Commentary by Mark Wahl, CISA
Organizing principles for identity systems:
Identity Schema Metadata at Data Sharing Summit Day 1 (20070908)
During a discussion at the DataSharingSummit with Drummond Reed, Paul Trevithick and others, I proposed that an initial set of identity schema metadata properties chosen from the set listed from the identity schema metadata wiki page.
Those properties which have a native pre-existing RDF representation:
- label: one line descriptions of the schema element (localizable).
Suitable for display to an end user.
- comment: multi-line descriptions of the schema element (localizable).
Primarily for use by application developers.
- equivalence: identifiers of other schema elements of the same kind as this one which are equivalent, differing only in their identifier.
This is to support mapping between organizations which have redefined schemas.
- seeAlso: identifiers of related attributes of interest.
Primarily for use by application developers.
- obsolete/deprecation: an indication of when a schema element was made obsolete by its originator.
Primarily of use for application developers.
- subtype and supertype relations: for indicating specialization of attribute or claim types in a D.A.G.
For example, applications can use this property to determine if a more-specific attribute or claim can be provided to a relying party that is requesting a less-specific attribute. E.g., a 'mobile telephone number' might be suitable for a relying party requesting merely a 'telephone number'.
Those properties which are common across many identity systems (e.g., LDAP, OpenID AX, InfoCard):
- cardinality: how many values of this attribute or claim can be present in a record holding this attribute/claim.
For example, a minimum and maximum nubmer of values.
- value syntax: an identifier of the syntax of this value.
This would indicate whether a value is a 'string', what form of date, a binary blob, or a complex type which requires specialized encoders/decoders.
- value syntax restriction: for string-valued attributes, a constraint on the pattern of acceptable values.
Constraints on the choice of characters or strings forming the values. For example, this might be a regular expression or other machine-verifiable pattern.
The schema metadata properties originally proposed for use in OpenID AX:
- sample value: an example value of this attribute.
Primarily for use by application developers to have data suitable for testing.
- acquisition source: an identifier of an Internet service where a value of this internet can be obtained.
Primarily for use in applications which are presenting an RP's requirements to the end user. For example, a site requiring a Yahoo ID might indicate that such an ID can be obtained from Yahoo.
- authority: if there is only a small number of parties on the Internet that can legitimately issue values of this attribute.
For example, a 'bigco-employee-number' attribute only is suitable for consideration if issued by a 'bigco' organization service.
Metadata properties for use in change control:
- originator of the schema: what party proposed the schema definition.
- change history: for example, who made a change, the timestamp of the change, etc.
Drummond Reed, Andy Dale and others also were interested in defining support for properties to support attributes with non-URI identifiers, and indicators for the community consensus on particular sets of schemas.
Also, Marty Schleiff requested properties for matching rule id: the identifiers of the matching rules for values of this attribute.