Identity Taxonomy

From MgmtWiki
Revision as of 17:36, 8 April 2020 by Tom (talk | contribs) (List of Roles)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title or Meme

This is a list of terms and the way that they are used on this wiki.

Purpose and Scope

  • This page is designed to lead users to the right page on this wiki. The terms are defined precisely in the way that the are used on this wiki and will assuredly differ from usages on other sites, which are not consistent.
  • This site focuses on rich text Web Sites rather than voice, email or similar interchanges except as they are used in User Authentication.


Interchanges among (1) users, (2) identifier and attribute providers, and (3) relying parties. Not part of this particular wiki context are other trusted third parties.

Real World Subjects

Real World (Legal) Entities

A User is a Subject that is trying to access resources on the internet. Without other modifiers it is considered to be a natural human being.

An incorporated Business or non-governmental organization provides goods or services in the real or digital world. It is not authorized to use force beyond its own physical real-estate.

A Government is a sovereign entity that uses force within its jurisdiction to enforce its laws and regulations.

An Organization or an Enterprise is either a government or other legal Entity, but not a natural human being. It is considered to have Propriety Business information (or state secrets), but not to have any privacy rights.

Virtual Entities

A Brand or Doing-Business-As (DBA) is typically a legally protected Identifier but not a legal Entity.

Many end-points (aka URLs) have been assigned and acquired TLS certificates that are deliberately misleading. An attempt to remedy this problem with EV Certs has only helped at the margin. Malicious Web Sites have found ways to get them and still mislead Users.

A Subject may very well be a Pseudonym or brand experience and not a human being. A Subject is not necessarily a legal Entity.

Digital Entities

A Site or Web Site is a target of some interaction over the internet using the HTTP protocol. As of today the site is know by its URL, but there is a proposal to give it a Trusted Identifier.

Data Controller is a term used by the GDPR to describe any site that controls User Information. Presumably it is some sort of legal Entity. It is not a term that is much used on this wiki.

Real World Interactions

This is a list of all the non-governmental initiated interactions on the internet. The first entity is the initiator and the second the responder. While C2C is conceivable, it is not yet widespread beyond email and voice.

C2B = consumer to business.

C2G = consumer to government.

B2B = business to business.

B2G = business to government.


While it is not possible to completely disentangle the varieties of Identifier that are available today, there is a list on the wiki page Identifier that might be helpful. In broad terms Identifiers are broken down into:

  • Subject ID which can be either a real person, a legal person or an artificial person.
  • Web Site Identity which identifies an entity on the web which must be clearly identified and clearly has no privacy rights on its own behalf.

List of High-level Functions

These functions will likely be used in different combinations by any real world digital entity.

Claimant is a real-world entity that claims ownership of some set of identifiers and attributes.

Resource is a function of a site that authorizes access based on grants from verified user claims.

Provider is a function of a site that that exposes Resources, or is an Identifier or Attribute Provider or is a Trusted Third Party.

Entity is a named digital site on the internet that will host one or more functions.

List of Low-level Functions





List of Roles

User Agent is a role of a digital entity that operates only on behalf and at the consent of the user. It may be on a device or in the cloud.

Relying Party is a role that can operate as a client of the user if it is granted the right to do so.

Identifier or Attribute Provider is a role that can provide Validated identifier or attributes that apply to a User.

Trusted Third Party is any of a variety of Data Controllers with access to User Private Information, for example Privacy Enhancing Technology Provider.

Data Ownership is a dangerous idea

Abstract Subjects

General Theory of Living Systems

Identity Model

Laws of Security


User, Subject, Principal, Patient and Consumer are all synonyms at one level or another. User is preferred when a live human being is intended, Subject when unclear.

User Information is composed of User Private Information and User Public Information.

Right to be Forgotten is an attempt in Europe to allow a User to reclassify User Public Information into User Private Information.