Sunday, January 23, 2005, 10:21 AM

Laws? Of Identity?

Kim Cameron is going in the right direction with his Laws of Identity (http://www.identityblog.com/stories/2004/12/09/thelaws.html). Just one minor gripe ... the laws would more aptly be labelled Principles of Identity Systems Design... which might not sound as cool, but would more acurately describe the list.

Design Principles instead of Laws because the list is not about something that an authoritative body, or nature, or logic would enforce/assure; but rather, they are guidelines for architecting identity systems.

Identity Systems and not just Identity because the list is about systems that manage identity, not about fundamentals of identity itself. An identity law would be something like: no two users can share the same digital identity and be distinguishable online.

Here are the laws/principles proposed so far (listed for convenience):

1. Control: Technical identity systems MUST only reveal information identifying a user with the user's consent.

2. Minimal Disclosure: The solution which discloses the least identifying information is the most stable, long-term solution.

3. Fewest Parties: Technical identity systems MUST be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

4. Directed Identity: A universal identity system MUST support both "omnidirectional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

5. Pluralism: A universal identity system MUST channel and enable the interworking of multiple identity technologies run by multiple identity providers.

6. Human Integration: The universal identity system MUST define the human user to be a component of the distributed system, integrated through unambiguous human-machine communications mechanisms offering protection against identity attacks.

7. Contexts: The unifying identity metasystem MUST facilitate negotiation between a relying party and user of a specific identity - thus presenting a harmonious human and technical interface while permitting the autonomy of identity in different contexts. [Updated: Feb 10, 2005.]

Update (January 26, 2005):
  • Jamie Lewis has written on this in his blog article It's A Matter Of Principles.
  • Dave Kearns agreed with Jamie in It's the Principle of the Thing.
  • Craig Burton argues for sticking with "laws" in logs, links, life, and lexicon.
  • On Jan 25 Kim Cameron noted the discussion in Laws versus Principles.
  • How about using Identity Rule Set instead? -- Chris Ceppi

  • Update (February 10, 2005):

  • Jamie Lewis has more (and I think more definitively) to say in If You Think I Was Splitting Hairs Earlier . . .
  • 0 Comment(s):

    Post a Comment

    << Home