When we start talking about identity one of the first things in our minds is how we authenticate people. Today we do this many different ways in many different situations - uniforms and badges on police officers, UPS workers in UPS trucks, drivers licenses, passports, Yahoo! mail ids and on and on. Each of these ways of authenticating people is valid, depending on the situation of course.
In the digital world authentication and authorization take on a different scope. Once we authenticate a user, at some level of assurance, we need to determine what rights and privileges that the entity has within the system or transaction. To do this we must determine some other information about the user - some set of attributes. This is where the conversation gets interesting.
When we begin to discuss attributes the first thing we see is an issue with the definition of what an attribute is versus what ones identity is. Some would argue that outside of a biometric that everything is an attribute as it is asserted by someone else. Others would argue that fundamental data sets created by authoritative sources assert identity and are therefore identity assurances, the level of which can be determined by looking at practice of issuance. So as you can see we start the discussion with a range of opinions on what we should even be including in the bucket.
The next challenge in the discussion then becomes how do we understand the differences in attribute descriptors and use. In some cultures ones last name is in fact stated as the first name and exists as such in records. The range of these "discrepancies" within an environment can be extensive and as that environment grows, think globally, it becomes even a greater challenge.
This is not a new discussion but in my next post I will talk about some of the existing approaches and propose an additional idea.
- Posted using BlogPress from my iPad
No comments:
Post a Comment