[Federation] editorial: make distinction about Subordinate and Descendants

Issue #2120 resolved

Giuseppe De Marco created an issue 2024-02-23

In the current documentation, the terms "Subordinate" and "Descendant" are used, but a clear distinction between these two terms is not explicitly made.

Subordinate typically refers to an entity that is directly under another in the hierarchy, implying a direct reporting or dependency relationship.

Descendant, on the other hand, encompass all entities that fall under a particular entity in the hierarchy, including all levels of subordination below the specified entity, not just the immediate level.

Making this distinction clear in the documentation will improve understanding and communication about the federation's structure, particularly in discussions about trust chains, and policy application across different levels of the federation hierarchy according to the transitive trust property underlying the delegation model we have in the specs.

I would also consider adding examples or diagrams to visually illustrate the difference between Subordinates
and Descendants within a federation context.

Usage_of_Terms_Subordinate_and_Superior_2-Mar-24.txt

Comments (10)

Michael Jones
- assigned issue to
  
  Michael Jones
- 2024-02-23T16:45:33+00:00
Michael Jones
- changed status to open
- 2024-02-23T16:46:02+00:00
Vladimir Dzhuvinov
Note to self: Take this into account in the metadata_policy rewrite.
- 2024-02-23T16:46:54+00:00
Michael Jones
- changed milestone to Implementer's Draft
- 2024-02-24T19:50:50+00:00

Michael Jones

attached Usage_of_Terms_Subordinate_and_Superior_2-Mar-24.txt

  <div class="preview-container wiki-content"><!-- loaded via ajax --></div>
  <div class="mask"></div>
</div>

</div> </form>

2024-03-02T22:22:48+00:00

Michael Jones
To help inform this set of decisions, I gathered data about how terms use used in the spec today. Here’s a summary. See the attachment for the raw data that this is based on.

CHARACTERIZATION OF USES OF "Subordinate" and "Superior"

Characterization of existing uses of the term "Subordinate". Uses are categorized into these meanings:
```
Immediate Subordinate - 13 uses (5 explicitly labelled as "immediate")
Tree of Subordinates - 14 uses
No Difference for Subordinate usage in the Context - 2 uses

Uses of "Subordinate Statement", other than its definition, are not included in the counts.
```
Characterization of existing uses of the term "Superior". Uses are categorized into these meanings:
```
Immediate Superior - 17 uses (5 explicitly labelled as "immediate")
Chain of Superiors - 4 uses
No Difference for Superior Usage in the Context - 2 uses
```
PERTINENT TERMNOLOGY PHRASES USED

"immediate Subordinate" and "immediately Subordinate"
5 uses

"immediate Superior"
5 uses

"Subordinate Entity" / "Subordinate Entities"
5 uses with immediate Subordinate meaning
2 uses with tree of Subordinates meaning

"Superior Entity" / "Superior Entities"
5 uses with immediate Superior meaning
0 uses with chain of Superiors meaning

"descendant"
1 use with immediate Subordinate meaning
- 2024-03-02T22:23:29+00:00
Michael Jones
Having thought about the data that I gathered and what will be most straightforward to write and read, I propose that we go with these definitions:
- Subordinate Entity:
An Entity that is an immediate Subordinate of a Superior Entity (a Trust Anchor or Intermediate).
- Superior Entity:
An Entity that is an immediate Superior to one or more Entities (which are Subordinate to it).
- Descendent Entity:
An Entity that is a Subordinate of or in a chain of Subordinates leading up to another Entity (which it is Descended from).
- Ancestor Entity:
An Entity that is a Superior of or in a chain of Superiors leading down to another Entity (which it is the Ancestor of).

‌
- 2024-03-03T02:48:25+00:00
Michael Jones
Here's the new proposed definitions based on our latest discussions:

Subordinate Entity:
- An Entity that is somewhere below a Superior Entity (a Trust Anchor or Intermediate) in the trust hierarchy, possibly with Intermediates between them. This is also called a Subordinate.
Superior Entity:
- An Entity that is somewhere above one or more Entities (a Leaf or Intermediate) in the trust hierarchy, possibly with Intermediates between them. This is also called a Superior.
Immediate Subordinate:
- An Entity that is immediately below a Superior Entity in the trust hierarchy, with no Intermediates between them.
Immediate Superior:
- An Entity that is immediately above one or more Subordinate Entities in the trust hierarchy, with no Intermediates between them.
‌
- 2024-03-07T05:11:40+00:00
Roland Hedberg
I like this proposal.
- 2024-03-08T16:08:36+00:00
Michael Jones
- changed status to resolved
Fixed by https://bitbucket.org/openid/connect/pull-requests/711
- 2024-03-15T21:50:37+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: major

Status: resolved

Component: Federation

Milestone: Implementer's Draft

Version: –

Votes: 0

Watchers: 1

Comments (10)

PERTINENT TERMNOLOGY PHRASES USED