During IIW, the ICF Schema Working Group proposed and approved its first standardized claim definition. I’ve been following the workings of the schema group but not closely, and I was taken by surprise at the values defined as part of this precedent-setting claim element:
Claim Name: age-18-or-over
What? Want to know what the values MEAN? Sorry, you’ll have to look that up. What you see above is what a Mother or Father will see when they view values passed between the Identity Provider they are trusting to make claims about their children’s age, and a website that may restrict content based on that value.
Do you see the problem? Why on earth even have a selector if the standard claims we propose are not understandable by end users? Why use a meaningless number? To make it easier for the machines? For the developers? That’s crazy! Why don’t we make it easier for the people that are making selector-level security decisions on a daily basis? These schema types have to be created so that whenever possible, the data passed is legible to those attempting to understand the context of identity data flowing around them. Heck, if we created a vocabulary for content that could be distinctly identified and parsed by Selectors, we could even localize.
It’s taken me since IIW to really get my head around this – but I believe we need to set some very specific best practices around these schema elements, first and foremost being the primary design principle that these atomic elements should be designed for regular people, not for developers, and not for machines.
I’m going to do my best to argue this point today on the ICF working group call. If you think this is important, whatever your stance on the issue might be, I urge you to join the Information Card Foundation and to make your voice heard. Contact me if you aren’t sure what you need in order to join, I will put you in touch with the right people.
I think that best practices around claims schema is THE MOST IMPORTANT thing happening right now. It is worth taking the time to get this right. We’ll only get one shot at it.
The public version of the claim catalog is here: https://informationcard.net/wiki/index.php/Claim_Catalog