shared Google Doc at <a href="https://docs.google.com/document/d/1TkAUpUxdfKGr_5Qio2SlZcnBu_sgnZWdoVTZuD_Regs/edit#" target="_blank">https://docs.google.com/document/d/1TkAUpUxdfKGr_5Qio2SlZcnBu_sgnZWdoVTZuD_Regs/edit#</a> ). The PeerPoint project is an open and
collaborative effort to develop requirements, standards, and
specifications for peer-to-peer internet technologies that will promote
fair and sustainable societies. On-going updates to this topic will be
made at the above link. Your collaboration is invited! - PR<br><br>-------- Forwarded message ----------<br>From: <span dir="ltr"><<a href="mailto:building-a-distributed-decentralized-internet@googlegroups.com" target="_blank">building-a-distributed-decentralized-internet@googlegroups.com</a>></span><br>
Group: <a style="color:15c;text-decoration:none" href="http://groups.google.com/group/building-a-distributed-decentralized-internet/topics" target="_blank">http://groups.google.com/group/building-a-distributed-decentralized-internet/topics</a>
<ul style="margin-left:3px;padding-left:0px"></ul>
<a name="1387ac5dbafe0993_13873805c0d55fac_group_thread_0"></a>
<div style="background-color:#f5f5f5;font-family:arial;border-top:1px solid #e5e5e5;padding:4px 0 5px 32px">�<a href="http://groups.google.com/group/building-a-distributed-decentralized-internet/t/40960ee40698b940" style="color:15c;text-decoration:none" target="_blank">PeerPoint Requirements Definition -- Section 1. Identity Management</a> <br>
</div><ul>
The first step in defining the problem space of identity management is to <br>
define identity. What is it? From The Free Dictionary<<a href="http://www.thefreedictionary.com/" target="_blank">http://www.thefreedictionary.com/</a>>(<a href="http://tfd.com" target="_blank">tfd.com</a>):<br>
�<br>
*identity*: 1. The collective aspect of the set of characteristics by which <br>
a thing is definitively recognizable or known<br>
�<br>
*PeerPoint Terms and Definitions*<br>
�<br>
- *entity*: anything that has a definite, recognizable identity, whether <br>
a person, group, organization, place, object, computer, mobile device, <br>
concept, etc.<br>
[image: Identity conceptual view]<br><<a href="http://en.wikipedia.org/wiki/File:Identity-concept.jpg" target="_blank">http://en.wikipedia.org/wiki/File:Identity-concept.jpg</a>><br>
<br>
- *attribute*: any characteristic, property, quality, trait, etc. that <br>
is inherent in or attributed to an entity. An entity has one or more <br>
attributes and an attribute has one or more values. For example "the sky <br>
(entity) has color (attribute) of blue (value)." This entity-attribute-value (EAV)<br>model is sometimes called a "triple" as in the Resource
Description<br>Framework (RDF).<br>�<br>
An attribute (which is also a kind of entity) may have attributes of its <br>
own. These are often logically nested in a hierarchical fashion. For <br>
example, an address may be an attribute of a company but also an entity <br>
with attributes of street, city, state, etc. An entity may have multiple <br>
instances of the same attributes, such as multiple aliases or addresses. <br>
(Different programming languages, protocols, frameworks, and applications <br>
may organize the entity-attribute-value model differently; or use <br>
different terms such as object for entity or property for attribute; but <br>
this is probably the most generic approach.)<br>
[image: Rdf-graph3]<<a href="http://commons.wikipedia.org/wiki/File:Rdf-graph3.png" target="_blank">http://commons.wikipedia.org/wiki/File:Rdf-graph3.png</a>><br>
<br>
- *identity*: a definitive and recognizable set of attribute-value pairs (or<br>entity-attribute-value triples) for a particular entity. The set of <br>
attribute-value pairs may be partial or exhaustive, depending on the <br>
intended purpose of the identity construct.<br><br>
- *identification (ID)*: a dataset (value, record, file, etc) which represents<br>the most concise amount of <br>
information required to specify a particular entity and distinguish it from <br>
others. An ID may be local to a particular context, such as a company <br>
employee ID or inventory number, or it may be universal. Examples of <br>
universal ID are Global Trade Item Numbers (GITN)<br><<a href="http://en.wikipedia.org/wiki/Global_Trade_Item_Number" target="_blank">http://en.wikipedia.org/wiki/Global_Trade_Item_Number</a>> <br>and uniform
resource identifiers (URI)<br><<a href="http://en.wikipedia.org/wiki/Universal_Resource_Identifier" target="_blank">http://en.wikipedia.org/wiki/Universal_Resource_Identifier</a>><br>The ID typically consists of a smaller quantity of data than the <br>
full identity dataset and only represents or refers to the full identity.<br>
�<br>
*Identity management problem space*<br>
�<br>
The PeerPoint requirements will explore various parts of the Identity <br>
Management <<a href="http://en.wikipedia.org/wiki/Identity_management" target="_blank">http://en.wikipedia.org/wiki/Identity_management</a>> problem <br>
space, all of which overlap or interpenetrate each other:<br>
�<br>
1. description<br>
2. classification<br>
3. identity provisioning and discovery (directory services, <br>���
including identity & directory linking, mapping, and federation)<br>
4. authentication (validation/verification, security tokens, security
token services)<br>
5. authorization� (access control, role-based access control, single sign-on)<br>
6. security (anonymity, vulnerabilities, risk management)<br>
�<br>
*1. Description*<br>
�<br>
Description is meant here in its most general sense as the entire set of <br>
attributes and values that describe an entity, and not simply a <br>
"description" box or field in a record. This is the aspect of identity <br>
management which establishes the attributes and values by which an entity <br>
is typically recognizable or known in a particular context. A description <br>
can attempt to be exhaustive, but in most cases it is only as complete as <br>
required for its intended purpose in a given application.<br>
�<br>
PeerPoint requirements<br>
�<br>
- Identity management functions should be consistent across all <br>
PeerPoint applications, so the requirements should be implemented as part <br>
of a PeerPoint system library from which all applications, middleware, API s, etc. can call the necessary <br>
functions. Interfaces or connectors must be provided for
non-PeerPoint-compatable systems.<br><br>
- There are many methods in existing software applications, protocols, <br>
and frameworks to describe the identity of entities. The PeerPoint identity <br>
management solutions must inter-operate with as many of these as possible. <br>
For that reason the PeerPoint descriptions of entities must be as generic, <br>
modular, composable, and extensible (open-ended) as possible.<br><br>
- PeerPoint user interfaces (UI) must allow users to extend and <br>
customize entity descriptions in as intuitive a manner as possible without <br>
reducing or destroying the interoperability of the descriptions with those <br>
of other platforms. One approach is to provide user input forms with the <br>
most common or universal attributes for various types of entities, combined <br>
with fields for additional user-defined attribute-value pairs as well as <br>
simple tags.<br><br>
- In both standardized and customizable parts of entity descriptions, <br>
the UI should provide as much guidance as possible about the most typical <br>
names and/or value ranges for attributes without locking the user in to <br>
these "preferred" or popular choices.<br>
�<br>
One of the most basic entities in social networking systems is the person, <br>
member, or user account. The identity description for such an entity is <br>
commonly called a "user profile." User profiles are also found in most <br>
applications that involve online collaboration. The most primitive form of <br>
user account consists of a user ID (or UID) and a password, where both the <br>
ID and password are simple alphanumeric strings. But increasingly, user <br>
accounts for social and collaborative applications include elaborate user <br>
profiles. Facebook is a good example, having one of the most extensive user <br>
profiles of any internet application.<br>
�<br>
This is a partial screenshot of Poor Richard's Facebook Profile<br><<a href="https://www.facebook.com/po.richard?sk=info" target="_blank">https://www.facebook.com/po.richard?sk=info</a>><br>
�<br>
The information in a Facebook User Profile is organized into numerous <br>
logical categories. Some not shown above include the user's friends, <br>
Facebook groups to which the user belongs, and a personal library of <br>
documents and images. Other profile sections include unlimited free-form <br>
text.<br>
�<br>
Many of the profile data categories such as "Arts and Entertainment" may <br>
include unlimited numbers of "likes" or tags. These are added via an <br>
intuitive interface in which the user begins typing something such as <br>
a-r-e-t-h-a- -f-r-a-n-k... and as the user types, a list of matching tags <br>
is displayed and continuously updated with each keystroke, showing <br>
possible matches from the Facebook database. If no match is found by the <br>
end of typing, the entered tag label is displayed as-is with a generic <br>
icon. Facebook's database of entities in the various categories is created <br>
and maintained primarily by Facebook users who create Facebook "pages" for <br>
people, groups, companies, products, movies, authors, artists, etc.<br>
�<br>
Other social network sites have profile features not found in the Facebook <br>
User Profile. Google + adds a feature to the "friends" data category called <br>
"circles" and a homepage feature called "hangouts". Google + users can <br>
organize friends into user-defined categories called circles that <br>
inter-operate with other Google apps, and can create live audio-video chat <br>
groups with user-defined membership. LinkedIn has additional profile data <br>
categories for resumes, cvs, and employment references, recommendations or <br>
testimonials.<br>
�<br>
In addition to users, on various social networks accounts may be created <br>
for special-interest groups, fan clubs, companies, organizations, and topic <br>
pages of all kinds. The structures of the profiles for different types of <br>
accounts on different networks vary widely.<br>
�<br>
Very limited, generic profiles are also hosted by services such as Gravatar<br><<a href="http://en.gravatar.com/" target="_blank">http://en.gravatar.com/</a>>and About.me <<a href="http://en.wikipedia.org/wiki/About.me" target="_blank">http://en.wikipedia.org/wiki/About.me</a>>.<br>
�<br>
Sample Gravatar <<a href="http://en.gravatar.com/" target="_blank">http://en.gravatar.com/</a>> profile:<br>
�<br>
OpenID Simple Registation<br><<a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html" target="_blank">http://openid.net/specs/openid-simple-registration-extension-1_0.html</a>><br>is an extension to the OpenID <<a href="http://en.wikipedia.org/wiki/OpenID" target="_blank">http://en.wikipedia.org/wiki/OpenID</a>> <br>
Authentication protocol that
allows for very light-weight profile exchange.<br>It is designed to pass eight
commonly requested pieces of information when<br>an End User goes to register
a new account with a web service.<br>
�<br>
Gravatar and OpenID SR are simple examples of what PeerPoint will call a <br>
meta-profile.<br>
�<br>
PeerPoint requirements:<br>
�<br>
- the capability to create and maintain meta-profiles for any type of <br>
entity<br><br>
- intuitive user interface for creating, customizing, and maintaining <br>
meta-profiles<br><br>
- allow the creator of a profile to determine where any portion of it is <br>
stored and with whom any portion of it is shared<br><br>
- capability to synchronize the PeerPoint meta-profile with profiles in <br>
non-PeerPoint applications<br>
�<br>
*2. **Classification: "people, places and things"*<br>
�<br>
Different kinds of entities have different kinds of descriptions, so an <br>
important part of the identity management problem is the problem of sorting <br>
things into various categories. Sorting things into categories or classes <br>
is often called categorization or classification.<br>�<br>
Classification systems are often called taxonomies.
Examples might<br>include the index of an encyclopedia, a library card
catalog, or a glossary<br>of internet terms.<br>
�<br>
In the case of information systems, the term ontology<br><<a href="http://en.wikipedia.org/wiki/Ontology_%28information_science%29" target="_blank">http://en.wikipedia.org/wiki/Ontology_%28information_science%29</a>><br>
means "a rigorous and exhaustive organization of some knowledge domain that <br>
is usually hierarchical and contains all the relevant entities and their <br>
relations." "An ontology renders shared vocabulary and taxonomy which models a <br>
domain with the
definition of objects and/or concepts and their properties and relations. <br>
Ontologies are the structural frameworks for organizing information and are <br>
used in artificial intelligence<<a href="http://en.wikipedia.org/wiki/Artificial_intelligence" target="_blank">http://en.wikipedia.org/wiki/Artificial_intelligence</a>>, <br>
the Semantic Web <<a href="http://en.wikipedia.org/wiki/Semantic_Web" target="_blank">http://en.wikipedia.org/wiki/Semantic_Web</a>>, systems <br>
engineering <<a href="http://en.wikipedia.org/wiki/Systems_engineering" target="_blank">http://en.wikipedia.org/wiki/Systems_engineering</a>>, software <br>
engineering <<a href="http://en.wikipedia.org/wiki/Software_engineering" target="_blank">http://en.wikipedia.org/wiki/Software_engineering</a>>, biomedical <br>
informatics <<a href="http://en.wikipedia.org/wiki/Biomedical_informatics" target="_blank">http://en.wikipedia.org/wiki/Biomedical_informatics</a>>, library <br>
science <<a href="http://en.wikipedia.org/wiki/Library_science" target="_blank">http://en.wikipedia.org/wiki/Library_science</a>>, enterprise <br>
bookmarking <<a href="http://en.wikipedia.org/wiki/Enterprise_bookmarking" target="_blank">http://en.wikipedia.org/wiki/Enterprise_bookmarking</a>>, and information <br>
architecture <<a href="http://en.wikipedia.org/wiki/Information_architecture" target="_blank">http://en.wikipedia.org/wiki/Information_architecture</a>> as a <br>
form of knowledge representation<<a href="http://en.wikipedia.org/wiki/Knowledge_representation" target="_blank">http://en.wikipedia.org/wiki/Knowledge_representation</a>><br>about the world or some part of it. The creation of domain ontologies is <br>
also fundamental to the definition and use of an enterprise architecture <br>
framework <<a href="http://en.wikipedia.org/wiki/Enterprise_architecture_framework" target="_blank">http://en.wikipedia.org/wiki/Enterprise_architecture_framework</a>>.<br>
�<br>
Another related term in information systems is namespace<br><<a href="http://en.wikipedia.org/wiki/Namespace_%28computer_science%29" target="_blank">http://en.wikipedia.org/wiki/Namespace_%28computer_science%29</a>>, <br>
often used in relation to wiki structures and directory <br>
services <<a href="http://en.wikipedia.org/wiki/Directory_service" target="_blank">http://en.wikipedia.org/wiki/Directory_service</a>>.<br>
�<br>
In identity management, two of the main systems of categories, or <br>
taxonomies, would be categories of entities and categories of attributes. <br>
Attributes are themselves categories of values (the attribute "color" is a <br>
category of colors: red, blue, green, etc.).<br>
�<br>
Examples of high-level categories of entities might include:<br>
�<br>
- people<br>
- groups<br>
- organizations<br>
- places<br>
- internet technologies<br>
- devices<br>
�<br>
Examples of very high-level categories of attributes could include:<br>
�<br>
- Material properties <<a href="http://en.wikipedia.org/wiki/Material_properties" target="_blank">http://en.wikipedia.org/wiki/Material_properties</a>><br>
- Chemical properties <<a href="http://en.wikipedia.org/wiki/Chemical_property" target="_blank">http://en.wikipedia.org/wiki/Chemical_property</a>><br>
- Physical properties <<a href="http://en.wikipedia.org/wiki/Physical_property" target="_blank">http://en.wikipedia.org/wiki/Physical_property</a>><br>
- Mental properties <<a href="http://en.wikipedia.org/wiki/Mental_properties" target="_blank">http://en.wikipedia.org/wiki/Mental_properties</a>><br>
- Economic attributes<br>
�<br>
These taxonomies become semantic web<<a href="http://en.wikipedia.org/wiki/Semantic_web" target="_blank">http://en.wikipedia.org/wiki/Semantic_web</a>><br>
ontologies <<a href="http://en.wikipedia.org/wiki/Ontology_%28computer_science%29" target="_blank">http://en.wikipedia.org/wiki/Ontology_%28computer_science%29</a>><br>when they are defined in
machine-readable protocols such as:<br>
�<br>
- Resource Description Framework<<a href="http://en.wikipedia.org/wiki/Resource_Description_Framework" target="_blank">http://en.wikipedia.org/wiki/Resource_Description_Framework</a>>(RDF)<br>
- Web Ontology Language<<a href="http://en.wikipedia.org/wiki/Web_Ontology_Language" target="_blank">http://en.wikipedia.org/wiki/Web_Ontology_Language</a>>(OWL)<br>
- Extensible Markup Language <<a href="http://en.wikipedia.org/wiki/XML" target="_blank">http://en.wikipedia.org/wiki/XML</a>> (XML)<br>
- Simple Object Access Protocol <<a href="http://en.wikipedia.org/wiki/SOAP" target="_blank">http://en.wikipedia.org/wiki/SOAP</a>>(SOAP)<br>
- Description of a Project <<a href="http://en.wikipedia.org/wiki/DOAP" target="_blank">http://en.wikipedia.org/wiki/DOAP</a>> (DOAP) <br>�
(an RDF schema <<a href="http://en.wikipedia.org/wiki/RDF_Schema" target="_blank">http://en.wikipedia.org/wiki/RDF_Schema</a>> and XML<br>� <<a href="http://en.wikipedia.org/wiki/Extensible_Markup_Language" target="_blank">http://en.wikipedia.org/wiki/Extensible_Markup_Language</a>>vocabulary to describe software project)<br>
- Service Provisioning Markup Language<<a href="http://en.wikipedia.org/wiki/Service_Provisioning_Markup_Language" target="_blank">http://en.wikipedia.org/wiki/Service_Provisioning_Markup_Language</a>>(SPML)<br>
�� is an
XML <<a href="http://en.wikipedia.org/wiki/XML" target="_blank">http://en.wikipedia.org/wiki/XML</a>>-based framework, being developed <br>�
by OASIS <<a href="http://en.wikipedia.org/wiki/OASIS_%28organization%29" target="_blank">http://en.wikipedia.org/wiki/OASIS_%28organization%29</a>>, for <br>�
exchanging user, resource and service provisioning information between <br>� cooperating organizations<br>
- Friend of a friend <<a href="http://en.wikipedia.org/wiki/FOAF_%28software%29" target="_blank">http://en.wikipedia.org/wiki/FOAF_%28software%29</a>>(FOAF) (a machine-readable <br>
ontology <<a href="http://en.wikipedia.org/wiki/Ontology_%28computer_science%29" target="_blank">http://en.wikipedia.org/wiki/Ontology_%28computer_science%29</a>>describing persons, their activities and their relations to other people <br>
and objects.<br>
�<br>
*Linked Data* <<a href="http://en.wikipedia.org/wiki/Linked_Data" target="_blank">http://en.wikipedia.org/wiki/Linked_Data</a>><br>
�<br>
One great advantage of machine-readable ontologies is the ability to <br>
semantically link data across the web.<br>
�<br>
*Linking open-data community project*<br>
�<br>
The goal of the W3C Semantic Web Education and Outreach<<a href="http://en.wikipedia.org/w/index.php?title=Semantic_Web_Education_and_Outreach&action=edit&redlink=1" target="_blank">http://en.wikipedia.org/w/index.php?title=Semantic_Web_Education_and_Outreach&action=edit&redlink=1</a>>group's Linking
<p>( . . . )</p><p>[The preceding was an excerpt from a recent addition to the <b>PeerPoint Open Requirements Definition and Design Specification Proposal</b>
(currently a shared Google Doc at <a href="https://docs.google.com/document/d/1TkAUpUxdfKGr_5Qio2SlZcnBu_sgnZWdoVTZuD_Regs/edit#" target="_blank">https://docs.google.com/document/d/1TkAUpUxdfKGr_5Qio2SlZcnBu_sgnZWdoVTZuD_Regs/edit#</a> ). The PeerPoint project is an open and
collaborative effort to develop requirements, standards, and
specifications for peer-to-peer internet technologies that will promote
fair and sustainable societies. On-going updates to this topic will be
made at the above link. Your collaboration is invited! - PR]</p>
</ul><br></div><br>
</div><br>