**
****Posted
8:24 AM
**

*
Phil, Tim, Scott, Johannes - & Humpty Dumpty (update)
*

*'When I use a word,' Humpty Dumpty said, in a rather scornful tone,' it means just what I choose it to mean, neither more nor less.' *A couple of months ago Phil Windley posted his

thoughts on the word 'Identity.' This was prompted by Tim Greyson's

posting on the same topic. Both are worth spending some time considering the use of the term.

So today both

Scott Lemon and

Johannes Ernst did just that.

Both take the term "Identity" and find that it's best defined as "Being the same as" (in Scott's terms). I'm not sure I agree.

Now in math, Identity does mean exactly that. In mathematics, identity can refer to an equality that remains true regardless of the values of any variables that appear within it. Not "equivalent", not "similar" but "the same" in all respects. That is, (to take the trigonometric poster child for Identity):

(sin X)^2 + (cos X)^2 = 1

which is true for all values of X.

This is the basis of the term "identical," as in identical twins. But the "Identity" we use in Identity management has more to do with the verb Identify than it does with the adjective Identical. When we "Identify" something, we demonstrate it's difference from all other things, not it's sameness. We often refer to identical twins as "indistinguishable" (in fact, they do have different fingerprints). Even Phil seized on this in his posting when he asked: "do identical twins have different identities?" The answer, of course, is yes.

An entity's "identity" is the same total of all the values of all the attributes associated with that entity. Can we then devise a mathematical formula or relationship to compute that value? No, I don't think so. While the number of attributes is finite, in my opinion, yet the number is extremely large and the cost of compiling a complete list far outweighs the benefit. Because we don't need all of the values of all of the attributes to differentiate two entities - generally, a small subset is all that is needed. A DNA sample and a fingerprint, for example, can differentiate every person who has ever (and will ever have) lived. But since we don't have DNA-readers attached to our computers just yet, we have to make do with other differentiators.

Of course, when trying to differentiate one entity from another for an on-line transaction what we actually do is request identifiers from the entity so that they can be compared to a stored (or computed value). If the proferred identifiers are identical to the stored (or computed) ones, then we consider that the entity is sufficiently differentiated to grant approval to the authentication.

Strange word, "Identity," and we seem to be making it stranger every day!

**UPDATE**: Shekhar Jha

thinks it may be less a question of Humpty Dumpty, and more about the

blind men and the elephant.