LDAPWiki: Digital Subject

Overview#

Digital Subject is the Identity Correlation of one or more Digital Identities into one entity

There are always a lot of discussions on Digital Subject or Principal or Digital Identity and a lot of confusion.

We will use the term Digital Subject which we feel is interchangeable with the following:

Principal

when used within the Digital Realm or namespace.

Some comments about Digital Subject may help with the concepts:

Digital Subject has one or more different Digital Identitys.
The usage of the different Digital Subjects is dependent on the Digital Context to which the Digital Identity is presented.
A Digital Subject has zero or more Identity Attributes [1]
Some of these Identity Attributes may be Subject Relationships that are references to other Digital Identitys in the same or different Contexts [1]

Although any given Digital Subject is relevant to, and exists within a given Digital Context, a single Entity may be represented as one (or more) Digital Identity(s) in one Digital Context and yet another Digital Identity in another Digital Context.

By linking or "federating" these disparate Digital Subjects one can gain a more Federated Identity view of a given Entity.

Contexts represent different systems, organizations and entire enterprises with widely varying storage and trust models are handled using the Digital Subject linking approach.

The information contained in a Digital Subject is not necessarily a pure subset of the union of all of the information contained in all of the Digital Subjects of an Entity taken together.

There is no consistency constraint imposed between the Digital Subjects of an Entity. For example, a person could claim that their name was Jim in one Digital Subject and Jeemster in another.[1]

A Principal in the context of a security Domain. SAML Assertions make declarations about Digital Subjects.[2]

Java Authentication and Authorization Service (JAAS) refers to this as simply Subject or Principal.[3]

An Entity represented or existing in the digital realm which is being described or dealt with.[4]

Examples of Many Digital Subjects#

Just as you have in your wallet:

Then you decide which of these cards you present is based on where (which Context or Realm), in the physical world, you are presenting the cards to which maybe:

Your Bank
Your employer
Grocery Store

The who or where is the context or Realm.

For example the Entity "Bob Smith" could be represented as two Digital Identitys;

the first having "bsmith" as an identifier
the second having "bob" as an identifier.

These two Digital Subjects may be in the same or in different Contexts.[1]

Through Identity Correlation the two Digital Subjects could be placed within on Digital Subject

Realm or Digital Context #

Similar to what in the physical world is "The who or where is the context or realm", in the digital world we also have a Realm or Digital Context.

More Information#

There might be more information for this subject on one of the following:

[#1] - http://wiki.eclipse.org/index.php/Digital_Subject - Retrieved 2013-02-09
[#2] - http://www.oasis-open.org/ - Retrieved 2013-02-09
[#3] - http://java.sun.com/javase/6/docs/api/javax/security/auth/Subject.html - Retrieved 2013-02-09
[#4] - http://IdentityGang.org - Retrieved 2013-02-09

Overview#

Examples of Many Digital Subjects#

Realm or Digital Context#

More Information#

Realm or Digital Context #