[Wg-uma] Terminology and identity (!) progress

Iain Henderson iain.henderson at mydex.org
Fri Sep 4 13:54:07 PDT 2009

Agreed, a diagram of these entities and the relationships between them  
would be very useful.

On 4 Sep 2009, at 17:44, j stollman wrote:

> Eve,
> I like the concepts you presented and believe that providing some  
> diagrammatic context would further clarify how this approach would  
> allow us to better analyze the relationships.
> Jeff
> On Fri, Sep 4, 2009 at 11:46 AM, Eve Maler <eve at xmlgrrl.com> wrote:
> In the last call, we had some fascinating discussion about  
> terminology that is dovetailing nicely with the (also fascinating)  
> discussion we had about entity #5 -- the natural or legal person  
> "behind" the requesting side.
> First, a summary of the terms we chose:
>       User - Authz Manager (AM) - Host - Requester - (entity #5)
> Offline, I've been discussing with Christian some of the subtleties  
> of who knows what about whom, and how we can maybe get closer to  
> using OAuth directly.  This resulted in our using a new kind of  
> convention that I suspect will be very helpful going forward.  I  
> hope Christian will jump into this thread with his take!
> The convention is to "index" the entity with some unique local  
> identity that it knows about: entity(id).  When I say "identity", I  
> don't mean that we are relying on any understanding of that identity  
> on the part of any other entity!  It's entirely local.
> For example, I can explain the existing ProtectServe sketch by  
> observing that:
> - AM and Host may have never met before, but each is ProtectServe- 
> enabled
> - User Alice introduces Host(Alice) to AM(Alice) through an OAuth- 
> based approval interaction
> - Thereafter, Consumer(Bob) attempts access to a resource controlled  
> by Host(Alice)
> - Host(Alice) asks AM(Alice) for a ruling on whether to allow access  
> by Consumer(Bob)
> - The terms offered by AM(Alice) are demonstrated to have been met  
> by Consumer(Bob)
> - Thus, Alice and Bob now have a contract between them
> - etc.
> This helps us ask questions like: How do we protect AM(Alice) and  
> AM(Carol) from problematic interactions?  How does Alice know it's  
> Bob ultimately doing the asking?  In what sense do Alice and Bob  
> really have an enforceable contract?  (Our early ProtectServe work  
> did confront and try to answer *some* of these questions and we  
> think we have useful answers, but our answers might very well be  
> wrong.)
> And notice that, without having a name for entity #5 as a general  
> category yet, we now have Bob as an instance of that category.   
> (Really, we've said that our instances of entity #5 should be  
> "services" and not "people", so we could talk about BobCo if we want).
> (I have some really old ProtectServe-related diagrams that reflected  
> all of this -- I could revise to show the new terms, if anyone is  
> interested...  Let me know.)
>       Eve
> Eve Maler
> eve at xmlgrrl.com
> http://www.xmlgrrl.com/blog
> _______________________________________________
> Wg-uma mailing list
> Wg-uma at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma_kantarainitiative.org
> -- 
> Jeff Stollman
> stollman.j at gmail.com
> 1 202.683.8699
> _______________________________________________
> Wg-uma mailing list
> Wg-uma at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma_kantarainitiative.org

Iain Henderson
iain.henderson at mydex.org

This email and any attachment contains information which is private  
and confidential and is intended for the addressee only. If you are  
not an addressee, you are not authorised to read, copy or use the e- 
mail or any attachment. If you have received this e-mail in error,  
please notify the sender by return e-mail and then destroy it.

More information about the Wg-uma mailing list