Re: [Ideas] Diasambugating Identifier and Identity

Michael Menth <> Fri, 14 April 2017 06:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C171912786A for <>; Thu, 13 Apr 2017 23:46:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Hbfv1Fs60q4L for <>; Thu, 13 Apr 2017 23:46:22 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 617E3127BA3 for <>; Thu, 13 Apr 2017 23:46:20 -0700 (PDT)
Received: from [] ( []) by (Postfix) with ESMTPSA id 722F983C9E for <>; Fri, 14 Apr 2017 08:46:18 +0200 (CEST)
References: <> <>
From: Michael Menth <>
Message-ID: <>
Date: Fri, 14 Apr 2017 08:45:56 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [Ideas] Diasambugating Identifier and Identity
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 14 Apr 2017 06:46:26 -0000

Hi Robert, hi all,

thanks for your thought-provoking mail. Reading the definitions gave me
the impression that identities can have very different properties
depending on their domains. I feel the text is stimulating but too long
for a definition.

What about:

An identity (Idy) is a distinguishable entity within its domain.

An identifier (Idf) is a label for an Idy. An Idy may have multiple

Anything beyond this definition are valid observations that show the
diverse properties of domain-specific Idys. A discussion including
examples for entities and domains is helpful for illustration. This also
pertains to the relation between objects and Idys.



Am 14.04.2017 um 01:58 schrieb Robert Moskowitz:
> I am finally getting back to this subject.
> On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
>> The Identifier/Identity definitions in
>> draft-padma-ideas-problem-statement-01.txt is a good start, it fails
>> in the appreviations used. (There is NO abbreviation for Identity!)
>> ID should NOT be the appreviation of Identitfier.  People will default
>> to thinking 'Identity' when they see it.  Think about people outside
>> our discussion group.
>> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>> I will be working on proposed wording to improve these definitions.
> I have worked up definitions, sent it out to a few reviewers, got some
> comments and questions.  First my current draft, then a few questions:
> Replacement text for:    draft-padma-ideas-problem-statement
> Identity (Abbr: IDT or IDt):    A collection of information that is
> unique to an object and differentiates it from all other objects.
> An identity consists of information that is stated about the object by
> itself or a governing authority. It consists of a set of attributes
> and/or actions the object can take.  An Identity may be assigned a
> lifetime (e.g., a time period), which is determined by either the object
> or the governing authority responsible for defining the identity of the
> object, or a designated third party. An object can have multiple
> Identities and can create and discard Identities at will.  An Identity
> may be ‘indestructible’. That is, it is so unique and non replicatible
> that no other object could ever duplicate it, nor can the object discard
> it within its lifetime without being a ‘clone’ object.  Identity is used
> in authentication registration and policy ownership proofs.
> Identifier (Abbr: IDF or IDf):    A label that is unique for an object a
> particular scope.
> The label follows strict construction rules for the objects and the
> context that the label is applied to.  For a particular context, an
> Identifier is used to reference an Identity for the object.  In most
> cases, an Identifier is bound to an Identity through some trusted
> mechanism.  An Identity can have different Identifiers, potentially
> following different construction rules, for different contexts and/or
> domains of applicability.
> ==========
> Now onto a few questions:
> Per: "An object can have multiple Identities" clause, I am challenged with
> "This is VERY dangerous. In most software systems, it is the
> responsibility of the management system to assign a single identity to
> an object when it is created. If an object has multiple identities, it
> could suffer from 'multiple personality syndrome'.
> More importantly, if the object is allowed to create and discard
> identities at will, how do other objects know that the object is who it
> attests to be?"
> I think it is very important for some situations for support of multiple
> Identities.  No all.  There are domains as indicated above where it
> causes big problems.
> Per: "An Identity may be ‘indestructible’." clause, I am challenged with
> "This doesn’t make any sense. Why would anyone care if the identity is
> indestructible or not?"
> I can think of examples of such Identities, or claim of such Identities,
> like DNA.
> And finally, Per: "Identity is used in authentication registration and
> policy ownership proofs." clause, I am challenged with
> "What does this mean?"
> I will have to work on this some more, or perhaps it does not belong in
> the definition section.
> Comments please
> _______________________________________________
> Ideas mailing list

Prof. Dr. habil. Michael Menth
University of Tuebingen
Faculty of Science
Department of Computer Science
Chair of Communication Networks
Sand 13, 72076 Tuebingen, Germany
phone: (+49)-7071/29-70505
fax: (+49)-7071/29-5220