OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AI-0158: Propose changes to definition of Federation in glossary (long)


sstc-glossary-2.0-cd-02

defines the terms account, account linkage, identity federation, identity
defederation as follows:

(lines 97-103)

Account 

Typically a formal business agreement for providing regular
dealings and services between a principal and business service
providers.

Account Linkage 

A method of relating accounts at two different providers that
represent the same principal so that the providers can
communicate about the principal. Account linkage can be
established through the sharing of attributes or through identity
federation.

(lines 182-188)
Identity Defederation 

The elimination of the linkage between a principal's accounts at
an identity provider and a service provider, such that the identity
provider no longer provides the associated identifier to the
service provider, and the service provider will no longer accept
the associated identifier from the identity provider.

Identity Federation 

Linking accounts for a given principal at a pair of providers within
a federation by establishing (or using an existing) identifier to
refer to the principal.


These definitions were the subject of discussion in:

http://lists.oasis-open.org/archives/security-services/200403/msg00099.html

(please view the entire thread if you want to get the whole story here).

Based upon these discussions, I propose the following changes to
sstc-glossary-2.0-cd-02:

PROPOSED CHANGES:

(1) identity federation, identity defederation respun:

Identity federation

A principal's identity is said to be federated between a pair (set) of
providers when there is an agreement between the providers on a set of
name-value pairs, and, a time-period, during which the providers will refer
to the principal via the set of name-value pairs.

Identity defederation

A principal's identity is said to be defederated between a pair (set) of 
providers, when the providers agree to stop referring to the principal using
a certain set of name-value pairs.

(2) The last sentence in the definition of account linkage would be modified
to read:

Account linkage can be established by means of identity federation.

(3) No change to definition of account

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]