Product Management :: Product Marketing

09 December, 2021

Kim Cameron and the Seven Laws of Identity

Kim Cameron, who died at the end of November, was the author of the seminal Seven Laws of Identity in 2004, which remains a super test of the good use of personal data and identity. A good man & a man for good - RIP.

Working in identity in the early 2000s, I remember early versions of the Laws being circulated by Kim when I was working at Midentity.

The Law of Identity in summary

Title Description
1 User Control and Consent Technical identity systems must only reveal information identifying a user with the user’s consent.
2 Minimal Disclosure for a Constrained Use The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution.
3 Justifiable Parties Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in agiven identity relationship.
4 Directed Identity A universal identity system must support both “omni-directional”identifiers for use by public entities and “unidirectional” identifiers foruse by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
5 Pluralism of Operators and Technologies A universal identity system must channel and enable the inter-workingof multiple identity technologies run by multiple identity providers.
6 Human Integration The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks
7 Consistent Experience Across Contexts The unifying identity metasystem must guarantee its users a simple,consistent experience while enabling separation of contexts through multiple operators and technologies.

No comments: