Tuesday, August 02, 2005

Claims based Identities

I've been too buried in my other work lately to come up for air. However, we are now getting close to a product release, and I am anxious to begin to experiment with the new Microsoft SDK and Kim's work.

I really like this terminology about "claims based identity" since that is all identity is, IMHO! This fits completely with the Axioms that I have (slowly) been working on, and it supports that - "Identity only exists in language." (On a side note, it hit me this weekend that all words represent an "occurring" ... not a "thing". It is how something occurs to me that I name ... although we often do not think of it this way.)

Anyhow ... I like the "claims based identity" since this is a nice "two-way" model ... I can make claims about my identity, and others can make claims about my identity. In both cases, it is up to the recipient of the claim to do what ever verification that they feel is appropriate.

Another important apsect of this is that a "claim" is in no way "true" ... it is merely a claim. This relates to the topics of reputation, etc. which are not something that a "person has", but instead are something that a "person is given". I am given a reputation by others ... they are the ones that say that I am a particular way. My actions merely occur in a particular way to others ...

Anyhow ... I'm following things on a background thread and am about to reprioritize. I want to get the new identity code working within our GoBinder product. Our new version - GoBinder 2006 - is going to hit the market this fall.

Kim ... thanks for the great work! I'm looking forward to leveraging your work!
Location as an identity claim.


Once you get your head around expressing identities as sets of claims, you can easily imagine expressing a user's location as one of those claims. In the identity metasystem, the relying party could indicate in its policy that it requires several sets of identity claims- one indicating who the user is, and another indicating where the user is. The claims might come from different authorities (e.g. an enterprise and a trusted location provider). These would be implemented as two Security Token Services (claims transformers). Both sets of claims, taken together, would identify the user from the point of view of the relying party.


[Kim Cameron's Identity Weblog]


Post a Comment

<< Home