Thursday, October 26, 2006

Microsoft's 7 Laws of Identity

[Tags: ]. High concept stuff here in an era where our personal identities and privacy are increasingly important. Microsoft's laws are summarised below, but you may want to read (and re-read) the original document.

The Laws of Identity

1. User Control and Consent

Technical identity systems must only reveal information identifying a user with the user's consent. (Blogosphere discussion starts here...)

2. Minimal Disclosure for a Constrained Use

The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution. (Starts here...)

3. Justifiable Parties

Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship. (Starts here...)

4. Directed Identity

A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. (Starts here...)

5. Pluralism of Operators and Technologies

A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers. (Starts here...)

6. Human Integration

The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks. (Starts here...)

7. Consistent Experience Across Contexts

0 Comments:

Post a Comment

<< Home