Claims based Identities

I’ve been too buried in my other work lately to come up for air. 
However, we are now getting close to a product release, and I am
anxious to begin to experiment with the new Microsoft SDK and Kim’s
work.

I really like this terminology about “claims based identity” since that
is all identity is, IMHO!  This fits completely with the Axioms
that I have (slowly) been working on, and it supports that – “Identity
only exists in language.”  (On a side note, it hit me this weekend
that all words represent an “occurring” … not a “thing”.  It is
how something occurs to me that I name … although we often do not
think of it this way.)

Anyhow … I like the “claims based identity” since this is a nice
“two-way” model … I can make claims about my identity, and others can
make claims about my identity.  In both cases, it is up to the
recipient of the claim to do what ever verification that they feel is
appropriate.

Another important apsect of this is that a “claim” is in no way “true”
… it is merely a claim.  This relates to the topics of
reputation, etc. which are not something that a “person has”, but
instead are something that a “person is given”.  I am given a
reputation by others … they are the ones that say that I am a
particular way.  My actions merely occur in a particular way to
others …

Anyhow … I’m following things on a background thread and am about to
reprioritize.  I want to get the new identity code working within
our GoBinder product.  Our new version – GoBinder 2006 – is
going to hit the market this fall.

Kim … thanks for the great work!  I’m looking forward to leveraging your work!

Location as an identity claim.

Once you get your head around expressing identities as
sets of claims, you can easily imagine expressing a user’s location as
one of those claims. In the identity metasystem, the relying party
could indicate in its policy that it requires several sets of identity claims
one indicating who the user is, and another indicating where the user
is. The claims might come from different authorities (e.g. an
enterprise and a trusted location provider). These would be implemented
as two Security Token Services (claims transformers). Both sets of
claims, taken together, would identify the user from the point of view
of the relying party.

[Kim Cameron’s Identity Weblog]

Leave a Reply