Identity systems are an example. They are sufficiently complex that to adequately model and differentiate different systems, three 'axes' seems the bare minimum (4 would be better but ...)
These three seem useful:
Axis 1 - Control Mechanimsms - whether the system enables the user with direct (in the flow) or indirect control (through defined policies enforced by a trusted 3rd party) over the release of their identity.
Axis 2 - Relationships - the nature of the relationship (e.g. trust, legal, etc) between the entity releasing some piece of identity and the entity consuming it. DIfferent systems assume different degrees of coupling.
Axis 3 - Identity - the nature of the identity being shared, e.g. is it an identifier for a subject or other less discriminating attributes.
Different identity systems can be plotted against these co-ordinates. As an example, SAML's Web SSO Profile, when using persistent name identifiers and the HTTP Form POST Binding, can be characterized as:
- having the identity flow through the user-agent, and thereby enable direct user-control over its release
- typically sharing an identifier for the subject and not extra attributes (although possible)
- a symmetric relationship between Identity and Service Provider (the IDP 'knows' the SP as well as the opposite)
Others to follow.