Identity, identifiers, roles, rules, groups, personas - overlapping and inter-related concepts which, even among those of us in the identity management arena, can be confusing. Definitions of words can shift faster than a sand dune in a windstorm. The only way to quickly and efficiently move to where identity management becomes a reality rather than a goal is to first agree on the meaning of the terms we use to describe the reality and those goals.
Ed Harrington is CEO and principal consultant at EPH and Associates, a business consultancy in Northern Virginia. At least, that's one of Ed's personas. He's also chair of the Open Group's Directory Interoperability Forum (DIF), and it is in that persona that he recently contacted me.
One of DIF's major goals is to foster directory interoperability through the use of common terminology. Problems result when I refer to something as a "shovel," you call it a "trencher" and the bozo across the table refers to the same tool as a "scoop." If we all agree to call a spade a "spade," then we cut through a lot of rhetoric and misunderstanding and can get down to the real nitty-gritty.
Harrington proposes that we create a taxonomy for identity management. Although he doesn't refer to the Tower of Babel, the allusion is present when he says: "today we have numerous organizations and vendors preaching different terminology...which just leads to confusion on the part of the user (and the marketing operations of the vendors). This needs clarification." As a start towards developing this taxonomy, Ed suggests a specific hierarchical relationship for the terms "identity," "persona" and role." As he explains it:
At the top is Identity - "A constant that cannot change. In the past it was validated by my fingerprints, today it is validated by my DNA."
Next is Persona - "An application of my identity to a broad situation - my office persona, my parenting persona or whatever. It applies my identity to a specific situation. This is often referred to as a "role," but I think this is incorrect in that a persona may have multiple roles."
Next, then, would be Role - "A specific application within a persona. In my office persona, I may have a manager role, a mentor role, an employee role, etc. In my parenting persona I may be a disciplinarian or possibly a "buddy," and so on."
Turn this around, so that "Identity" is at the bottom, and it's almost an object oriented description with each persona inheriting characteristics from its various roles and the Identity being the sum of the multiple personas its derived from.
These definitions do need some work, but for now I'll use them in this way whenever we talk about these concepts. You should talk amongst yourselves to try to refine these relationships and definitions. But do keep me informed and I'll spread the word to everyone else.