Re: [Ideas] Diasambugating Identifier and Identity

[Robert Moskowitz <rgm-ietf@htt-consult.com>]

On 04/14/2017 02:45 AM, Michael Menth wrote:
> Hi Robert, hi all,
>
> thanks for your thought-provoking mail. Reading the definitions gave me
> the impression that identities can have very different properties
> depending on their domains. I feel the text is stimulating but too long
> for a definition.

Good point.  After 20+ years of working on Identity vs Identifier, it is 
hard for me to reduce the discussion down to a concise paragraph.  I 
have seen too many domains of applicabilty to say, "this can't be so."

Plus as the originator of self-proving ownership of an Identity with 
domain-specific statistically unique Identifiers, I have argued all 
sides of this subject.

> What about:
>
> An identity (Idy) is a distinguishable entity within its domain.
>
> An identifier (Idf) is a label for an Idy. An Idy may have multiple
> Idfs.
>
> Anything beyond this definition are valid observations that show the
> diverse properties of domain-specific Idys. A discussion including
> examples for entities and domains is helpful for illustration. This also
> pertains to the relation between objects and Idys.

And then have a section that goes a little in depth on Identity and 
Identifier.  A can work with that.


>
> Regards,
>
> Michael
>
> Am 14.04.2017 um 01:58 schrieb Robert Moskowitz:
>> I am finally getting back to this subject.
>>
>>
>> On 03/28/2017 12:07 PM, Robert Moskowitz wrote:
>>> The Identifier/Identity definitions in
>>> draft-padma-ideas-problem-statement-01.txt is a good start, it fails
>>> in the appreviations used. (There is NO abbreviation for Identity!)
>>>
>>> ID should NOT be the appreviation of Identitfier.  People will default
>>> to thinking 'Identity' when they see it.  Think about people outside
>>> our discussion group.
>>>
>>> I propose 'IDf' for Identifier.  'ID' is too owned by Identity.
>>>
>>> I will be working on proposed wording to improve these definitions.
>> I have worked up definitions, sent it out to a few reviewers, got some
>> comments and questions.  First my current draft, then a few questions:
>>
>> Replacement text for:    draft-padma-ideas-problem-statement
>>
>> Identity (Abbr: IDT or IDt):    A collection of information that is
>> unique to an object and differentiates it from all other objects.
>>
>> An identity consists of information that is stated about the object by
>> itself or a governing authority. It consists of a set of attributes
>> and/or actions the object can take.  An Identity may be assigned a
>> lifetime (e.g., a time period), which is determined by either the object
>> or the governing authority responsible for defining the identity of the
>> object, or a designated third party. An object can have multiple
>> Identities and can create and discard Identities at will.  An Identity
>> may be ‘indestructible’. That is, it is so unique and non replicatible
>> that no other object could ever duplicate it, nor can the object discard
>> it within its lifetime without being a ‘clone’ object.  Identity is used
>> in authentication registration and policy ownership proofs.
>>
>>
>> Identifier (Abbr: IDF or IDf):    A label that is unique for an object a
>> particular scope.
>>
>> The label follows strict construction rules for the objects and the
>> context that the label is applied to.  For a particular context, an
>> Identifier is used to reference an Identity for the object.  In most
>> cases, an Identifier is bound to an Identity through some trusted
>> mechanism.  An Identity can have different Identifiers, potentially
>> following different construction rules, for different contexts and/or
>> domains of applicability.
>>
>>
>> ==========
>>
>> Now onto a few questions:
>>
>> Per: "An object can have multiple Identities" clause, I am challenged with
>>
>> "This is VERY dangerous. In most software systems, it is the
>> responsibility of the management system to assign a single identity to
>> an object when it is created. If an object has multiple identities, it
>> could suffer from 'multiple personality syndrome'.
>>
>> More importantly, if the object is allowed to create and discard
>> identities at will, how do other objects know that the object is who it
>> attests to be?"
>>
>> I think it is very important for some situations for support of multiple
>> Identities.  No all.  There are domains as indicated above where it
>> causes big problems.
>>
>> Per: "An Identity may be ‘indestructible’." clause, I am challenged with
>>
>> "This doesn’t make any sense. Why would anyone care if the identity is
>> indestructible or not?"
>>
>> I can think of examples of such Identities, or claim of such Identities,
>> like DNA.
>>
>> And finally, Per: "Identity is used in authentication registration and
>> policy ownership proofs." clause, I am challenged with
>>
>> "What does this mean?"
>>
>> I will have to work on this some more, or perhaps it does not belong in
>> the definition section.
>>
>> Comments please
>>
>> _______________________________________________
>> Ideas mailing list
>> Ideas@ietf.org
>> https://www.ietf.org/mailman/listinfo/ideas