Links: Identity management

A couple of links relating to identity management

I was at ScotWeb2 last Friday (great event by the way, and top soup was provided) – it was good to put faces to names and catch up with old contacts. A hightlight for me was meeting with Iain Henderson of mydex.org (and hearing his talk). It sounds like mydex is doing a lot of good work with the right people, though the their blog is still quiet and the website is sparse.  Looking forward to finding out more as the project matures.

Related to that, is a link and a topic I’ve been sitting on for a while: Kim Cameron’s Laws of identity.

  • The way the Internet was built limits what we can do with it and exposes us to growing dangers and we will face rapidly proliferating episodes of theft and deception that will cumulatively erode public trust in the Internet.A formal understanding of the dynamics causing digital identity systems to succeed or fail in various contexts, expressed as the Laws of Identity. Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires. They also provide a way for people new to the identity discussion to understand its central issues.

    Those of us who work on or with identity systems need to obey the Laws of Identity. Otherwise, we create a wake of reinforcing side-effects that eventually undermine all resulting technology. The result is similar to what would happen if civil engineers were to flaunt the law of gravity.

The laws themselves are:

  1. User Control and Consent: Digital identity systems must only reveal information identifying a user with the user’s consent.
  2. Limited Disclosure for Limited Use: The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
  3. The Law of Fewest Parties: Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
  4. Directed Identity: A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
  5. Pluralism of Operators and Technologies: A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
  6. Human Integration: A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
  7. Consistent Experience Across Contexts: A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.
Advertisements

About Peter Cruickshank

Lecturer in the School of Computing and a member of the Centre for Social Informatics at Edinburgh Napier University, Scotland. Interested in information systems, learning, politics, society, security and where they intersect. My attempts at rounding out my character include food, cinema, running, history and, together with my lovely wife, bringing up a cat and a couple of kids.
This entry was posted in Daily Links, Privacy, Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s