Kim Cameron’s Laws of Identity
Kim Cameron, Chief Identity and Access Architect at Microsoft, published " the 7 laws of identity." For a more complete description and discussion, please follow the link to Kim's blog.
- User Control and Consent —Technical identity systems must only reveal information identifying a user with the user’s consent.
- Minimal Disclosure for a Constrained Use — The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.
- Justifiable Parties — Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
- Directed Identity — A universal identity system must support both “omni-directional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
- Pluralism of Operators and Technologies — A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.
- Human Integration — The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.
- Consistent Experience Across Contexts —The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.
Read Kim Cameron’s Laws of Identity
