[Wg-uma] Terminology and identity (!) progress
eve at xmlgrrl.com
Sat Sep 5 08:36:45 PDT 2009
Here is a link to those historical diagrams I was referring to. In
the end, I decided not to update them, but to let them stand on their
own as windows into our early thinking, along with providing "modern"
BTW, I'm by no means ignoring Joe's really important post further in
the thread -- just want to take more time to digest it, and also I
think the diagrams may speak to some of the points...
(There are a few more diagrams I create a long, long time ago, when I
was first exposed to feed-based VRM and the "Mine!" concept, that I
can also share. They focus on classifying (1) types of data that
might be subject to management in the way we're talking about, and (2)
user and system interfaces that might be needed for to solve the
problem out to its edges. I'll add those to this same page when I get
a few more minutes free.)
On 4 Sep 2009, at 1:54 PM, Iain Henderson wrote:
> Agreed, a diagram of these entities and the relationships between
> them would be very useful.
> On 4 Sep 2009, at 17:44, j stollman wrote:
>> I like the concepts you presented and believe that providing some
>> diagrammatic context would further clarify how this approach would
>> allow us to better analyze the relationships.
>> On Fri, Sep 4, 2009 at 11:46 AM, Eve Maler <eve at xmlgrrl.com> wrote:
>> In the last call, we had some fascinating discussion about
>> terminology that is dovetailing nicely with the (also fascinating)
>> discussion we had about entity #5 -- the natural or legal person
>> "behind" the requesting side.
>> First, a summary of the terms we chose:
>> User - Authz Manager (AM) - Host - Requester - (entity #5)
>> Offline, I've been discussing with Christian some of the subtleties
>> of who knows what about whom, and how we can maybe get closer to
>> using OAuth directly. This resulted in our using a new kind of
>> convention that I suspect will be very helpful going forward. I
>> hope Christian will jump into this thread with his take!
>> The convention is to "index" the entity with some unique local
>> identity that it knows about: entity(id). When I say "identity", I
>> don't mean that we are relying on any understanding of that
>> identity on the part of any other entity! It's entirely local.
>> For example, I can explain the existing ProtectServe sketch by
>> observing that:
>> - AM and Host may have never met before, but each is ProtectServe-
>> - User Alice introduces Host(Alice) to AM(Alice) through an OAuth-
>> based approval interaction
>> - Thereafter, Consumer(Bob) attempts access to a resource
>> controlled by Host(Alice)
>> - Host(Alice) asks AM(Alice) for a ruling on whether to allow
>> access by Consumer(Bob)
>> - The terms offered by AM(Alice) are demonstrated to have been met
>> by Consumer(Bob)
>> - Thus, Alice and Bob now have a contract between them
>> - etc.
>> This helps us ask questions like: How do we protect AM(Alice) and AM
>> (Carol) from problematic interactions? How does Alice know it's
>> Bob ultimately doing the asking? In what sense do Alice and Bob
>> really have an enforceable contract? (Our early ProtectServe work
>> did confront and try to answer *some* of these questions and we
>> think we have useful answers, but our answers might very well be
>> And notice that, without having a name for entity #5 as a general
>> category yet, we now have Bob as an instance of that category.
>> (Really, we've said that our instances of entity #5 should be
>> "services" and not "people", so we could talk about BobCo if we
>> (I have some really old ProtectServe-related diagrams that
>> reflected all of this -- I could revise to show the new terms, if
>> anyone is interested... Let me know.)
eve at xmlgrrl.com
More information about the Wg-uma