Archive

Monthly Archives: March 2013

Often in IT discussions regardless of how formal or informal, with business persons or experts, there is often a fair amount of confusion about the concepts of address and identity.

An address is a topological identifier, a “position” in some space. In order for any two distributed parties to communicate requires a communication channel, with a party at each end. The channel will have an address at each endpoint.

  • a chat room name is an address in a chat provider’s collection of chat rooms.
  • a GPRS coordinate is an address in the coordinate system of GPRS.
  • a map coordinate is an address in the Geographic coordinate system.
  • a postal address or POBOX is an address in a national postal services
  • a telephone number is an address in the global space of telephone numbers.
  • an InternetProtocol address is an address in the Internet.
  • a domainname is an address in the DNS namespace, where the function of DNS is to map domainnames to InternetProtocol addresses.
  • an email address is the name of a mailbox to which emails can be sent, and received from.
  • a JMS queue/Topic is an address in the local namespace of a JMS ServiceProvider.

Eventhough a map coordinate has on first thought nothing to do with communications, it can still be used as the point at which communication can take place with over time. For example two people could exchange letters by going to a specific map coordinate each day but at different times. This can be represented as a communication channel where each endpoint has the same spacial Address, but a different time. In information theory, a communication channel’s endpoints can have both spacial and time dimensions.

An identity is a name associated with an “actor” or “agent” of a system which actively participates in some process. Identities need authentication at the service provider ( so that the service provider can trust the agent claiming the identity is who he says he is ). Once the identity is proven, the service provider can determine the authorizations of the identity – through some prior trust, directory lookup, SSO, or some federated mechanism like XACML.

  • Any username used in a login scheme is an Identity.
  • Any X.509 certificate claims an Identity of the certificate’s subject attribute.

In the “login” sense above, an email address is also an Identity when someone trying to send or receive email logs into the service provider providing the email address as username together with a password.

This overlapping usage can be a source of confusion, i.e. when an address is used as an identity in some use-case.