The Laws of Identity

Kim Cameron posted a busy person’s summary of the Laws of Identity and invited comments. Here is my version.

The Laws of Identity are fulfilled when …

  • Individuals using computers can be in control of the information they give out about themselves.
  • Individuals can give out just the information needed for the purpose at hand, and only to those who need it.
  • 3rd parties can not link up all the ways individuals have used the Internet. For example, an individual always using a single identifier would be a big mistake.
  • Individuals can choose who provides their identity information to whom and for what purpose.
  • Individuals can understand how the identity system works and are able to make rational decisions and protect ourselves.
  • Individuals can operate the identity system with a universally consistent, comprehensible user experience even though behind the scenes, different technologies, identifiers and identity providers are being used.