Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch


Location, Location, Location

Location as an attribute - sorry, 'claim', - of identity has been buzzing around the identity blogosphere these past few days. This comment by Bob Blakley (I'm guessing this is the right Bob Blakley - somebody please correct me if I'm wrong!) on Kim Cameron's Identity Blog is particularly interesting:

The ISO 10181-3 Access Control framework was very clear about this, so there's really no need to be unclear. 10181-3 divided authorization attributes into categories: (1) subject attributes, (2) target attributes, (3) request attributes, (4) context attributes. The POLICY took all these attributes into account when making a decision. Identity claims are subject attributes. Location claims, because they are not unique to a subject and because a subject's location may change (and because the protocols carrying requests usually do not natively support location) are context attributes. Trying to make location an identity (=subject) attribute will greatly complicate the storage and management of identity information, with no gain in functionality over what is already gained by treating location (properly) as a context attribute. Time, as you point out, Mark, is also a context attribute, as is "client device capability".

It struck me tonight that the answer to the question of whether location is a subject attribute or a context attribute is (as usual) "it depends". In applications where a policy requires that a subject's location meet some criterion to gain access to a resource, location is indeed a context attribute. However, it isn't quite that simple.
Consider a simple weather service for cellphone users. The user sends the word 'forecast' as an SMS message to the service. The service responds with an SMS message containing the day's forecast (and probably also an ad targeted at your current location). As far as the weather service is concerned, your only identity is your location. It doesn't care who you really are, or even if you are the same you that requested a forecast from a different location yesterday. I would contend that, in this context, location is a subject attribute.

UPDATE: See comments - Alan Nichols clears this up with the concept of the anonymous user.

Filed under: Identity Leave a comment
Comments (4) Trackbacks (0)
  1. I disagree. Location is still a context attribute. In this case, the subject attribute is null (anonymous) or irrelevant.

  2. “As far as the weather service is concerned, your only identity is your location.”

    In the scenario you describe, there would need to be a way to send back the reply – if the only identity were the location, then the weather service would have to broadcast the response to every subscriber in that location. In this case there is an originating mobile number that is part of the request as well.

    Perhaps you are thinking of a scenario where there are multiple tiers – a portal that maps your mobile cell into a geographic area, which then contacts an external weather service over a traditional connection, provides that location area as input and reformats the response forecast into an SMS message. This would not be very different from a stock quote service that sends back an SMS message with price information based on the stock portfolio you’ve configured with your service provider.

  3. Ahhh – Alan – thanks. I think you’re right. The user’s identity is ‘anonymous’ (well, apart from their cellphone number), and location is a context attribute.

    So, to take a common (non-location) use case, with Shibboleth, if I SSO from one the University of Warwick to University of York, I am anonymous (no subject attributes), but I have a context attribute that says I’m a student at the University of Warwick. York can then provide me services based on that information and its relationship with Warwick.

    Similarly, one can conceive of services that would use location rather than university attendance to authorize access. My cellphone provider asserts my location, and service providers can provide me with services based on that location and their relationship with my cellphone provider. Okay – makes sense.

    I still think there’s a pretty fuzzy line between subject and context attributes, though…

  4. Pat, I think the position outlined in the comments is correct now; “is located at x” is a predicate which doesn’t necessarily carry any identity information. The only way to avoid having to broadcast the weather data is to have some other piece of identity data (i.e. the subscriber number).

    The assertion “The man in the corner is my father” may be true (if your father is in the corner), but “is in the corner” would only be a general assertion of your father’s identity under somewhat weird circumstances (i.e. if the only way to be in that corner is to be your father).

    Off the top of my head, the only working example I can think of is “The man sitting on that chair is the author of one of my text-books”. That sentence, spoken in the right place, would always and uniquely identify the philosopher Jeremy Bentham… but only because he’s been stuffed and mounted in University College London. (!) (He donated his body to science and they took him literally… ;^)

Leave a comment

No trackbacks yet.