A DoNAI presents a general syntax for identities. This form may represent many different things, and for a remote peer we do not even know which. A few possible uses of the syntax are:

  • Host names are systems with an IP address. The DoNAI has no user component, and can often be looked up in DNS to find its IP address.
  • Domain names are more abstract names that usually refer to a set of machines and/or services. Very often, services are defined under a domain, and the protocol receiving a remote DoNAI may look it up by incorporating such protocol-specific knowledge.
  • Users are humans operating computers; their address may be usable for email, chat, telephony and so on. Whether these actually work cannot be known without trying it.
  • Services are similar to humans, except that they are automated. They are also referred to as bots. It can be useful to identify services with a distinct name. Humans can often infer fro mthe name that they are dealing with a bot, using their knowledge of the real world.
  • Aliases or pseudonyms are similar to user names, but they can be deliberately used to avoid tracing back contact details.
  • Roles represent an aspect of a user that is more descriptive of their responsibilities. One user may fulfil many roles, and the same role may be subsumed by multiple users. There may or may not be ways to contact users at the address represented in the DoNAI.
  • Groups reperesent multiple users acting as one. This is in many ways comparable to groups.

In short, there is a lot that can be represented in DoNAI forms, but the form itself does not reveal the type used. This means that the types are the choice of the owner of an identity, and this choice is indistinguishable from the external viewpoint. This implies that external treatment cannot be different; for example, a service could not reject an alias and insist on an "original" form of identity. Likewise, groups are externally treated without distinction.

The one certainty that can be had however, is that the identity can be proven through security protocols. For instance, the TLS Pool can be used to authenticate remote users and protect traffic from intrusion by others halfway the discussion. After such a step of authentication (which answers to who is this?) it is common to employ authorisation (answering to may he do this?) for which the access control page contains details.