12F/Kim Cameron & The Seven Laws of Identity
Kim Cameron & The Seven Laws of Identity
Session Convener: Doc Searls
Tags / links to resources / technology discussed, related to this session:
Kim Cameron's Identity Weblog Digital Identity, Privacy, and the Internet's Missing Identity Layer
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
From 2005-July-23 Slashdot story: "Something strange is a brewin' at Microsoft these days. Check out this video interview with Kim Cameron, Microsoft's Architect of Identity, about Kim's Laws of Identity." From the post: "We have undertaken a project to develop a formal understanding of the dynamics causing digital identity systems to succeed or fail in various contexts, expressed as the Laws of Identity. Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires. They also provide a way for people new to the identity discussion to understand its central issues. This lets them actively join in, rather than everyone having to restart the whole discussion from scratch." http://yro.slashdot.org/article.pl?sid=05/07/23/2118251 http://www.identityblog.com/stories/2004/12/09/thelaws.html
The Seven Laws of Identity (http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.html)
- User Control and Consent: Digital identity systems must only reveal information identifying a user with the user's consent.
- Limited Disclosure for Limited Use: The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
- The Law of Fewest Parties: Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
- Directed Identity: A universal identity metasystem must support both "omnidirectional" identifiers for use by public entities and "unidirectional" identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
- Pluralism of Operators and Technologies: A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
- Human Integration: A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
- Consistent Experience Across Contexts: A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.