Mike Neuenschwander, an associate research director at Burton Group introduced what he called the "seven flaws of identity," a take on Kim Cameron's Seven Laws of Identity. Here they are:
- Failure of the weakest link mustn't lead to catastrophe. For example, smart card deployments are sufficient protection against social engineering and inside attacks. Encrypting the channel doesn't stop dumpster diving.
- Don't put the role before the start. Role engineering is important, but it doesn't drive the project.
- Not every identity nail requires the technology hammer. Technology may be fine, but without governance, it will fail.
- Use of a system invites abuse of the system. Test the architecture with attack vectors.
- Identifying things doesn't make the more secure. Identification can improve security, but security isn't an inevitable outcome. Over-identification has repercussions.
- Identity isn't about the individual. It's about the relationship. IdM encompasses the services community's need for organization.
- There are a lot more than seven flaws.