The Laws of Identity


Here are the laws of identity as stated at www.identityblog.com:

  1. User Control and Consent

    Technical identity systems must only reveal information identifying a user with the user's consent.

  2. Minimal Disclosure for a Constrained Use

    The solution which discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

  3. Justifiable Parties

    Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

  4. Directional Identity

    A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

  5. Pluralism of Operators and Technologies

    A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.

  6. Human Integration

    The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.

  7. Consistent Experience across Contexts

    The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

The laws, I hope, are pretty self-explanatory, but I'll attempt to clarify or emphasize where appropriate. For a more detailed explanation, take a look at the Laws of Identity whitepaper.

The first law states that the user must be in control, be informed, and give their consent before the system releases personal information. This law is at the heart of the oft-used term user-centric identity management (as opposed to domain-centric).

The second and third laws are common sense: Identity information is sensitive so reveal the minimal amount to the fewest people necessary.

The fourth law says that an identity system should support both public and private identities. A website like Amazon has a public identity. The more people who know that identity the better, as far as Amazon is concerned: The Amazon people are happy for it to be broadcast everywhere. A private individual, on the other hand, wants to share her identity only in a point-to-point fashion, not broadcast it to the whole world.

The fifth law we've already covered. The sixth law emphasizes that the user is a fundamental part of the system, not an afterthought.

The seventh law derives from the preceding two. If we accept that the human factor is crucial and there will be a mixture of operators and technologies, then there must be a unified experience across contexts for the system to be usable.




Presenting Microsoft Communication Foundation. Hands-on.
Microsoft Windows Communication Foundation: Hands-on
ISBN: 0672328771
EAN: 2147483647
Year: 2006
Pages: 132

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net