Seven Laws of Identity

Identity Management is a complex subject and one that can be hard to wrap your hands around. Journal 16 of "The Architecture Journal" focuses on this subject. One thing that caught my eye was the 7 Laws of Identity:

Law #1 User Control and Consent
Technical identity systems must only reveal information identifying a user with the user’s consent.

Law #2 Minimal Disclosure for a Constrained Use
The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

Law #3 Justifiable Parties
Digital-identity systems must be designed so that the disclosure of identifying information is limited to parties that have a necessary and justifiable place in a given identity relationship.

Law #4 Directed Identity
A universal-identity system must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities—thus, facilitating discovery while preventing unnecessary release of correlation handles.

Law #5 Pluralism of Operators and Technologies
A universal-identity system must channel and enable the interworking of multiple identity technologies run by multiple identity providers.

Law #6 Human Integration
The universal-identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.

Law #7 Consistent Experience Across Contexts
The unifying identity metasystem must guarantee its users a simple and consistent experience, while enabling separation of contexts through multiple operators and technologies.

To read more, go to:
http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf