May 242007

Phil Karlton said (at least once in my hearing anyway) that naming things was one of the two hard tasks in computer science (reading X Toolkit Intrinsics — C Language Interface, to which he contributed, will give you some idea why he said it); I discovered the truth of this yet again when writing the FAQ for our Identity Provider for OpenID. In this case, it was even more convoluted, being about what to name the thing that names names.

When a Sun employee signs up at the Sun IdP there is no necessity for them to put their real names in the fields marked “first name” and “surname”; they can use a fictitious name if they choose (or put nothing at all). In common English, this fictitious name is often called a pseudonym. The various definitions of pseudonym would seem to fit this usage very well, so I was preparing to use it in the FAQ. Except for, it turns out that those steeped in identity management terminology tend to find that plain-English usage of the word confusing.

In SAML, for example, a pseudonym is defined as A privacy-preserving name identifier assigned by a provider to identify a principal to a given relying party for an extended period of time that spans multiple sessions; can be used to represent an identity federation. In Liberty Alliance work, the definition is An arbitrary identifier assigned by the identity or service provider to identify a Principal to a given relying party so that the name has meaning only in the context of the relationship between the parties. The same or similar meaning is used within WS-Security (the user identity [is] provided in a SAML assertion as a pseudonym) and WS-Federation (A pseudonym service allows a principal to have different aliases at different resources/services or in different realms, and to optionally have the pseudonym change per-service or per-login).

So in order to make life easier for those poor, easily confused identity management experts, I’ll be using the term “fictitious name” in the FAQ, where I would otherwise have used “pseudonym”, an added cost of one letter and one word per usage. I hope they appreciate my efforts to help them.

  16 Responses to “Naming Names”

  1. Nom de plume? Nom de guerre? 🙂

  2. I agree (frequently and loudly) that naming is still the hardest issue in IT. It’s complicated by the fact that the number of unique concepts we need to identify is vastly greater than the number of words in any language. So jargon is all about re-purposing existing words to mean something new, and then you have to avoid using the jargon words when you are writing text for people who are new to the topic. I don’t see this problem going away quickly.

    By the way, isn’t “avatar” almost the geek equivalent of pseudonym, these days?

    Cheers, Tony.

  3. “what to name the thing that names names” (gasp!) – WebArch might suggest giving it a URI.

    Here’s one:

    (there’s also foaf:accountName)

    btw, the FOAF spec is currently in a phase of tightning up, in part to encourage its reuse in “professional” environments.

  4. The name authority?

    “Nodes is nodes and properties is properties. Tell me who gets to name the names so we can get on with business.”

    Tony, an avatar is an immanent deity, of course. It’s definition in 3D worlds is one of the lasting arrogant presumptions of gaming that will stand based on frequency and amplitude of use. And so it goes.

  5. Avatar fits tho, since it represents you, who presumably have deity status of a type, existing above and beyond the virtual world.

  6. I’m not clear what level we’re talking about here. If it’s a name for the thing that names names, then something like “nominator” might do. But if it’s the made-up name that needs a word to describe it (rather than the thing that makes up the name) then “handle” or “nickname” seem easy.

  7. Why does it have to be a “name” derivative? Could it simply be their OpenId “ID”? (or is that a separate field?).

    AOL goes for “screen name” (not so pretty).

    On Bulletin Board Systems, the term used was “handle”. I always thought that was a good word for one’s moniker.

  8. What is the other hard thing in Computer Science?

  9. According to Phil Karlton, it was caching (or cache invalidation, I can’t exactly remember which).

  10. But what if it the name is correct? Then calling it “fictitious” is wrong. “Fictitious” asserts that the name is always made up, never correct.

    On the net, we often call this a “handle”, a usage which goes back at least to CB radio and probably farther.

    If that is too much jargon or conflicts with another use of “handle”, try “user-provided name”. That is explicit about the source and trustworthiness of the name.

    Also, I really wish people would stop using positional labels like “first name” and “surname”. We’ve known that doesn’t work for Japanese names for at least twenty years. X.400 has a simple, clear alternative, with “given name”, “family name”, and “common name”.

  11. If it is the alternative name, (aka), then ‘alias’ is appropriate.

    An avatar wouldn’t be the namer of the name. It would be the immanent representation of the named entity. It’s the same difference as a W3C-defined ‘resource’ vs. the thing returned by de-reference. (oh… the bag o’ worms of abstraction is fettered thing).

    Walter: you are right about the cultural name problem. I’m having that debate with my team as we speak. Fortunately, where committees have been at it for a few years, I can punt to a schema reference, but it is a good example to give to a new young fresh faced intern to thrash for awhile.

  12. You could go Ghostbusters on it and call it “NameMaster” or “NameKeeper” (or Xuul, but that’s already taken by Mozilla).

    Gerard: Cache Invalidation was the other hard thing, but I think that was before Java encouraged people to play with threads without really understanding what they were getting themselves in to.

  13. The problem does not arise from calling a particular piece of data something in one place. The problem arises when you call the fields on the registration screen “firstname” and “surname”, then use a term like “pseudonym” to refer to these values in an FAQ, and possibly even more terms in other places. Then of course there are other fields, such as the OpenID ID. There might be one name on the registration screen and the field might be called something else (like username or nickname) elsewhere.

    The end user is the one who gets confused. The user isn’t always sure whether these are the same or not, so when the user has a problem and calls/emails for support, they start using all the terms somewhat indiscriminately. They might say “pseudonym” when they mean the OpenID ID. They might say “nickname” when talking about “firstname”, because they entered their nickname into that field.

    So some simple advice to system designers is to be very, very consistent in use of terms, and to think about how the terms might be misinterpreted by end users and support personnel, who typically support many systems, all of which use different or overlapping vocabulary to refer to identity-related data.

  14. Lauren, I work in a totally different world so I am not entirely sure I understand the problem. But in my world names and what to call them and how to store them are certainly very big issues, it goes far beyond the Japanese once you have to start dealing with naming conventions from the darker bits of Africa.

    In my world, there isn’t any kind of consensus. I have seen the law enforcement/security types use “name given” which works except that it confuses with “given name” for folks from languages much less word-order driven. Sometimes they try and deal with it with “name proffered” which has its own and similar issues.

    Currently we are using “name you are called” (by my friends? by my acquaintances? by my family? by my spouse? by my boss? by my co-workers? by my motherinlaw? and ahem by my sisterinlaw? and it gets much worse) and “name of your family” (dad, clan, sept, village, ancestral grandmother, district, tribe, hell) all of which turns out to be very problematic as well.

    On the immigration side of things it basically comes down to shoehorning which is why I am a Bray not a Bratrud nor a Donaldson/Billson/Williamson or even an Haraldson (nor even a Steepfield or Fitzwatson or Evelynson). Hell, I’m not even clearly a Rob or Robert or Bob or whats’iznamethatguy. Clear simple identity is the hopeless holy grail of the security industry, and in my experience, totally and utterly futile.

    To name a namer? Call it fool’s quest or certainly wrong or facist exercise or ID idolatry or conundrum generator. It would be kinda cool to have a name that actually reflected what is was (or wasn’t).

  15. So duh, on further reflection, the thing that names names for the purposes of entry into something and being forever known and tracked by that name thereafter should obviously be called “immigration.” (We all see the world through our own lens of course.)

  16. Not really. It is basic:

    1. Self-identity (what the entity knows itself by) is obtained by query.

    2. Identification (the process of assigning a name) is a function.

    3. Name maintenance (the process of checking that the entity queried is named as queried) is a call and response process, so a variation on one.

    It doesn’t become mystical until the named entity is abstract and cannot be queried.

    Naming is hard because it is political. Cacheing is hard because it has a real-time component. Real-time or dynamic systems is one aspect that the URI-based naming/identification web system has problems with because a resource is abstract and the representation is many-to-one so identity, as illustrated by Claude Shannon’s work, is inherently noisy or ambiguous and the problem is now cost of creating redundant systems to eliminate noise in a single channel. Thus systems such as SAML.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



/* ]]> */