rainer at hoerbe.at
Tue Nov 30 11:23:22 EST 2010
In the context of use cases, the term actor is accepted in the industry, although some use the language that Alice an Bob are actors who play the roles Sales Manager and Customer. However, a role must be labeled with a noun, not a process description like "issue credentials".
So for the purpose of IDM use cases I think we can do well with the term actors alone and skip the discussion about roles.
Am 30.11.2010 um 17:10 schrieb Bob Pinheiro:
> As a johnny-come-lately to this conversation, I hope I am not disturbing what may have already been settled beforehand. But to the extent that this privacy work is going to use terms such as "actors" and "roles", to me it seems reasonable that these terms should be defined in a way that reflects our everyday understanding of actors and roles. In real life, actors play various roles, depending on the situation at hand. For example, Basil Rathbone (an actor) played the role of Sherlock Holmes in some movies (situations), and played other roles in other movies. So to the extent that entities such as Subjects, Identity Providers, Relying Parties, and Attribute Providers/Assurers are "actors", their roles designate functions they perform in different situations. For example, an actor such as an Identity Provider plays several roles: it performs identity proofing, issues credentials to Subjects, authenticates Subjects on the basis of presented credentials, and issues assertions/claims to a Relying Party.
> If it were meaningful to do so, different actors could instead be defined that perform each of these roles, which would have some implication for trust relationships. For instance, you could have a Registration Agent actor playing the role of identity proofer, a Credential Service Provider actor playing the role of the credential issuer, and an Identity Provider actor playing the role of authenticator and issuer of assertions/claims. In this case, there would be some sort of trust relationship between the Registration Agent and the Credential Service Provider, for instance. And so on.
> On 11/30/2010 10:06 AM, Rainer Hörbe wrote:
>> I agree with you, that roles and actors are the same for our purposes, like subject, IdP, RP, as described in the Constellations/Use Cases document.
>> The role definition in the multi-level-security model is in need of an update, and I plan to do this later this month. Anyway, it is still work in progress. (http://cmmls.portalverbund.at:8080/cmmls/ for those who did not see it)
>> Am 30.11.2010 um 14:20 schrieb j stollman:
>>> I realize that a minor problem we have in gaining a common understanding with regards to Trust Frameworks is over the use of the terms "roles." I have always considered "roles" to be something that requires an actor. When I use the term "role," I refer to actors such as Subjects, Identity Providers, Relying Parties, and Attribute Providers/Assurers. You use the term "role" to refer to a function being performed such as authorization or identity proofing.
>>> Of course, there is no right or wrong here. But I think that we need to have consistency of terms in order to prevent talking past each other (as well as talking past everyone else). The key is to agree on definitions of terms that are used by the majority of people working in this space in order not to have to re-educate great masses of participants/contributors.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-IDAssurance