Links

Ben Laurie blathering


Attribute Management

Someone called “Steve” commented on an earlier post

By accepting the term “identity management” you’re already conceding too much. Think anonymous “rights management” or “capability management” instead. There’s a body of security literature on “ticket-based” systems in which a user’s right to do something can be verified securely without knowing the identity of the user. That should be the starting point. I would be opposed to a National Identity Card, but perhaps a ‘Nonymous Authorization Card would be A Good Thing — got the NAC?

The incorrectness of the term “identity management” is something that’s been nagging at me for a while. It gives entirely the wrong message – though what we’re really interested in is not exactly what Steve suggests. I think I prefer the term “attribute management”, because it isn’t just about authorisation, its about managing information about yourself.

But I’d be happy to hear other suggestions.

An Anonymous Authorization Card is exactly what should be used instead of an identity card. He’s spot on on that point.

2 Comments

  1. Ben, the 3-layer model I use consists of the following:

    Attributes (support assertions about the user)
    Entitlements (support assertions about authorisation)
    Credentials (support assertions about the user’s identity)

    As subsequent traffic on the idworkshop alias implies,
    credentials are actually ‘just’ specific attributes which
    have been encapsulated in a robust form (a passport, a
    digital certificate &c).

    Hope this helps,

    Robin

    Comment by Robin Wilton — 29 Aug 2006 @ 11:57

  2. Ah … here we go again … symantics! By “identity”, Steve probably mean (1) the ability to link a digital persona to a physical person — to be able to *identify* the person (or other entity). One could alternatively define “identity” to mean (2) any digital persona — anonymous (linked to user is unknown) or unanonymous (linked to user is well-known). I believe (2) is a definition which could serve the community better as it allows for discussions of anonymity separately from the discussion of strong identities/personas.

    Comment by P.T. Ong — 30 Aug 2006 @ 20:10

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress