Passel has been a pretty huge learning curve for me – I’ve never tried to create a new protocol/technology from the ground up before. With the Jabber projects, I had the opportunity to contribute when things were getting off the ground, but Jer steered and made the big (and happily, correct) decisions. Now, it’s up to me to try and guide a project and I’m appreciating just how much work is involved.
One of the first big lessons I’ve learned is that effective and efficient communication is critical. This means that the terminology you use for a protocol is critically important, while simultaneously being completely insignificant. In order to effectively communicate with people, you have to use words that carry the right connotations and are not too overloaded. At the same time, it’s important to not get hung up on the terms and be willing to adjust for the sake of efficient communication (i.e. not having to say the same thing a half-dozen different ways, just because you don’t want to settle for existing words). Communiciation with these two characteristics is to a new protocol/technology as water is to a tree seedling – there’s no growth without it.
So, in the interest of effective and efficient communication, I am proposing (to anyone who cares) some adjustments to the Passel protocol.
Passel has this idea of a “pass” – an XML document issued by some party which contains values/attributes about a user. Unfortunately, while that word works, most people in the identity space aren’t really sure what to do with yet another term for such a document. So, we’ll start using the word “claim” when describing an XML document with values/attributes about a user. I contemplated using “assertion”, but I think I side with Kim Cameron in feeling that “assertion” carries too much weight about the validity of the data.
The next major term that keeps messing people up is the “Signer” terminology. People can’t seem to sort out what exactly a Signer is signing – and rightfully so, as “Signer” is a pretty weak word. Instead, we’ll just call any party who issues claims a…wait for it…“Issuer”! We could even be more specific about it and say “Claim Issuer”. I’m not real thrilled with this term just yet…but it’s better than Signer.
Finally, the biggest term that people keep tripping over is “profile”. That particular word carries certain connotations in the identity space, specifically as set of messages that may be exchanged over a particular transport. So, we’ll start using the word “trust model” (and <trust -model> in the protocol) to capture what we formerly meant by “profile”. A trust model is the way in which a set of values (in a claim) can be verified as authoritative from a specific Issuer. It’s how a Passel Target verifies a claim, or part thereof, to be valid.
So, those are the changes we’ll be making to the protocol and other docs that describe Passel. Hopefully it will help people better understand what Passel is all about and minimize hang ups on terminology. It’s all about becoming incrementally more effective and efficient communicators of technology.