[Wg-uma] Terminology and identity (!) progress

Eve Maler eve at xmlgrrl.com
Fri Sep 4 08:46:19 PDT 2009


In the last call, we had some fascinating discussion about terminology  
that is dovetailing nicely with the (also fascinating) discussion we  
had about entity #5 -- the natural or legal person "behind" the  
requesting side.

First, a summary of the terms we chose:

	User - Authz Manager (AM) - Host - Requester - (entity #5)

Offline, I've been discussing with Christian some of the subtleties of  
who knows what about whom, and how we can maybe get closer to using  
OAuth directly.  This resulted in our using a new kind of convention  
that I suspect will be very helpful going forward.  I hope Christian  
will jump into this thread with his take!

The convention is to "index" the entity with some unique local  
identity that it knows about: entity(id).  When I say "identity", I  
don't mean that we are relying on any understanding of that identity  
on the part of any other entity!  It's entirely local.

For example, I can explain the existing ProtectServe sketch by  
observing that:

- AM and Host may have never met before, but each is ProtectServe- 
enabled
- User Alice introduces Host(Alice) to AM(Alice) through an OAuth- 
based approval interaction
- Thereafter, Consumer(Bob) attempts access to a resource controlled  
by Host(Alice)
- Host(Alice) asks AM(Alice) for a ruling on whether to allow access  
by Consumer(Bob)
- The terms offered by AM(Alice) are demonstrated to have been met by  
Consumer(Bob)
- Thus, Alice and Bob now have a contract between them
- etc.

This helps us ask questions like: How do we protect AM(Alice) and AM 
(Carol) from problematic interactions?  How does Alice know it's Bob  
ultimately doing the asking?  In what sense do Alice and Bob really  
have an enforceable contract?  (Our early ProtectServe work did  
confront and try to answer *some* of these questions and we think we  
have useful answers, but our answers might very well be wrong.)

And notice that, without having a name for entity #5 as a general  
category yet, we now have Bob as an instance of that category.   
(Really, we've said that our instances of entity #5 should be  
"services" and not "people", so we could talk about BobCo if we want).

(I have some really old ProtectServe-related diagrams that reflected  
all of this -- I could revise to show the new terms, if anyone is  
interested...  Let me know.)

	Eve

Eve Maler
eve at xmlgrrl.com
http://www.xmlgrrl.com/blog



More information about the Wg-uma mailing list