Commentary by Mark Wahl, CISA
Organizing principles for identity systems:
"User-centric" RDF storage and transfer in the Identity Metasystem
(20070508)
Two years ago I posted in OWL and ontologies for schemas on the applicability of the Resource Description Framework (RDF) for describing the schema of an identity system, and in the Identity Commons Identity Schemas Working Group Metadata for identity schemas is being described in RDF.
Various identity systems and software such as FOAF, the Higgins Trust Framework, and Schemat also use RDF as a data model to represent individual users and their attributes.
Since
- both individuals and identity providers may wish to generate RDF to describe elements of an identity metasystem and their relationships, and
- existing identity attribute transfer protocols such as LDAP, SAML, OpenID AX or InfoCard don't represent identity attributes natively in RDF,
- "tunnels" RDF descriptions by or for users through these protocols, and
- gives users represented in a directory service a place to store their RDF descriptions.
Late last year I identified a need for an attribute in an LDAP directory service for this purpose, and I've started writing up a specification for an associatedRdf attribute of a user's entry, and how this attribute could be represented in SAML, OpenID and Information Card as well. The values of this attribute are RDF/XML documents. (There may be multiple values as it is plausible an identity provider may have one set of RDF definitions for the user that is maintained as distinct from the definitions created by the user themself.)
The first draft is: Identity Associated RDF Attribute (HTML).
Still to be determined is how best to combine the RDF definitions with XML Signatures, so that a relying party can determine which RDF triples should be used for processing.