Overview#
Introduced in
2004, as I recall, by
Kim Cameron The Seven Laws Of Identity is still the Strategic guidelines that should be used to determine if
Digital Identity systems are "there yet".
The Seven Laws Of Identity
 |
User Control and
Consent:
Identity systems must only reveal information identifying a user with the user's consent.
Minimal Disclosure for a Constrained Use: The identity system must disclose the least identifying information possible, as this is the most stable, long-term solution.
Justifiable Parties:
Identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
A universal
identity system must support both "omni-directional" identifiers for use by public entities and "uni-directional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
A universal
identity solution must utilize and enable the interoperation of multiple identity technologies run by multiple
identity providers.
Identity systems must define the human user to be a component of the distributed system, integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.
The unifying
identity metasystem must guarantee its users a simple, consistent experience while enabling separation of
contexts through multiple operators and technologies.
Conclusion#
Those of us who work on or with
identity systems need to obey the The Seven Laws Of Identity. Otherwise, we create a wake of reinforcing side effects that eventually undermine all resulting technology. The result is similar to what would happen if civil engineers were to flaunt the law of gravity. By following them we can build a unifying
identity metasystem that is universally accepted and enduring.
Full Paper on The Seven Laws Of Identity#
There might be more information for this subject on one of the following: