[Wg-uma] Technology matrix
eve at xmlgrrl.com
Mon Oct 5 15:58:07 EDT 2009
I've revised the technology matrix; please let me know what additional
comments you have, and if you find this useful in general. I changed
one row description, added and revised some cell entries, and added a
whole new section at the bottom that explains the feature row meanings.
On 28 Sep 2009, at 6:08 PM, Eve Maler wrote:
> I don't want to "over-rotate" on the matrix too much. I have found
> it a useful tool in quickly explaining how the UMA idea is (e.g.)
> similar to and different from XACML, OAuth, etc., but it's
> impossible to be mathematically precise with such brief statements
> of comparison.
> That said, here are some fresh thoughts in response to Nat's
> comments; more input welcome:
> On 23 Sep 2009, at 6:31 PM, Nat Sakimura wrote:
>> Adding bootstrapping row is a good idea.
> I can definitely see the appeal, but I'm not sure where it will
> end. :-) This is intended to quickly highlight where UMA "sits"
> relative to other technology items on the landscape, not to be
> exhaustive. Would adding it contribute to a better understanding of
> UMA? (I'm really asking.)
>> Also, security characteristic and its relationship to a relevant
>> framework (though not strictly technical) would be nice to have.
> Probably there is a very wide range to cover here, even for each
> column. Can you suggest what the row would look like, so we can
> consider it? Are you thinking of something like "assurance", or
> legal enforceability, or something else?
>> In addition, having the rows explained will be beneficial, at least
>> me. I am not quite sure of some of the definition of the rows.
>> BTW, re: CX, are we talking about an abstract CX or OpenID binding?
>> Notion of CX is pretty abstract. It is an online contracting
>> framework. Subsequent action can be anything as long as it is written
>> in the contract. (It could be a physical delivery of something, for
>> example, like magazine subscription, or service like hotel room.)
> We could do both, but I did mean to cover OpenID CX. You're right,
> my coverage of it was totally insufficient, and I will use your
> suggestions just below.
>> If we were talking about CX+AX, I guess (since I do not fully
>> understand the definition of the row) the following would be
>> in addition:
>> login-time attribute transfer
>> back-channel controlled access
>> on-board storage of user data
>> co-ownership of write access: pseudo
>> Also, I was not sure of the meaning of "binding of ID(s) to data
>> If id_select is a late binding mechanism, then CX can also be
>> considered late binding ...
>> As it is a contract, it cannot be later than the time of enacting the
>> contract though.
> I was thinking it would be early-bound to the OpenID (or other
> identity in the generic version?) that was wielded, rather than
> being entirely agnostic as to the identifier system in use. But I'm
> not positive this is correct.
>> If the definition of the rows can be clearer, I could shed more
>> light on them.
>> One last note: there can be CX+OAuth etc. as well.
> Since I didn't have an explanation of CX+OAuth available, I stuck
> with what I (imperfectly) knew...
> The Confluence wiki is down (they had a major outage today and are
> still picking up the pieces), so when I can get access to the matrix
> I'll edit it some more, and also grab all the rows and offer an
> explanation for them.
> Eve Maler
> eve at xmlgrrl.com
> Wg-uma mailing list
> Wg-uma at kantarainitiative.org
eve at xmlgrrl.com
More information about the Wg-uma