I was listening to 🎙️this podcast and of course duly reminded of Kim Cameron’s 7 Laws of Identity, so replaying here for posterity. You can 🔗 read a quick summary here.
Law 1: User control and consent
Technical identity systems must only reveal information identifying a user with the user’s consent
Law 2: Minimum disclosure for a constrained use
The solution which discloses the least amount of identifying information and best limits its use is the most stable long-term solution
Law 3: Justifiable Parties
Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship
Law 4: Directed Identity
A universal identity system must support both “omni-directional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles
Law 5: Pluralism of Operators and Technologies
A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers
Law 6: Human Integration
The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks
Law 7: Consistent Experience Across Contexts
The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies
Down here in sunny New Zealand, I have been helping a local man with his identity solution. More on that in due course - because - guess what - its pretty much ‘tops’ .. and expression I learned last night which is the antonym of ‘pants’ … but I digress.
It turns out his system hits all seven laws - and that’s just how it worked out, to because he designed to them. This gives me even more confidence that we are on to something. It would be kinda like building a robot and then realizing it is ‘Asimov compliant’.
