Draft D. Hardt Sxip Identity November 29, 2006 Identity Attribute Metadata - Draft 01 Hardt [Page 1] Attribute Properties November 2006 Abstract An outline of the attribute metadata schema and types for identity attributes. Table of Contents 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Definitions and Conventions . . . . . . . . . . . . . . . 4 3. Metadata Format . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Data Format Types . . . . . . . . . . . . . . . . . . . . 5 3.2. Attribute Types . . . . . . . . . . . . . . . . . . . . . 6 3.2.1. Standard Predicates . . . . . . . . . . . . . . . . . 6 3.2.2. Supplemental Predicates . . . . . . . . . . . . . . . 7 3.2.3. Example . . . . . . . . . . . . . . . . . . . . . . . 8 4. Future Directions . . . . . . . . . . . . . . . . . . . . . . 9 4.1. Compound Properties . . . . . . . . . . . . . . . . . . . 9 4.2. Equivalents . . . . . . . . . . . . . . . . . . . . . . . 9 4.3. Higgins Ontology Predicates . . . . . . . . . . . . . . . 9 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.1. Normative References . . . . . . . . . . . . . . . . . . . 10 5.2. Informative References . . . . . . . . . . . . . . . . . . 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 Hardt [Page 2] Attribute Properties November 2006 1. Overview This document defines the schema used to describe identity object data as used in such protocols as OpenID Attribute Exchange. The schema data is intended to be resolvable at the URI of the identity object, the attribute type identifier. Hardt [Page 3] Attribute Properties November 2006 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2.1. Definitions and Conventions Identity Object Identity "objects" (IdO) are defined to be sets of name-value pairs of personal identity information. They assert the claim that, for a given identity subject, a named property has the provided value. Service Provider Service providers (SPs) are entities that require identification information. Identity Provider An identification provider (IdP) stores IdOs, which are made available to an identity agent upon request. Identity Agent The identity agent (IdA) operates under the user's control and intermediates requests for ID objects between the identification provider and the SP. Identity Attribute Type Identity attribute types (also referred to as simply "attribute types") are types of subject properties expressed in an identity context. Examples are "surname" or "birth date". Identity Attribute Format Type The identity attribute format type ("format type") refers to the layout of the data in the value of an identity attribute type. They may be as simple as a normalized string or as complicated as a telephone number format. Hardt [Page 4] Attribute Properties November 2006 3. Metadata Format 3.1. Data Format Types Data format types are the primitive types used to define the layout of the information in the attribute values. The types are defined in XML Schema ([W3C.REC-xmlschema-2-20041028]) and include the predefined XML Schema types. For example, here are several formats used with the OpenID attribute exchange protocol ([OpenID.attribute-exchange-1.0]). http://schema.openid.net/types/country ... etc ... http://schema.openid.net/types/email http://schema.openid.net/types/gender Hardt [Page 5] Attribute Properties November 2006 http://schema.openid.net/types/phone http://schema.openid.net/types/timezone 3.2. Attribute Types The metadata for attribute types is expressed in RDF/XML format. It is intended to be a fairly simple way of expressing the minimal amount of metadata needed to describe the attribute types. More complicated ontological data is optional but recommended. Each attribute type record should include a stylesheet XML directive pointing to an XSL template that translates the metadata into a human readable format. 3.2.1. Standard Predicates The standard predicates that MUST be in all metadata records are: http://www.w3.org/1999/02/22-rdf-syntax-ns#type The rdf:type predicate has as its object the XML Schema data type or a type defined as per Section 3.1. Hardt [Page 6] Attribute Properties November 2006 http://www.w3.org/2000/01/rdf-schema#label The label is a short description of the attribute type. XML provides an xml:lang attribute that can be used on this element to provide a way to describe the language as per [RFC4646] used for the content of the element. Using language tagging in this way, multiple labels can be provided for localization purposes. http://www.w3.org/2000/01/rdf-schema#comment The rdfs:comment element is used to provide a long textual description of the attribute type. As for the rdf:label element, multilingual documentation is supported by the language tagging feature of RDF literals. 3.2.2. Supplemental Predicates These predicates are optional and MAY be included in metadata records: http://schema.openid.net/metadata#example Example value data for the attribute type. http://www.w3.org/2000/01/rdf-schema#seeAlso Indicates a resource that might provide additional information about the subject attribute type. http://schema.openid.net/metadata#acquisition The object of this predicate is a URL from which the IdO may be acquired. Multiple URLs may be specified. The acquisition mechanism is not specified, but would be retrieved using a discovery mechanism specific to the protocol being used. http://schema.openid.net/metadata#authority Except in the case of a self-asserted IdO, a list of authority URIs for asserted claims is necessary. Each URI is that of an assertion authority that is allowed to make the IdO claim. Hardt [Page 7] Attribute Properties November 2006 3.2.3. Example A brief example of the standard predicates and the openid:example element as applied to the "http://schema.openid.net/namePerson/first" attribute type. First name First or given name of subject John Hardt [Page 8] Attribute Properties November 2006 4. Future Directions Additional metadata information may be added as more complex attribute types are constructed. The following sections outline possible extensions to the existing simple type definitions. 4.1. Compound Properties The IdO may also be composed of an aggregate of other IdO types, in which case the aggregate IdO URIs will be referenced. 4.2. Equivalents An IdO may make a claim that is equivalent to the claim of an IdO of a different type. The equivalent IdO types are listed in this section. An IdO may be transformed to one of a different type if it is listed as an equivalent. This property is not commutative. This information may be extended to include translation mechanisms between format types. A richer transform specification would allow claims to be made based on a broader equivalence domain. 4.3. Higgins Ontology Predicates The Higgins project has created a base ontological vocabulary at [Higgins-Ontology]. Use of this vocabulary allows for the integration of the attribute types into a broader catalog. Hardt [Page 9] Attribute Properties November 2006 5. References 5.1. Normative References [OpenID.attribute-exchange-1.0] Hardt, D., "OpenID Attribute Exchange", November 2006. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4646] Phillips, A. and M. Davis, "Tags for Identifying Languages", BCP 47, RFC 4646, September 2006. [W3C.REC-xmlschema-2-20041028] Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes Second Edition", World Wide Web Consortium Recommendation REC-xmlschema-2-20041028, October 2004, . 5.2. Informative References [Higgins-Ontology] Trevithick, P., "Higgins Ontology v1.10", October 2006. Hardt [Page 10] Attribute Properties November 2006 Author's Address Dick Hardt Sxip Identity 798 Beatty Street Vancouver, BC V6B 2M1 CA Email: dick@sxip.com URI: http://sxip.com/ Hardt [Page 11]