Identifiers. An identifier is a character string that connects a real-world subject to a set of computerized data. Identifiers were simple when each person had exactly one. Now people generally have several identifiers, and identifiers apply not only to people, but also to group of people, or to objects (or groups of objects) such as printers and applications. Thus the relationships among a subject's identifiers, and policies associated with the assignment of identifiers, become important issues.
Authentication. Given the breadth of interactions that are now computer-assisted, establishing that a particular request is associated with a specific real-world subject becomes critical. The traditional approach of login and clear text password is far too insecure and inflexible for the variety of ways that clients need to authenticate to servers.
Directories. Much of the information about real-world subjects needs to be contained in a general-purpose, high-performance server that can respond to application requests for information. There are substantial technical and political issues in the development and operation of a directory service. Technically, determination of the elements of the directory (the schema), the ways of addressing the elements (the namespace), and operational issues such as replication and partitioning need to be addressed. Applications must be reengineered to use the directory. Policy issues include ownership of data, feeds into and out of the directory, and setting permissions to read and write data.
Authorization. An important subset of the information about a real world subject is what it is permitted to do. Authorization can range from allowing access to refined controls of a remote electron microscope to permissions to place purchase orders below a specified level on an institutional account. Defining these rules, including means to delegate or reassign authority on a temporary basis, as well as delivering this information to applications, are some of the challenges in this newly emergent area.
