Identity Model Update

First I have to apologize for being such a sporadic blogger. I just noticed that Peter and Radovan posted comments many days ago, and I didn't get them approved until just now.

Last week my team met twice. A few people came who had not been to some of the earlier meetings. We spent a lot of time level-setting and catching up. On our team one guy thinks only the stuff in the Digital Realm is important, so we can leave the rest off. Another guy thinks that Roles and Privileges are the turf of Authorization and don't belong in the model. If I take out all those, that would leave just one little box, Digital Persona. That would not be a very useful model.

I can see the point about Roles and Privileges. I can agree that the design/engineering of Roles is more of an Authorization architecture than an Identity architecture. Perhaps if we changed the Identity Model to something like Role Assignment instead of just Role, there would be less objection. This week I'm going to focus on working with someone representing our Authorization roadmap effort. Hopefully we'll get his concurrence that Roles and Privileges belong (perhaps tweaking the definitions?), and that will quell the objections.

One guy has also complained that things that should be in an Identity Model aren't there. He specifically suggested Federation, Pseudonymity, and Anonymity. I countered that first we should get the basic model down, and then we should use it to describe concepts like Federation, Pseudonymity, and Anonymity -- similar to how there's no box for Authentication, but it is described in the text as the act of a Subject proving to be represented by a particular Digital Persona. Maybe around Sept 12 we'll be able to explore these concepts with the model (I'll be at DIDW the first part of that week).