[Wg-uma] Technology matrix

Eve Maler eve at xmlgrrl.com
Mon Oct 5 15:58:07 EDT 2009

I've revised the technology matrix; please let me know what additional  
comments you have, and if you find this useful in general.  I changed  
one row description, added and revised some cell entries, and added a  
whole new section at the bottom that explains the feature row meanings.



On 28 Sep 2009, at 6:08 PM, Eve Maler wrote:

> I don't want to "over-rotate" on the matrix too much.  I have found  
> it a useful tool in quickly explaining how the UMA idea is (e.g.)  
> similar to and different from XACML, OAuth, etc., but it's  
> impossible to be mathematically precise with such brief statements  
> of comparison.
> That said, here are some fresh thoughts in response to Nat's  
> comments; more input welcome:
> On 23 Sep 2009, at 6:31 PM, Nat Sakimura wrote:
>> Adding bootstrapping row is a good idea.
> I can definitely see the appeal, but I'm not sure where it will  
> end. :-)  This is intended to quickly highlight where UMA "sits"  
> relative to other technology items on the landscape, not to be  
> exhaustive.  Would adding it contribute to a better understanding of  
> UMA?  (I'm really asking.)
>> Also, security characteristic and its relationship to a relevant  
>> legal
>> framework (though not strictly technical) would be nice to have.
> Probably there is a very wide range to cover here, even for each  
> column.  Can you suggest what the row would look like, so we can  
> consider it?  Are you thinking of something like "assurance", or  
> legal enforceability, or something else?
>> In addition, having the rows explained will be beneficial, at least  
>> to
>> me. I am not quite sure of some of the definition of the rows.
>> BTW, re: CX, are we talking about an abstract CX or OpenID binding?
>> Notion of CX is pretty abstract. It is an online contracting
>> framework. Subsequent action can be anything as long as it is written
>> in the contract. (It could be a physical delivery of something, for
>> example, like magazine subscription, or service like hotel room.)
> We could do both, but I did mean to cover OpenID CX.  You're right,  
> my coverage of it was totally insufficient, and I will use your  
> suggestions just below.
>> If we were talking about CX+AX, I guess (since I do not fully
>> understand the definition of the row) the following would be  
>> supported
>> in addition:
>> login-time attribute transfer
>> back-channel controlled access
>> on-board storage of user data
>> co-ownership of write access: pseudo
>> Also, I was not sure of the meaning of "binding of ID(s) to data  
>> shared".
>> If id_select is a late binding mechanism, then CX can also be
>> considered late binding ...
>> As it is a contract, it cannot be later than the time of enacting the
>> contract though.
> I was thinking it would be early-bound to the OpenID (or other  
> identity in the generic version?) that was wielded, rather than  
> being entirely agnostic as to the identifier system in use.  But I'm  
> not positive this is correct.
>> If the definition of the rows can be clearer, I could shed more  
>> light on them.
>> One last note: there can be CX+OAuth etc. as well.
> Since I didn't have an explanation of CX+OAuth available, I stuck  
> with what I (imperfectly) knew...
> The Confluence wiki is down (they had a major outage today and are  
> still picking up the pieces), so when I can get access to the matrix  
> I'll edit it some more, and also grab all the rows and offer an  
> explanation for them.
> 	Eve
> Eve Maler
> eve at xmlgrrl.com
> http://www.xmlgrrl.com/blog
> _______________________________________________
> Wg-uma mailing list
> Wg-uma at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma_kantarainitiative.org

Eve Maler
eve at xmlgrrl.com

More information about the Wg-uma mailing list