W3C home > Mailing lists > Public > public-xg-socialweb@w3.org > January 2010

Kim Cameron's Laws of Identity

From: Harry Halpin <hhalpin@ibiblio.org>
Date: Wed, 20 Jan 2010 22:35:16 +0000
Message-ID: <b3be92a01001201435i7d65fe20y97a07bc7fa1f2fb5@mail.gmail.com>
To: public-xg-socialweb@w3.org
Following our phone call, here's some other "rules" for social web
work, including identity:

1. User Control and Consent:

    Digital identity systems must only reveal information identifying
a user with the user’s consent.

2. Limited Disclosure for Limited Use

    The solution which discloses the least identifying information and
best limits its use is the most stable, long-term solution.

3. The Law of Fewest Parties

    Digital identity systems must limit disclosure of identifying
information to parties having a necessary and justifiable place in a
given identity relationship.

4. Directed Identity

    A universal identity metasystem must support both
“omnidirectional” identifiers for use by public entities and
“unidirectional” identifiers for private entities, thus facilitating
discovery while preventing unnecessary release of correlation handles.

5. Pluralism of Operators and Technologies:

    A universal identity metasystem must channel and enable the
interworking of multiple identity technologies run by multiple
identity providers.

6. Human Integration:

    A unifying identity metasystem must define the human user as a
component integrated through protected and unambiguous human-machine

7. Consistent Experience Across Contexts:

    A unifying identity metasystem must provide a simple consistent
experience while enabling separation of contexts through multiple
operators and technologies.

In full, on his website [1].

Here's a poster, quite nice [2].

[1] http://www.identityblog.com/?p=353
[2] http://www.identityblog.com/wp-content/images/2009/06/7_Laws_of_Identity.jpg
Received on Wednesday, 20 January 2010 22:35:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:22:08 UTC