Comments on: When my identifier is none of your business http://www.xmlgrrl.com/blog/2006/11/12/when-my-identifier-is-none-of-your-business/ XML, identity, crafting, and other tangled musings Tue, 09 Mar 2010 17:23:02 -0800 http://wordpress.org/?v=2.8.4 hourly 1 By: Pushing String » Identity planets, moons, and comets http://www.xmlgrrl.com/blog/2006/11/12/when-my-identifier-is-none-of-your-business/comment-page-1/#comment-19407 Pushing String » Identity planets, moons, and comets Sat, 02 Dec 2006 19:26:05 +0000 http://www.xmlgrrl.com/blog/archives/2006/11/12/when-my-identifier-is-none-of-your-business/#comment-19407 [...] So, anonymity first: Many people have written at length about the value of keeping your identity secret, even while going about your (necessarily public) business of living. It’s one of the reasons that people have been nervous about any kind of Single Identity Provider in the Sky that “knows” all of us. It’s why Sun has a Chief Privacy Officer (hi, Michelle!) who serves as a steward of information about Sun’s employees, customers, and partners — in many cases to ensure legal compliance. It’s why Phil Zimmermann invented PGP. It’s even been discussed as a use case on an OpenID list. Since I can already tell this post is gonna be long (and I’m just getting warmed up!), I’ll just assume we can agree there are sometimes good reasons to protect one’s identity from being exposed. [...] [...] So, anonymity first: Many people have written at length about the value of keeping your identity secret, even while going about your (necessarily public) business of living. It’s one of the reasons that people have been nervous about any kind of Single Identity Provider in the Sky that “knows” all of us. It’s why Sun has a Chief Privacy Officer (hi, Michelle!) who serves as a steward of information about Sun’s employees, customers, and partners — in many cases to ensure legal compliance. It’s why Phil Zimmermann invented PGP. It’s even been discussed as a use case on an OpenID list. Since I can already tell this post is gonna be long (and I’m just getting warmed up!), I’ll just assume we can agree there are sometimes good reasons to protect one’s identity from being exposed. [...]

]]> By: Pushing String » A universe of identifiers http://www.xmlgrrl.com/blog/2006/11/12/when-my-identifier-is-none-of-your-business/comment-page-1/#comment-17975 Pushing String » A universe of identifiers Wed, 22 Nov 2006 15:48:09 +0000 http://www.xmlgrrl.com/blog/archives/2006/11/12/when-my-identifier-is-none-of-your-business/#comment-17975 [...] Johannes for thoughtfully addresses the questions I posed on OpenID identifier matters. Here are a few more thoughts in response. [...] [...] Johannes for thoughtfully addresses the questions I posed on OpenID identifier matters. Here are a few more thoughts in response. [...]

]]> By: Eve M. http://www.xmlgrrl.com/blog/2006/11/12/when-my-identifier-is-none-of-your-business/comment-page-1/#comment-16540 Eve M. Mon, 13 Nov 2006 18:27:06 +0000 http://www.xmlgrrl.com/blog/archives/2006/11/12/when-my-identifier-is-none-of-your-business/#comment-16540 Interesting point and good food for thought! But on reflection I'd prefer to make the opposite case. For example, if you choose a label as the "key" for representing a particular slice/persona/entry point for your identity, what's not identifier-like about that? Also, I'd say that pseudonyms are indeed a kind of identifier, just ones with "hiding" properties. And a URI *is* an identifier in its essence (that's what the "I" stands for), whether or not the resource it represents is ephemeral. (See innumerable discussions by TimBL and Norm Walsh...) Even in SAML, where identifiers aren't necessarily expected to be URLs, pseudonyms are certainly treated as a class of identifier. Another question to ask: "What's one-time about a one-time identifier?" It's sort of a misnomer usually. If the identifier lasts for only a single session (like SAML's transient pseudonym), the whole point is to have it available for multiple operations, such as later doing a single logout after a SSO. If the identifier lasts for the entire length of an IdP-RP-user triple's relationship (like SAML's persistent pseudonym), it will get used way more than once. Certainly for "attribute-based authorization", there's not strictly a conceptual need to provide an identifier of any sort, since you could just pass along a package of attributes, as you point out. However, the systems being used are often "identifier-based" and tend to work best by creating a temporary account and (throwaway?) identifier for that one-time usage. But I suppose in that case it's almost a transaction identifier, so *something* is getting uniquely identified. Interesting point and good food for thought! But on reflection I’d prefer to make the opposite case. For example, if you choose a label as the “key” for representing a particular slice/persona/entry point for your identity, what’s not identifier-like about that?

Also, I’d say that pseudonyms are indeed a kind of identifier, just ones with “hiding” properties. And a URI *is* an identifier in its essence (that’s what the “I” stands for), whether or not the resource it represents is ephemeral. (See innumerable discussions by TimBL and Norm Walsh…) Even in SAML, where identifiers aren’t necessarily expected to be URLs, pseudonyms are certainly treated as a class of identifier.

Another question to ask: “What’s one-time about a one-time identifier?” It’s sort of a misnomer usually. If the identifier lasts for only a single session (like SAML’s transient pseudonym), the whole point is to have it available for multiple operations, such as later doing a single logout after a SSO. If the identifier lasts for the entire length of an IdP-RP-user triple’s relationship (like SAML’s persistent pseudonym), it will get used way more than once.

Certainly for “attribute-based authorization”, there’s not strictly a conceptual need to provide an identifier of any sort, since you could just pass along a package of attributes, as you point out. However, the systems being used are often “identifier-based” and tend to work best by creating a temporary account and (throwaway?) identifier for that one-time usage. But I suppose in that case it’s almost a transaction identifier, so *something* is getting uniquely identified.

]]> By: David Kearns http://www.xmlgrrl.com/blog/2006/11/12/when-my-identifier-is-none-of-your-business/comment-page-1/#comment-16530 David Kearns Mon, 13 Nov 2006 16:36:26 +0000 http://www.xmlgrrl.com/blog/archives/2006/11/12/when-my-identifier-is-none-of-your-business/#comment-16530 If this URI is a) only used once and b) not related to your primary/unique identity then it can hardly be called an "identifier" can it? If all you need is an attestation that you are, say, "human" (or over 21, or a citizen of British Columbia, etc.) then assert that. If you need to tie the assertion to a session token then do that. But, please, don't muddy the already murky waters still further by calling it an "identifier"! -dave If this URI is a) only used once and b) not related to your primary/unique identity then it can hardly be called an “identifier” can it? If all you need is an attestation that you are, say, “human” (or over 21, or a citizen of British Columbia, etc.) then assert that. If you need to tie the assertion to a session token then do that. But, please, don’t muddy the already murky waters still further by calling it an “identifier”!

-dave

]]>