This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Law of Justifiable Parties
Law of Justifiable Parties

Version management

Difference between version and

At line 1 added 24 lines
!!! Overview
[Digital Identity] systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given [identity relationship|Identity Relation].
The [identity|Digital Identity] system must make its [user|Natural Person] aware of the [party or parties|Relying Party] with whom she is interacting while sharing information.
The justification requirements apply both to the [subject|Digital Subject] who is disclosing information and the [Relying Party] who depends on it.
[{$pagename}] is a [Law] defined in the [The Seven Laws Of Identity].
[Our|Microsoft Active Directory] experience with [Microsoft Passport] is instructive in this regard. Internet users saw Passport as a convenient way to gain access to MSN sites, and those sites were happily using Passport—to the tune of over a billion interactions per day. However, it did not make sense to most non-MSN sites for Microsoft to be involved in their customer relationships. Nor were users clamoring for a single [Microsoft identity service|Microsoft IDM Products History] to be aware of all their [Internet] activities. As a result, Passport failed in its mission of being an [identity|Digital Identity] system for the [Internet].
We will see many more examples of this law going forward. Today some [governments|Government Entity] are thinking of operating digital identity services. It makes sense (and is clearly justifiable) for people to use government-issued identities when doing business with the []government|Government Entity]. But it will be a cultural matter as to whether, for example, citizens agree it is "necessary and justifiable" for government identities to be used in controlling access to a family wiki—or connecting a consumer to her hobby or vice.
The same issues will confront intermediaries building a [trust fabric|Identity Trust Framework]. The law is not intended to suggest limitations of what is possible, but rather to outline the dynamics of which we must be aware.
We know from the [Law of User Control and Consent] that the system must be predictable and "translucent" in order to earn [trust]. But the user needs to understand whom she is dealing with for other reasons, as we will see in the [Law of Human Integration]. In the physical world we are able to judge a situation and decide what we want to disclose about ourselves. This has its analogy in digital justifiable parties.
Every party to disclosure must provide the disclosing party with a [policy] statement about information use. This [policy] should govern what happens to disclosed information. One can view this [policy] as defining "[delegated|Delegation] rights" issued by the disclosing party.
Any use [policy] would allow all parties to cooperate with authorities in the case of criminal investigations. But this does not mean the state is party to the [identity relationship|Identity Relation]. Of course, this should be made explicit in the [policy] under which information is shared.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop