Seven Laws and Seven Flaws for Managing Identity
I just looked at this over on the Planet Identity weblog. Maybe it’s because it’s early in the morning, but it seems just brilliant to me.
It links to Mark Wahl at Ldap.com and gives Kim Cameron’s ‘Seven Laws of Identity:’
1. Digital identity systems must only reveal information identifying a user with the user’s consent.
2. The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
3. Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
4. A universal identity metasystem must support both ‘omnidirectional’ identifiers for use by public entities and ‘unidirectional’ identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
5. A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
6. A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
7. A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.
It’s not exactly as simple as Asimov’s 3 Laws of Robotics, but seven… simple… laws.
It follows up with Mike Neuenschwander’s Seven Tragic Flaws of Identity:
1. Failure of the weakest links mustn’t lead to catastrophe
2. Don’t put the role before the start
3. Not every identity nail requires the technology hammer
4. Use of a system invites abuse of it
5. Identifying things doesn’t make them more secure
6. Identity isn’t about the individual
7. There are a lot more than 7 flaws
And Mark Wahl then carries the conversation on from there. Go read it.
July 20th, 2007 at 12:42 pm
The Laws are simple enough, but the problem is, as always, in implementation. I interviewed Kim Cameron, whose laws those are, for the Inquirer at CFP this year about his ideas for implementing them. There’s been a lot of criticism of Microsoft for going it alone instead of joining one of the existing bigger projects - Liberty Alliance, primarily.
wg
July 20th, 2007 at 5:02 pm
Um, wg? CardSpace (KIm’s project) has lot’s of interaction with both the Liberty Alliance, the Bandit Project and even the OpenID project. You might be thinking of the Microsoft/IBM Web Services Initiative (WS-*) which has similar functionality as the Liberty Alliance spec, but is more all encompassing. But even there, convergence is slowly occurring.
July 23rd, 2007 at 8:23 pm
I assure you, the criticism exists, which is all I was saying about it; Cameron was asked point-blank why Microsoft hadn’t joined the Liberty Alliance, and he replied that he doesn’t do religious wars. I was not the person who asked the question.
ISTM that there are two warring instincts in all identity system designs: 1) the desire to have an easy life, which implies linking as much as possible across a single identity. (Cue Mark Twain: I say *put* all your eggs in one basket - and then watch that basket!) 2) the desire for privacy, which implies keeping things separate and limited as much as possible.
wg
July 24th, 2007 at 10:57 am
Tom, I think there are a couple missing from Mike’s corollaries:
- They’re not Laws, they’re Principles… (or, if you are a Pirates of the Caribbean fan… “more what ye might call… guidelines…”)
- #6 should include non-human identities
Dave, the fact remains that Microsoft has not been a Liberty member, for the 5+ years of that organisation’s existence. Interaction between Liberty and Kim has only been possible, as I understand it, insofar as it could take place in a context not subject to any Liberty-style non-assertion agreement: for instance, the unconferences jointly run with Kaliya et al., or the more recent Concordia initiative.
I’m not pointing the finger here, and I maintain that a great part of Kim’s contribution has been to introduce his work to the world without generating a religious war.
July 31st, 2007 at 11:28 am
Yup. Laws is a word one should not use lightly among lawmakers - they dont like it. It was a big challenge for these customer-friendly laws to embrace the world of public services and the non-consensual aspects of government (ie the bits where the consent is given by society even if the individual disagrees). Anyway, it was fun and Ideal Gov “assisted” in the French sense.
See the earlier bits:
http://www.idealgovernment.com/index.php/search/results/0bedddaa4e5126eddd9091d8754e083c/