22I/ Person schema design — Doing it Wrong? @nytimes
Person Schema Design - Doing it Wrong? @nytimes
Convener: David Wheeler
Notes-taker(s): Gaëlle Sharma
Tags for the session - technology discussed/ideas considered:
schema, schema design, person, user, credential, attribute, entitlement, claim, attestation, assertion, identity, persona
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Do you have organizations?
What is the target architecture?
DW: store JSON with a bunch of indexes / columns -- slightly fancy key value store
How many authentication methods?
What is the user experience? Do users use multiple authentication methods?
Developers have two accounts -- one personal, and one corporate, to keep their two worlds separate
Go and ask people about their schemas
Could be helpful. They may have some attributes you would never think of.
I’m in California - CCPA
You may want to download the data
The better ones may show you structure
The higher profile of the company, the better they are organized
Might be useful to see how FB/Amazon represent marketing information
As a programmer: claim is just a field
In an identity scenario: a claim is [something] stating that an entity has an attribute
A claim can be verifiable
Can verify who has made what claim
You can’t verify that the claim is true, just verify who made the claim
Is there anything that relates a user to the content?
Claim that you own the right to that content
Attestation that you want to verify a claim
Attributing a piece of content to a rights holder
A user with a specific credential, would have a credential to use a specific set of features
This is what I would associate with the relationship between the user and the content
Says that “names are specs” but I thought that was just an attribute of a person
OWASP - founded because people did use the same terminology
Should have definitions for words