Here are the laws of identity as stated at www.identityblog.com:
The laws, I hope, are pretty self-explanatory, but I'll attempt to clarify or emphasize where appropriate. For a more detailed explanation, take a look at the Laws of Identity whitepaper. The first law states that the user must be in control, be informed, and give their consent before the system releases personal information. This law is at the heart of the oft-used term user-centric identity management (as opposed to domain-centric). The second and third laws are common sense: Identity information is sensitive so reveal the minimal amount to the fewest people necessary. The fourth law says that an identity system should support both public and private identities. A website like Amazon has a public identity. The more people who know that identity the better, as far as Amazon is concerned: The Amazon people are happy for it to be broadcast everywhere. A private individual, on the other hand, wants to share her identity only in a point-to-point fashion, not broadcast it to the whole world. The fifth law we've already covered. The sixth law emphasizes that the user is a fundamental part of the system, not an afterthought. The seventh law derives from the preceding two. If we accept that the human factor is crucial and there will be a mixture of operators and technologies, then there must be a unified experience across contexts for the system to be usable. |