Commentary by Mark Wahl
Organizing principles for identity systems:
ontologies for schema, continued (2005/7/14)
Following up on the June 16 post on the Web Ontology Language and the June 17 post on reverse engineering of schema, on the problem of describing real-world objects through analysis of directory schema - what is the benefit of using ontology concepts?
First, the bad news, is that even with the constraint of staying within the domain of identity management for people, there is probably no ability to find a single ontology possible for describing all that has been done with directory schema.
In projects for general knowledge management standardization, there are multiple, competing top-level ontologies for describing fundamental concepts, the basic ideas like physical objects, times and events, and their relationships.
Any two deployments, and in some cases two users of the same deployment, will likely have inconsistent assumptions about what attributes and claims mean.
However, it seems feasable to consider micro-ontologies for specific perspectives and purposes, where it is desirable to consider having a common ontology format in order to meet realistic goals.
The application designer perspective, for one, is concerned with allowing their application to handle privately-defined schema without requiring to have their users manually customize the application for each schema.
The systems architect perspective, as another example, is concerned with handling the change and evolution of schema over time, as new requirements and applications emerge.
The integrator perspective would be concerned with the relationships and mappings between the schemas of different systems.
The represented user perspective would be concerned with the correct and appropriate representation of their identity through the schema.
Example of the requirements of these perspectives on schemas include:
- presentation hints
(e.g. patronymic should be displayed after the givenName and before the surname) - relationships with other elements
(e.g. commonName, givenName and surname) - requirements for the understanding of the schema
(e.g. commonName is an element of personally identifiable information) - lifecycle management
(e.g. privateEmployeeId was defined on 2001/2/3)
Based on a expanded list of these requirements, it should be possible to describe an ontology for the mapping of real-world objects into attributes, in a way that enables these richer functions for managing identity data.