User Identity Reference Model - 15 Aug 2008

Yesterday at my day job seven of us met to further discuss our ideas for a User Identity Reference Model. Lots of ideas were floated.

We seem to have strayed from the notion of a simple "stack" model, with some of us favoring Venn Diagrams, others favoring boxes and arrows, and others with other ideas. Hopefully, however this ends up, it will still be relatively simple.

We had lots of debate about terminology (which is to be expected, because today's confusion is what's motivating us to work on a model in the first place). For example, several think that Subject and Entity mean the same thing. Others think that a Subject is the digital representation of the Entity. I lean towards Radovan's description that the digital representation of a non-digital Subject is a Persona. Some of us struggled with the notion of Digital Persona vs. Account; are they the same thing or not. I think an Account is one of several ways to instantiate a Digital Persona; other ways include a directory entry, an X.509 certificate, and probably other ways. Please let me know your reactions to the definitions in the diagram below.

Some of us think that Authenticators should be depicted in the model. Some of us think it's better to leave Authenticators off, and describe Authentication as the act of a Subject proving to be represented by a particular Persona.

Some of us wanted to jump straight to a company-specific model and then make a more general version for use beyond the company. Some of us wanted to focus on a generic model first, and then use/test the model to describe our company-specific approaches to Identity.

Consensus has not yet been achieved, but I think we're making progress. My preferences are depicted in the diagram below (click the diagram to make it larger).