Thursday, April 05, 2007

Seven Laws of Identity in a Nutshell

Kim Cameron from Microsoft wrote the Seven Laws of Identity white paper that has had popular acclaim since it was published. In the TechNet Magazine on "Managing Identity" he wrote a nice sidebar titled "Seven Rules in a Nutshell". Since I can't point you directly to it I thought I would transcribe them here for you viewing pleasure...

1. Technical identity systems must only reveal information identifying a user with the user's consent.

2. The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

3. Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

4. A universal identity system must support both "omnidirectional" identifiers for use by public entities and "unidirectional" identifiers for user by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

5. A universal identity system must channel and enable the interworking of multiple identity technologies run by multiple identity providers.

6. The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human/machine communication mechanisms, offering protection against identity attacks.

7. The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

I installed WinFX the other night on my Windows XP system and created my own Information Cards and then used one to logon to Kim's blog - it worked!

Now if I could get a Quest property or two to accept either OpenIDs or InfoCards...

Technorati Tags:
, , , ,

No comments: