<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[Digital Identity] systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given [identity relationship|Identity Relation].

The [identity|Digital Identity]  system must make its [user|Natural Person] aware of the [party or parties|Relying Party] with whom she is interacting while sharing information.

The justification requirements apply both to the [subject|Digital Subject] who is disclosing information and the [Relying Party] who depends on it. 

[{$pagename}] is a [Law] defined in the [The Seven Laws Of Identity].

[Our|Microsoft Active Directory] experience with [Microsoft Passport] is instructive in this regard. Internet users saw Passport as a convenient way to gain access to MSN sites, and those sites were happily using Passport—to the tune of over a billion interactions per day. However, it did not make sense to most non-MSN sites for Microsoft to be involved in their customer relationships. Nor were users clamoring for a single [Microsoft identity service|Microsoft IDM Products History] to be aware of all their [Internet] activities. As a result, Passport failed in its mission of being an [identity|Digital Identity] system for the [Internet].

We will see many more examples of this law going forward. Today some [governments|Government Entity] are thinking of operating digital identity services. It makes sense (and is clearly justifiable) for people to use government-issued identities when doing business with the []government|Government Entity]. But it will be a cultural matter as to whether, for example, citizens agree it is &quot;necessary and justifiable&quot; for government identities to be used in controlling access to a family wiki—or connecting a consumer to her hobby or vice.

The same issues will confront intermediaries building a [trust fabric|Identity Trust Framework]. The law is not intended to suggest limitations of what is possible, but rather to outline the dynamics of which we must be aware.

We know from the [Law of User Control and Consent] that the system must be predictable and &quot;translucent&quot; in order to earn [trust]. But the user needs to understand whom she is dealing with for other reasons, as we will see in the [Law of Human Integration]. In the physical world we are able to judge a situation and decide what we want to disclose about ourselves. This has its analogy in digital justifiable parties.

Every party to disclosure must provide the disclosing party with a [policy] statement about information use. This [policy] should govern what happens to disclosed information. One can view this [policy] as defining &quot;[delegated|Delegation] rights&quot; issued by the disclosing party.

Any use [policy] would allow all parties to cooperate with authorities in the case of criminal investigations. But this does not mean the state is party to the [identity relationship|Identity Relation]. Of course, this should be made explicit in the [policy] under which information is shared.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>