Working in identity in the early 2000s, I remember early versions of the Laws being circulated by Kim when I was working at Midentity.
The Law of Identity in summary
| Title | Description | |
| 1 | User Control and Consent | Technical identity systems must only reveal information identifying a user with the user’s consent. |
| 2 | Minimal Disclosure for a Constrained Use | The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution. |
| 3 | Justifiable Parties | Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in agiven identity relationship. |
| 4 | Directed Identity | A universal identity system must support both “omni-directional”identifiers for use by public entities and “unidirectional” identifiers foruse by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. |
| 5 | Pluralism of Operators and Technologies | A universal identity system must channel and enable the inter-workingof multiple identity technologies run by multiple identity providers. |
| 6 | Human Integration | The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks |
| 7 | Consistent Experience Across Contexts | The unifying identity metasystem must guarantee its users a simple,consistent experience while enabling separation of contexts through multiple operators and technologies. |
No comments:
Post a Comment