Community Cannon: Laws of Identity

The Laws of Identity developed by Kim Cameron are shown here in bullet point form with links to greater depth in the paper about the laws.  These were developed collaboration with the community and involved dozens of people's ideas are incorporated (see their names below).  They were first published serially in the winter of 2005 on Kim's blog and serve as one of the core foundations of the identity communities thinking.

1. User Control and Consent:

Digital identity systems must only reveal information identifying a user with the user’s consent. (Starts here…)

2. Limited Disclosure for Limited Use

The solution which discloses the least identifying information and best limits its use is the most stable, long-term solutio. (Starts here…)

The Law of Fewest Parties

Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship. (Starts here…)

4. Directed Identity

A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. (Starts here…)

5. Pluralism of Operators and Technologies:

A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers. (Starts here…)

6. Human Integration:

A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications. (Starts here…)

7. Consistent Experience Across Contexts:

A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies. (Starts here…)

The user-centric / user-driven identity community formed around the time that blogging was becoming common. Doc Searls a very early blogger was also a community thought leader and encouraged many members of  "the gang" to start their own blogs – to dialogue with each other and to share their ideas with each other and a wider world then a community mailing list provided. One of the key bloggers inspired at the time by Doc was Kim Cameron the chief Identity Architect at Microsoft. He came to Microsoft from a small company he founded ZoomIT where he invented metadirectory technology. Identity of people in the physical and digital world is complex and has many different tensions that need to be balanced.   He developed the Laws of Identity to articulate fundamental ideas/principles that need to be obeyed.  Here is how he explains this work:

I have undertaken a project to develop a formal understanding of the dynamics causing digital identity systems to succeed or fail in various contexts, expressed as the Laws of Identity. Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires.  They also provide a way for people new to the identity discussion to understand its central issues.  This lets them actively join in, rather than everyone having to restart the whole discussion from scratch. Those of us who work on or with identity systems need to obey the Laws of Identity.  Otherwise, we create a wake of reinforcing side-effects that eventually undermine all resulting technology.  The result is similar to what would happen if civil engineers were to flaunt the law of gravity. By following them we can build a unifying identity metasystem that is widely accepted and enduring.

Kim posted the laws one by one in the Winter of 2005 and generated a lot of interest and anticipation in doing so.  The community responded and shared their own ideas about the laws as they were published.   All of this feedback was taken and incorporated into what became the final document and he acknowledges them in this way.

The ideas presented here were refined here in the Blogosphere in a wide-ranging conversation that crossed many of the conventional faultlines of the computer industry, as well as in various private communications. In particular I would like to thank Arun Nanda, Andre Durand, Bill Barnes, Carl Ellison, Caspar Bowden, Craig Burton, Dan Blum, Dave Kearns, Dave Winer, Dick Hardt, Doc Searls, Drummond Reed, Ellen McDermott, Eric Norlin, Esther Dyson, Fen Labalme, Identity Woman Kaliya, JC Cannon, James Kobielus, James Governor, Jamie Lewis, John Shewchuk, Luke Razzell, Marc Canter, Mark Wahl, Martin Taylor, Mike Jones, Phil Becker, Radovan Janocek, Ravi Pandya, Robert Scoble, Scott C. Lemon, Simon Davies, Stefan Brands, Stuart Kwan and William Heath.

One Reply to “Community Cannon: Laws of Identity”

Leave a Reply