Difference between revisions of "Identifier"
From MgmtWiki
(→Solutions) |
(→Asymmetry) |
||
| (19 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
| − | In this wiki all [[Identifier]]s apply only to digital [[Entity|entities]] which includes data base entries, like [[User Object]]s. [[Real-world name]]s are considered to be merely [[Attribute]]s. | + | * In this wiki all [[Identifier]]s apply only to digital [[Entity|entities]] which includes data base entries, like [[User Object]]s. [[Real-world name]]s are considered to be merely [[Attribute]]s. |
| + | * There is no meaningful distinction between a name and an [[Identifier]]. | ||
==Problems== | ==Problems== | ||
*There is a very real confusion in the real-world as to the meaning of terms used in [[Identity Management]]. | *There is a very real confusion in the real-world as to the meaning of terms used in [[Identity Management]]. | ||
*Lots of the energy spent by philosophers revolves around verbalism, or arguing about the meaning of words. | *Lots of the energy spent by philosophers revolves around verbalism, or arguing about the meaning of words. | ||
| − | *The page on [[Knowledge]] discusses these problems in more detail. | + | *The page on [[Knowledge]] discusses these problems in more detail. (tl;dr) |
| + | * The connection between digital entity identifiers and legal, or real-world identifiers is typically hazy. | ||
| + | ** The concept of [[Levels of Assurance]] (LOA) was introduced as a measure of the likelihood that a digital identifier really was the same as a real-world identifier. | ||
| + | |||
| + | ===Asymmetry=== | ||
| + | Clearly any large corporation has an immense advantage in every part of their relationship to a single human being. It is only the rule of law that prevents then from dictating every aspect of the interchange between each party. The wiki page [[Trusted Identifier]] drills into the impact of this asymmetry. | ||
==Solutions== | ==Solutions== | ||
| Line 14: | Line 20: | ||
*[[Artificial Identifier]] | *[[Artificial Identifier]] | ||
*[[Biometric Identifier]] | *[[Biometric Identifier]] | ||
| − | *[[Decentralized ID]] - aka the did is designed to support user creating and disabling of multiple [[Identifier]]s. | + | *[[Decentralized ID]] - aka the did is designed to support user creating and disabling of multiple [[Identifier]]s. This is the basis for [[Self-Sovereign Identity]]. |
*[[Digital object identifier]] - a standardized way to create an unique identifier for an object, like a document. | *[[Digital object identifier]] - a standardized way to create an unique identifier for an object, like a document. | ||
*[[Distributed ID]] - this is designed to allow the distribute of [[User Information]] or [[Attribute]]s across multiple sites. | *[[Distributed ID]] - this is designed to allow the distribute of [[User Information]] or [[Attribute]]s across multiple sites. | ||
| + | *[[Electronic Data Interchange]] (EDI aka TDCC) standardized labels from ANSI X12 | ||
| + | *[[Email Address]] - along with other [[Identifier]]s like phone number or IP address that often stands in for a legal name. | ||
*[[Fake Identifier]] | *[[Fake Identifier]] | ||
| − | *[[Legal Name]] | + | *[[Global Business Identifiers]] aka GS1 |
| + | *[[Legal Name]] a name assigned by some sort of sovereign (aka governmental) [[Registration Authority]]. | ||
| + | *[[Object Identifier]] an identifier that magically turns an object into an entity, which is defined as a named object. | ||
*[[Medical Records Identifier]] | *[[Medical Records Identifier]] | ||
| − | *[[Pairwise Identifier]] - is used when tracking of a [[Subject ID]] between different Relying Parties must be blocked. | + | * MitID - used in Nordics mostly for banking https://www.nets.eu/dk-da/l%C3%B8sninger/nemid/mitid/Pages/NemID-is-becoming-MitID.aspx |
| + | *[[Pairwise Identifier]] - is used when [[User Tracking|tracking]] of a [[Subject ID]] between different Relying Parties must be blocked. | ||
*[[Personal Identifier]] | *[[Personal Identifier]] | ||
*[[Principal]] Identifier - in this wiki is limited to the [[Identifier]] of a computer process that was started by a [[Subject]]. | *[[Principal]] Identifier - in this wiki is limited to the [[Identifier]] of a computer process that was started by a [[Subject]]. | ||
*[[Pseudonym]] | *[[Pseudonym]] | ||
| − | *[[Real Identifier]] | + | *[[Real Identifier]] aka Real-World Identifier, is one attribute of a Real-world Entity, at least for entities that have legal standing. |
| − | *[[Self-issued Identifier]] | + | *[[Self-issued Identifier]] was first standardized in [[OpenID Connect]] but now has become the paradigm for [[Self-Sovereign Identity]] |
*[[Session ID]] - assigned to a networking session to track [[Attribute]]s of the session, for example the HTTPS session. | *[[Session ID]] - assigned to a networking session to track [[Attribute]]s of the session, for example the HTTPS session. | ||
*[[Subject ID]] - is created by entities like an [[Identifier or Attribute Provider]] to use during authentication, for example in [[OpenID Connect]]. | *[[Subject ID]] - is created by entities like an [[Identifier or Attribute Provider]] to use during authentication, for example in [[OpenID Connect]]. | ||
| Line 33: | Line 44: | ||
*[[URL]] - Universal Resource Locator - an IETF standard RFC | *[[URL]] - Universal Resource Locator - an IETF standard RFC | ||
*[[URN]] - Universal Resource Name - an IETF standard RFC | *[[URN]] - Universal Resource Name - an IETF standard RFC | ||
| − | *[[Vulnerable Identifier]] for homeless or other vulnerable populations. | + | *[[Vulnerable Identifier]] for homeless or other vulnerable populations. This can also apply to emergency medicine where the patient cannot be asked for a name prior to treatment. |
*[[Web Site Identity]] | *[[Web Site Identity]] | ||
*[[X.509 Certificate]] is a format that holds a Distinguished name, which is the actual [[Identifier]]. | *[[X.509 Certificate]] is a format that holds a Distinguished name, which is the actual [[Identifier]]. | ||
These should all be testable on at least one of: | These should all be testable on at least one of: | ||
| − | *[[Identifier or Attribute Provider]] | + | *[[Identifier or Attribute Provider]] which can include an openID Provider run by the user as defined in [[OpenID Connect]]. |
*[[Certificate Authority]] | *[[Certificate Authority]] | ||
| + | *[[Registration Authority]] | ||
| + | *[[Trusted Resolver]] | ||
*[[Universal Resolver]] | *[[Universal Resolver]] | ||
| − | |||
==References== | ==References== | ||
| − | + | * The wiki page [[Trusted Identifier]] addresses the use of digital identifiers that carry some level of trust with them. | |
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Identity]] | [[Category:Identity]] | ||
[[Category:Identifier]] | [[Category:Identifier]] | ||
Latest revision as of 14:23, 3 September 2021
Full Title or Meme
An identifier is basically a name that is assigned to a digital Entity or even to a single digital interchange (like a Session ID or cookie).
Context
- In this wiki all Identifiers apply only to digital entities which includes data base entries, like User Objects. Real-world names are considered to be merely Attributes.
- There is no meaningful distinction between a name and an Identifier.
Problems
- There is a very real confusion in the real-world as to the meaning of terms used in Identity Management.
- Lots of the energy spent by philosophers revolves around verbalism, or arguing about the meaning of words.
- The page on Knowledge discusses these problems in more detail. (tl;dr)
- The connection between digital entity identifiers and legal, or real-world identifiers is typically hazy.
- The concept of Levels of Assurance (LOA) was introduced as a measure of the likelihood that a digital identifier really was the same as a real-world identifier.
Asymmetry
Clearly any large corporation has an immense advantage in every part of their relationship to a single human being. It is only the rule of law that prevents then from dictating every aspect of the interchange between each party. The wiki page Trusted Identifier drills into the impact of this asymmetry.
Solutions
This wiki seeks to have a common understanding. So terms are given more precise meaning in order that the statements made here can be more logically precise.
- Artificial Identifier
- Biometric Identifier
- Decentralized ID - aka the did is designed to support user creating and disabling of multiple Identifiers. This is the basis for Self-Sovereign Identity.
- Digital object identifier - a standardized way to create an unique identifier for an object, like a document.
- Distributed ID - this is designed to allow the distribute of User Information or Attributes across multiple sites.
- Electronic Data Interchange (EDI aka TDCC) standardized labels from ANSI X12
- Email Address - along with other Identifiers like phone number or IP address that often stands in for a legal name.
- Fake Identifier
- Global Business Identifiers aka GS1
- Legal Name a name assigned by some sort of sovereign (aka governmental) Registration Authority.
- Object Identifier an identifier that magically turns an object into an entity, which is defined as a named object.
- Medical Records Identifier
- MitID - used in Nordics mostly for banking https://www.nets.eu/dk-da/l%C3%B8sninger/nemid/mitid/Pages/NemID-is-becoming-MitID.aspx
- Pairwise Identifier - is used when tracking of a Subject ID between different Relying Parties must be blocked.
- Personal Identifier
- Principal Identifier - in this wiki is limited to the Identifier of a computer process that was started by a Subject.
- Pseudonym
- Real Identifier aka Real-World Identifier, is one attribute of a Real-world Entity, at least for entities that have legal standing.
- Self-issued Identifier was first standardized in OpenID Connect but now has become the paradigm for Self-Sovereign Identity
- Session ID - assigned to a networking session to track Attributes of the session, for example the HTTPS session.
- Subject ID - is created by entities like an Identifier or Attribute Provider to use during authentication, for example in OpenID Connect.
- Tribal Identifier - typically a name created to identify one individual from another - still survives in primitive societies today.
- Trusted Identifier
- URI - Universal Resource Identifier - an IETF standard RFC
- URL - Universal Resource Locator - an IETF standard RFC
- URN - Universal Resource Name - an IETF standard RFC
- Vulnerable Identifier for homeless or other vulnerable populations. This can also apply to emergency medicine where the patient cannot be asked for a name prior to treatment.
- Web Site Identity
- X.509 Certificate is a format that holds a Distinguished name, which is the actual Identifier.
These should all be testable on at least one of:
- Identifier or Attribute Provider which can include an openID Provider run by the user as defined in OpenID Connect.
- Certificate Authority
- Registration Authority
- Trusted Resolver
- Universal Resolver
References
- The wiki page Trusted Identifier addresses the use of digital identifiers that carry some level of trust with them.
