Difference between revisions of "Identity Taxonomy"

From MgmtWiki
Jump to: navigation, search
(List of Roles)
(List of Roles)
 
(44 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
===Purpose and Scope===
 
===Purpose and Scope===
 
*This page is designed to lead users to the right page on this wiki. The terms are defined precisely in the way that the are used on this wiki and will assuredly differ from usages on other sites, which are not consistent.
 
*This page is designed to lead users to the right page on this wiki. The terms are defined precisely in the way that the are used on this wiki and will assuredly differ from usages on other sites, which are not consistent.
*This site focuses on rich text sites rather than voice or email interchanges.
+
*This site focuses on rich text [[Web Site]]s rather than voice, email or similar interchanges except as they are used in [[User]]  [[Authentication]].
  
 
===Context===
 
===Context===
Interchanges among (1) users, (2) identifier and attribute providers, and (2) relying parties. Not part of this context are other trusted third parties.
+
Interchanges among (1) users, (2) identifier and attribute providers, and (3) relying parties. Not part of this particular wiki context are other [[Trusted Third Party|trusted third parties]].
  
 
==Real World Subjects==
 
==Real World Subjects==
  
===Real World Entities===
+
===Real World (Legal) Entities===
  
[[User]] is the subject that is trying to access resources on the internet.
+
A [[User]] is a [[Subject]] that is trying to access resources on the internet. Without other modifiers it is considered to be a natural human being.
  
[[Business]] provides goods or services in the real or digital world. It is not otherized to use force beyond its own physical real-estate.
+
An incorporated [[Business]] or non-governmental organization provides goods or services in the real or digital world. It is not authorized to use force beyond its own physical real-estate.
  
[[Government]] is a sovereign entity that uses force within its jurisdiction to enforce its laws and regulations.
+
A [[Government]] is a sovereign entity that uses force within its jurisdiction to enforce its laws and regulations.
  
[[Site]] or [[Web Site]] is a target of some interaction over the internet using the HTTP protocol.
+
An [[Organization]] or an [[Enterprise]] is either a government or other legal [[Entity]], but not a natural human being. It is considered to have Propriety Business information (or state secrets), but not to have any privacy rights.
 +
 
 +
===Virtual Entities===
 +
A [[Brand]] or Doing-Business-As (DBA) is typically a legally protected [[Identifier]] but not a legal [[Entity]].
 +
 
 +
Many end-points (aka [[URL]]s) have been assigned and acquired TLS certificates that are deliberately misleading. An attempt to remedy this problem with [[EV Cert]]s has only helped at the margin. Malicious [[Web Site]]s have found ways to get them and still mislead [[User]]s.
 +
 
 +
A [[Subject]] may very well be a [[Pseudonym]] or brand experience and not a human being. A [[Subject]] is not necessarily a legal [[Entity]].
 +
 
 +
===Digital Entities===
 +
 
 +
A [[Site]] or [[Web Site]] is a target of some interaction over the internet using the HTTP protocol. As of today the site is know by its [[URL]], but there is a proposal to give it a [[Trusted Identifier]].
 +
 
 +
[[Data Controller]] is a term used by the [[GDPR]] to describe any site that controls [[User Information]]. Presumably it is some sort of legal [[Entity]]. It is not a term that is much used on this wiki.
  
 
===Real World Interactions===
 
===Real World Interactions===
Line 32: Line 45:
  
 
[[B2G]] = business to government.
 
[[B2G]] = business to government.
 +
 +
==Identifiers==
 +
While it is not possible to completely disentangle the varieties of [[Identifier]] that are available today, there is a list on the wiki page [[Identifier#Solutions|Identifier]] that might be helpful. In broad terms [[Identifier]]s are broken down into:
 +
*[[Subject ID]] which can be either a real person, a legal person or an artificial person.
 +
*[[Web Site Identity]] which identifies an entity on the web which must be clearly identified and clearly has no privacy rights on its own behalf.
  
 
==List of High-level Functions==
 
==List of High-level Functions==
Line 40: Line 58:
 
[[Resource]] is a function of a site that authorizes access based on grants from verified user claims.
 
[[Resource]] is a function of a site that authorizes access based on grants from verified user claims.
  
[[Provider]] is a function of a site that  
+
[[Provider]] is a function of a site that that exposes [[Resource]]s, or is an [[Identifier or Attribute Provider]] or is a [[Trusted Third Party]].
  
 
[[Entity]] is a named digital site on the internet that will host one or more functions.
 
[[Entity]] is a named digital site on the internet that will host one or more functions.
Line 46: Line 64:
 
==List of Low-level Functions==
 
==List of Low-level Functions==
  
[[Attestation]]
+
[[Attested|Attestation]]
  
 
[[Authentication]]
 
[[Authentication]]
Line 61: Line 79:
  
 
[[Identifier or Attribute Provider]] is a role that can provide [[Validated]] identifier or attributes that apply to a [[User]].
 
[[Identifier or Attribute Provider]] is a role that can provide [[Validated]] identifier or attributes that apply to a [[User]].
 +
 +
[[Trusted Third Party]] is any of a variety of [[Data Controller]]s with access to [[User Private Information]], for example [[Privacy Enhancing Technology Provider]].
 +
 +
[[Data Ownership]] is a dangerous idea https://digitalprivacy.news/2020/03/30/harvards-elizabeth-renieris-data-ownership-is-dangerous/
  
 
==Abstract Subjects==
 
==Abstract Subjects==
Line 72: Line 94:
 
[[Trust]]
 
[[Trust]]
  
[[User]], [[Subject]], [[Principal]] are all synonyms at one level or another. [[User]] is preferred when a live human being is intended, [[Subject]] when unclear.
+
[[User]], [[Subject]], [[Principal]], Patient and [[Consumer]]
 +
are all synonyms at one level or another. [[User]] is preferred when a live human being is intended, [[Subject]] when unclear.
 +
 
 +
[[User Information]] is composed of [[User Private Information]] and [[User Public Information]].
 +
 
 +
[[Right to be Forgotten]] is an attempt in Europe to allow a [[User]] to reclassify [[User Public Information]] into [[User Private Information]].
  
 
[[Category:Glossary]]
 
[[Category:Glossary]]

Latest revision as of 17:36, 8 April 2020

Full Title or Meme

This is a list of terms and the way that they are used on this wiki.

Purpose and Scope

  • This page is designed to lead users to the right page on this wiki. The terms are defined precisely in the way that the are used on this wiki and will assuredly differ from usages on other sites, which are not consistent.
  • This site focuses on rich text Web Sites rather than voice, email or similar interchanges except as they are used in User Authentication.

Context

Interchanges among (1) users, (2) identifier and attribute providers, and (3) relying parties. Not part of this particular wiki context are other trusted third parties.

Real World Subjects

Real World (Legal) Entities

A User is a Subject that is trying to access resources on the internet. Without other modifiers it is considered to be a natural human being.

An incorporated Business or non-governmental organization provides goods or services in the real or digital world. It is not authorized to use force beyond its own physical real-estate.

A Government is a sovereign entity that uses force within its jurisdiction to enforce its laws and regulations.

An Organization or an Enterprise is either a government or other legal Entity, but not a natural human being. It is considered to have Propriety Business information (or state secrets), but not to have any privacy rights.

Virtual Entities

A Brand or Doing-Business-As (DBA) is typically a legally protected Identifier but not a legal Entity.

Many end-points (aka URLs) have been assigned and acquired TLS certificates that are deliberately misleading. An attempt to remedy this problem with EV Certs has only helped at the margin. Malicious Web Sites have found ways to get them and still mislead Users.

A Subject may very well be a Pseudonym or brand experience and not a human being. A Subject is not necessarily a legal Entity.

Digital Entities

A Site or Web Site is a target of some interaction over the internet using the HTTP protocol. As of today the site is know by its URL, but there is a proposal to give it a Trusted Identifier.

Data Controller is a term used by the GDPR to describe any site that controls User Information. Presumably it is some sort of legal Entity. It is not a term that is much used on this wiki.

Real World Interactions

This is a list of all the non-governmental initiated interactions on the internet. The first entity is the initiator and the second the responder. While C2C is conceivable, it is not yet widespread beyond email and voice.

C2B = consumer to business.

C2G = consumer to government.

B2B = business to business.

B2G = business to government.

Identifiers

While it is not possible to completely disentangle the varieties of Identifier that are available today, there is a list on the wiki page Identifier that might be helpful. In broad terms Identifiers are broken down into:

  • Subject ID which can be either a real person, a legal person or an artificial person.
  • Web Site Identity which identifies an entity on the web which must be clearly identified and clearly has no privacy rights on its own behalf.

List of High-level Functions

These functions will likely be used in different combinations by any real world digital entity.

Claimant is a real-world entity that claims ownership of some set of identifiers and attributes.

Resource is a function of a site that authorizes access based on grants from verified user claims.

Provider is a function of a site that that exposes Resources, or is an Identifier or Attribute Provider or is a Trusted Third Party.

Entity is a named digital site on the internet that will host one or more functions.

List of Low-level Functions

Attestation

Authentication

Authorization

Validation

List of Roles

User Agent is a role of a digital entity that operates only on behalf and at the consent of the user. It may be on a device or in the cloud.

Relying Party is a role that can operate as a client of the user if it is granted the right to do so.

Identifier or Attribute Provider is a role that can provide Validated identifier or attributes that apply to a User.

Trusted Third Party is any of a variety of Data Controllers with access to User Private Information, for example Privacy Enhancing Technology Provider.

Data Ownership is a dangerous idea https://digitalprivacy.news/2020/03/30/harvards-elizabeth-renieris-data-ownership-is-dangerous/

Abstract Subjects

General Theory of Living Systems

Identity Model

Laws of Security

Trust

User, Subject, Principal, Patient and Consumer are all synonyms at one level or another. User is preferred when a live human being is intended, Subject when unclear.

User Information is composed of User Private Information and User Public Information.

Right to be Forgotten is an attempt in Europe to allow a User to reclassify User Public Information into User Private Information.