[Openid-specs-ab] [E] Replacement to "User-Centric Identity" complete + another terminology topic: alternative to a "credential"?

Tue Apr 19 06:27:15 UTC 2022

Thanks Bjorn,

Are you referring to the following definition in a publicly available ISO standard on Identity Management: "ISO/IEC 24760-1:2019(E) IT Security and Privacy - A framework for identity management - Part 1: Terminology and concepts"? If so, this is close to what current whitepaper has in mind for a term entity, which refers to the End-User, Issuer and Verifier, not just the End-User, if that makes sense...

---
3.1.1 entity
item relevant for the purpose of operation of a domain (3.2.3) that has recognizably distinct existence

Note 1 to entry: An entity can have a physical or a logical embodiment.

EXAMPLE A person, an organization, a device, a group of such items, a human subscriber to a telecom service, a SIM card, a passport, a network interface card, a software application, a service or a website.
---

Best,
Kristina

From: Hjelm, Bjorn <bjorn.hjelm at verizonwireless.com>
Sent: Monday, April 18, 2022 10:45 PM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Kristina Yasuda <Kristina.Yasuda at microsoft.com>
Subject: Re: [E] [Openid-specs-ab] Replacement to "User-Centric Identity" complete + another terminology topic: alternative to a "credential"?

All,
My apologies for not being able to participate in the discussion and, as such, this comment comes rather late. However, if we could leverage terminology from ISO to define the entity (in this case what is referred to as the user) that would be preferred as the term user can mean different things depending on the context. To give an example, in the world of mobile communication a "user" (or "End-user") is defined as a subscriber (of mobile communications services) and not necessarily the actual human being holding the device (which is the entity).

BR,
Bjorn

On Mon, Apr 18, 2022 at 6:07 PM Kristina Yasuda via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
Hi, thanks a lot for a productive conversation regarding the terminology in the "OpenID for User-Centric Identity (preliminary naming)" whitepaper<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__docs.google.com_document_d_1H556GIM-5FxD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI_edit%26d%3DDwMFAg%26c%3DudBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ%26r%3DNMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A%26m%3DP_IMTvFdytvAUlpXQT-IhNb7ZvgNVEAt1584TiBJH5WSLaBtJi8S657eqr58K_Ne%26s%3D_GopVyJf1n943v32KtvcwWrRSIGUlGpCzUz_o6vM1Jo%26e%3D&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C36153442be56491bd5c108da21c7d56a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637859439433483944%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=V5157X%2BvFONN9G2RmU7YMO6sCL4KPCuKu4TDgOc%2BjIA%3D&reserved=0> - the details of the conversation will be in the notes that will be sent out.

As agreed, I replaced all the references to the "Decentralized Identity" to "User-Centric Identity" (Thanks Mike for making the suggestions). As agreed, if you come up with a better term than "User-Centric", please bring it up. We are looking for "a generic property that transcend the topology we are working with at this point in time (I really like how Vittorio has put it!)" that describes "an approach to the identity management where the End-User retains full control over from which Credential Issuer to obtain what credential, and when to disclose which credential to which Verifier (again, paraphrasing Vittorio)". (and now I am not a big fan of an acronym OpenID4UCI, so acronym suggestions welcome too..)

Another terminology topic I wanted to bring up is inspired by Pieter's comment on the definition of "Credential": "It was interesting to see terminology in the EU Digital Wallet architecture like "Electronic Attribute Attestation" (EAA) that may provide alternatives to the heavily overloaded "credential". Not sure it is the right time to adopt it, but may be a good way to disambiguate terms like credential (and align with frameworks emerging elsewhere)."
I agree with Pieter both in that EAA might be an alternative, and in that maybe this is whitepaper V2 issue... Some food for thought.

Cheers,
Kristina
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dab&d=DwICAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=P_IMTvFdytvAUlpXQT-IhNb7ZvgNVEAt1584TiBJH5WSLaBtJi8S657eqr58K_Ne&s=wgg6mW31-hFEee2-7XGsD0mQ7L7nE1g04JnD9D8bFhk&e=<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dab%26d%3DDwICAg%26c%3DudBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ%26r%3DNMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A%26m%3DP_IMTvFdytvAUlpXQT-IhNb7ZvgNVEAt1584TiBJH5WSLaBtJi8S657eqr58K_Ne%26s%3Dwgg6mW31-hFEee2-7XGsD0mQ7L7nE1g04JnD9D8bFhk%26e%3D&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C36153442be56491bd5c108da21c7d56a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637859439433533963%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kD5pnV5n0c6ugSHEbH8WCs%2BvvB0TtCGXe29Sg5JtRpI%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220419/fcd49d02/attachment.html>