[Freedombox-discuss] Identity Management wiki entry

John Walsh fiftyfour at waldevin.com
Tue Aug 16 13:25:04 UTC 2011


 Hi Everybody

> Thanks to have spent some time on this page, it is mainly its 
> purpose, write down ideas and help the discussion to go on. 
> It's a very first draft and certainly needs a lot of work.
Bert, Glad to help. Hopefully I can add some value to your start. I have
some more questions that I hope you can answer. 

> > Before I write about user management, I would like to mention some 
> > differences I see between people in the real world and the online 
> > world. In the real world, a multi-lingual person speaks to 
> different 
> > groups in their own languages, i.e. some group members may only 
> > understand the groups language. In the online world, multi-lingual 
> > people (correct me if this assumption is wrong) are happy 
> to receive 
> > content in different languages as a single (activity) 
> stream. However, 
> > the "mono-lingual" people only want to see the 
> multi-lingual posts of 
> > their language and for this reason websites stream content based on 
> > language, e.g. en.wikinews.org, de.wikinews.org, en.ogmaciel.com, 
> > pt.ogmaciel.com. Does this mean multi-lingual people should have a 
> > different username for each language for the benefit of 
> their "mono-lingual" audience?
> >  
> > In the real world, when an activist says something 
> controversial this 
> > may go unnoticed by most of their friends through the 
> anonymity of the real world.
> > Even those friends present at the time could have been surprised by 
> > the activists comments, but being human they may forget over time. 
> > However, in the online world there would be a permanent 
> record of the 
> > activists comments
> > - the internet never forgets. If the FBX is to accommodate 
> this need, 
> > should the FBX manage two domains, one for personal 
> usernames and one 
> > for activist usernames? Can you have 2 domains on the same 
> IP address?
> 
> In the described scenario of this page, the activist would 
> have one login on the FBX, from which she would manage 
> different identities, one for the personnal 
> activities/relations/etc, another for the more activist part 
> of it. Each of them could use services hosted on different 
> FBX and domains, i.e could use a mail server hosted on a 
> remote FBX, but use the friendika instance running on the 
> same FBX she logs into.
Bert, I understand what you mean by identities now, with help from Melvin
too ;)I realise now that term "identity" should be used instead of
"username". So, do you agree there would be a separate identity for each
language that a multi-lingual person uses? 

Bert, in your scenario you say the activist would have one login for two
FBX's, one for personal use and one for activist use. The FBX is targeted at
the home. Does this mean the activist will have two FBX's in their home?
Could one FBX do the same with two domains?

> 
> > Below are the existing Glossary entries
> > *	
> > Owner(s): Administrative account on the FreedomBox 
> > <http://wiki.debian.org/FreedomBox> .
> > 
> > *	
> > User(s): refers to system user, which would be the login used to 
> > connect to a FreedomBox <http://wiki.debian.org/FreedomBox> 
>  account.
> > 
> > *	
> > Identit{y,ies}: refers to a virtual (or service) identity. 
> > 
> > Identities should be able to use several services, not 
> always hosted 
> > on the same  <http://wiki.debian.org/FreedomBox> FreedomBox. Thus 
> > there should be a way to publish this information, either 
> publicly or privately.
Do the different FBX's have the same owner? How does having two FBX's help
publishing either publicly or privately?

> > 
> > *	
> > There must be strong ways to authenticate an Identity as 
> well as a User. 
> > 
> > *	
> > There must be strong ways to verify a Identity ownership.
> > 
> > I would be grateful if somebody could explain bullet point 
> 5 and the 
> > last bullet point. I would also like to propose "identity" in the 
> > feature list above be replaced with username, a label more 
> familiar to 
> > users. I would also like to propose the "Using GNUPG" 
> section be replaced with "Security".
> 
> Which part of point 5 isn't clear? Does the rest of this 
> email answer to the question or not?
See above.

> The last point is that people should be able to verify when 
> they meet someone that she is really the owner of this identity.
OK. I understand now.
> 
> I prefer the "Identity" term over the "Username" one, because 
> the later is a bit confusing. It is most often used to refer 
> to account username, or login, which is only one small part 
> of the picture this page is trying to draw. It's reference in 
> the glossary is certainly confusing, badly worded, and 
> probably should be more clearly explained. Actually the 
> definition on the W3 webpage Melvin pointed at in his answer 
> to your mail has an interesting definition for it.
I like Melvin's definition too. Identity is the correct term. Username is
wrong.

> 
> The "Using GnuPG" section is there because there might be a 
> lot of different options to consider to implement the 
> described features (i.e WebID has been discussed many times 
> too on this list).
I'll leave it in.

> 
> > Some of my glossary entries seem a bit long and I am 
> wondering should 
> > some of the glossary characteristics be listed as a feature. I also 
> > wonder where should I place the scenarios described above - 
> should I 
> > add them to the user stories wiki entry?
> 
> My idea when writing it was to define a way for people to use 
> the FBX, not as yet another kind of social network, but only 
> to answer to the question of how FBX users/owners would 
> manage their online identities and accounts, what relations 
> would/should exist between them, ...
I understand what you were trying to achieve, i.e. basically section 5 from
Melvin's document. 

> User management might sound a bit too restrictive to me, in 
> my sysadmn head, it is more related to how owners/admins of a 
> FBX manage their users.
> What are others thinking about this renaming?
> 
> I'm not saying that what you are trying to work on is not 
> relevant for the project though. First as everyone I only 
> express my own opinion :). And trying to define what would be 
> the requirements/features for a social network app to be 
> included in the FBX sounds like a good idea, given the broad 
> choice that exists and the discussion that goes on quite 
> often on this list about that. That might help to choose the 
> one(s) that are the more relevant for what the FBX project is 
> trying to achieve. Or maybe I misunderstand what you are trying to do?

Bert, I was trying to document all the different roles people would have on
the FBX, while at the same time using labels people would understand from
existing experiences. I was concerned you weren't documenting all the roles,
but I realise now you were deliberating narrowing your scope to identities.

*Going Forward*
In a thread the other day I learnt that the network protocols have separate
layers. I was thinking we could have a *user/people model* (what do you
think of the name?) that would have separate levels such as User, Identity,
Privacy, Directory, Application. Each level builds/references the previous
level.

At the User level you would describe the different "login" accounts such as
"owner", "local", "guest", "group member", "subscriber" to the FBX. 

At the Identity level, for each "local" user the FBX could automatically
generate a different identity for each (different) language, etc. At the
identity level you would also need to cater for the "personal" and
"activist" persona's which will overlap with languages. Identities need to
be linked to domains/FBX's too. Username would be an attribute of an
identity. Lots to discuss in this space.

At the Privacy level you would have to manage the release of personal
identifiable/ personal information through relationships (sibling,
sweetheart etc.) and user actions (like) as indicated in Melvin's document.
There would be different profiles for each identity/language.

At the Directory level you would have contacts and circles views depending
on chosen identity. The identity directory view would interact with all
applications e.g. email, calendar, social network app etc. The directory
level could also interact with the "social applications" described in
Melvin's document

At the Application level, you only define the FBX applications that
introduce new people models or you define what people models each app uses. 

Of course, the different levels offer the option to have separate wiki
entries for each level which could be linked to a *master/parent* document,
which would have a nice FBX user model vision diagram like Melvin's document
;)

Bert, in the identity management wiki entry you could focus on identity
management and when you need to reference users you would just have to link
to the user wiki entry.

I know it sounds quite ambitious and I can't do diagrams :( Still it does
provide structure offering the option to work in small chunks and
independently, building up the documentation as the developers build their
different layers.

The *user model* is based on a user centric view and I am not sure if this
fits in with developers. One problem with this model is that there is no
*user data" level, which I can't make fit. This model is probably broken in
other ways too and may not work at any level for developers. Still help me
find a way forward.

All feedback is welcome.

-- fiftyfour



  




More information about the Freedombox-discuss mailing list