D2.2: Set of use cases and scenarios

Title: VIRTUAL PERSONS

Virtual Persons

The goal of this section is to provide the basic definitions used in the next section to clarify the meanings of identity, identification and the like. 

Definitions

In many countries, the law distinguishes two types of personalities: the physical persons and the legal persons. First we characterize both and then we present a unifying concept: the so-called “subject”. 

Definition 1 (Physical person)A physical person is the physical mask of a human being.

Note that we explicitly do not restrict our definition to living human beings as even dead people may have some rights, as for example the right to a decent funeral. 

Definition 2 (Legal person)A legal person is any personality which is recognized by the law of a country; it has rights and duties. It is often recorded in registers and has a legal status.

A legal person can be for example a company, an organization or a community. 

The next definition gathers together physical and legal persons, as well as everything that can —in some given context— be mistaken with such persons: for example the wind closing a door, or the program ejecting a member of a forum for using forbidden words, or the dog opening the door and breaking the plates.

Definition 3 (Subject)A subject is any set of physical or legal person having —in a given context— some analogy with a physical entity.

Here subject is not opposed to object. Indeed, physical objects can satisfy our definition of a subject. In our definition, subjects typically play a role; they look like the grammatical «subject» in a sentence as has been pointed out by Sarah Thatcher. Our subjects are, they have, they do (or behave) or they know something just like physical persons.

Three basic classes of authentication technologies (cf. FIDIS D2.1 (2005)) are commonly considered

1. something you know

2. something you have

3. something you are

We want to introduce a fourth one: 

1. something you do

Something you 

Figure 1: Classes of authentication technologies 

We propose the following Cartesian representation to classify these four classes.

In this table, the four classes of authentication technologies are characterized using four categories: attribute, ability, role and acquisition. 

We present also the dual table, where labels and contents (i.e. categories and classes of authentication technologies) are exchanged. 

This puts into evidence two types of classes: 

1. internal classes (are, know) 

2. external classes (have, do) 

The relations between these classes, their categories and their type are summarized in the following diagram: 

Figure 2 : Relations between authentication technologies 

We will define the concept of virtual person while keeping in mind these authentication technologies. Indeed our definitions are “application oriented”.

We observe that from a practical point of view, in most situations, a subject is accessed through a mask it is wearing. One subject can have many masks: one at work, another at home, with friends or with its banker. One mask can also be worn by many subjects: two people sharing the same computer have the same IP address. In some situations, the mask is transparent and the link between the mask and the subject is almost trivial. On the other hand, in other situations, it is difficult (or even impossible) to link a mask and the subject behind it.  

However, from a practical point of view, it is enough to work with those masks, instead of the subjects, to achieve most of the tasks related to identification and/or authentication.  

This is the main motivation to create and develop the concept of virtual person.

Definition 4 (Virtual Person)A virtual person is a mask defined by its attribute(s), and/or its role(s), and/or its ability(-ies), and/or its acquisition(s). The entity behind the mask, if it exists, is a subject.

Figure 3: Virtual Persons 

Fig.3 illustrates the fact that we often access a mask without any knowledge of the entity behind it. Do I talk to a single person or to a group? Is it a program or a person? Who/what did indeed close the door? 

Note that the duality of tables 1 and 2 shows that we can also define a virtual person by what it knows, and/or what it has, and/or what it is and/or what it does. 

Examples of Virtual Persons

In this section we present several examples of virtual persons. Note that a virtual person can be defined by one or more criteria.  

Virtual persons can be defined by roles:

1. “Are” (role & attribute) the President of the United States, the Pope, the Driver of the bus number 8, the first owner of a given car or the buyer in a given transaction.

2. “Do” (role & ability) the person who opened the door, what has caused the door to close, the one who ejected you from the IRC forum, the person who killed JFK or the first man to walk on the moon.

In the last example, the virtual person did have some existence even before it was linked to an existing human, since it was already possible in the 50s to talk about him without knowing who he would be. 

1. “Are & Do” The instigator of a crime is defined both by it is and it does (or have done). So is the actress playing the role of catwoman.

Virtual persons can be defined by acquisitions: in particular, we can define a virtual person by its knowledge or what it has.

1. “Know” (acquisition & ability) The one who knows my credit card’s PIN code, the one who knows the private key corresponding to a given public key, the one who knows who killed JFK.

2. “Have” (acquisition & attribute) The holder of my cell phone, the shareholder of 51% of the shares of a given company, the one who holds some token, the holder of your credit card…

Any attribute can also be used: the owner of a fingerprint, the person in front of whom I stand, the tallest person in the world.

The same is true for any ability: the one who can break the system, etc.