Overview#

Introduced in 2004, as I recall, by Kim Cameron The Seven Laws Of Identity is still the Strategic guidelines that should be used to determine if Digital Identity systems are "there yet".

The Seven Laws Of Identity

Content unavailable! (broken link)https://ldapwiki.com/wiki/The%20Seven%20Laws%20Of%20Identity/7_laws_of_identity.jpg

1 Law of User Control and Consent#

User Control and Consent: Identity systems must only reveal information identifying a user with the user's consent.

2 Law of Minimal Disclosure For A Constrained Use#

Minimal Disclosure for a Constrained Use: The identity system must disclose the least identifying information possible, as this is the most stable, long-term solution.

3 Law of Justifiable Parties#

Justifiable Parties: Identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

4 Law of Directed Identity #

A universal identity system must support both "omni-directional" identifiers for use by public entities and "uni-directional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

5 Law of Pluralism of Operators and Technologies#

A universal identity solution must utilize and enable the interoperation of multiple identity technologies run by multiple identity providers.

6 Law of Human Integration#

Identity systems must define the human user to be a component of the distributed system, integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.

7 Law of Consistent Experience Across Contexts#

The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

Conclusion#

Those of us who work on or with identity systems need to obey the The Seven Laws Of Identity. Otherwise, we create a wake of reinforcing side effects that eventually undermine all resulting technology. The result is similar to what would happen if civil engineers were to flaunt the law of gravity. By following them we can build a unifying identity metasystem that is universally accepted and enduring.

Full Paper on The Seven Laws Of Identity#

• The Seven Laws Of Identity/TheLawsOfIdentity.pdfContent unavailable! (broken link)(info)

More Information#

There might be more information for this subject on one of the following:

• ISO 29100
• Kim Cameron
• Law
• Law of Consistent Experience Across Contexts
• Law of Directed Identity
• Law of Human Integration
• Law of Justifiable Parties
• Law of Minimal Disclosure For A Constrained Use
• Law of Pluralism of Operators and Technologies
• Law of User Control and Consent
• Life Management Platform
• Microsoft Passport
• News
• Self-Sovereign Identity
• The Laws of Relationships
• User-centric Identity

---

• [#1] - MSDN Article on Microsoft's Vision for an Identity MetasystemContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png - based on information obtained 2013-04-10
• [#2] - From Kim Cameron's BlogContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png - based on information obtained 2013-04-10