[Wg-uma] Terminology and identity (!) progress

j stollman stollman.j at gmail.com
Fri Sep 4 09:44:19 PDT 2009


I like the concepts you presented and believe that providing some
diagrammatic context would further clarify how this approach would allow us
to better analyze the relationships.


On Fri, Sep 4, 2009 at 11:46 AM, Eve Maler <eve at xmlgrrl.com> wrote:

> In the last call, we had some fascinating discussion about terminology that
> is dovetailing nicely with the (also fascinating) discussion we had about
> entity #5 -- the natural or legal person "behind" the requesting side.
> First, a summary of the terms we chose:
>        User - Authz Manager (AM) - Host - Requester - (entity #5)
> Offline, I've been discussing with Christian some of the subtleties of who
> knows what about whom, and how we can maybe get closer to using OAuth
> directly.  This resulted in our using a new kind of convention that I
> suspect will be very helpful going forward.  I hope Christian will jump into
> this thread with his take!
> The convention is to "index" the entity with some unique local identity
> that it knows about: entity(id).  When I say "identity", I don't mean that
> we are relying on any understanding of that identity on the part of any
> other entity!  It's entirely local.
> For example, I can explain the existing ProtectServe sketch by observing
> that:
> - AM and Host may have never met before, but each is ProtectServe-enabled
> - User Alice introduces Host(Alice) to AM(Alice) through an OAuth-based
> approval interaction
> - Thereafter, Consumer(Bob) attempts access to a resource controlled by
> Host(Alice)
> - Host(Alice) asks AM(Alice) for a ruling on whether to allow access by
> Consumer(Bob)
> - The terms offered by AM(Alice) are demonstrated to have been met by
> Consumer(Bob)
> - Thus, Alice and Bob now have a contract between them
> - etc.
> This helps us ask questions like: How do we protect AM(Alice) and AM(Carol)
> from problematic interactions?  How does Alice know it's Bob ultimately
> doing the asking?  In what sense do Alice and Bob really have an enforceable
> contract?  (Our early ProtectServe work did confront and try to answer
> *some* of these questions and we think we have useful answers, but our
> answers might very well be wrong.)
> And notice that, without having a name for entity #5 as a general category
> yet, we now have Bob as an instance of that category.  (Really, we've said
> that our instances of entity #5 should be "services" and not "people", so we
> could talk about BobCo if we want).
> (I have some really old ProtectServe-related diagrams that reflected all of
> this -- I could revise to show the new terms, if anyone is interested...
>  Let me know.)
>        Eve
> Eve Maler
> eve at xmlgrrl.com
> http://www.xmlgrrl.com/blog
> _______________________________________________
> Wg-uma mailing list
> Wg-uma at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma_kantarainitiative.org

Jeff Stollman
stollman.j at gmail.com
1 202.683.8699
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-uma_kantarainitiative.org/attachments/20090904/f959104c/attachment.html>

More information about the Wg-uma mailing list