Kim Cameron continues to explore Laws of Identity. He points out that this is not some philosophical exploration, but one bent on creating a practical basis for a universal identity system:
I'd like to take a moment to look at what I'm trying to achieve with this exploration of the Laws of Identity.
I've pointed out already that our discussion here is not about the "philosophy of identity" - which is a compelling but entirely orthogonal pursuit.
Instead, I am trying to reveal the set of "objective" dynamics that will 0constrain the definition of an identity system capable of being widely enough accepted that it can enable distributed computing on a universal scale. I do not propose my laws as "moral imperatives", but rather as explanations of dynamics which must be mastered to craft such a universal system.From Kim Cameron's Identity Weblog
Referenced Mon Dec 06 2004 10:14:34 GMT-0700
This practical basis is the reason for their appeal to me. His first three laws are:
- Law No. 1: The Owner Decides - Technical identity systems MUST only reveal information identifying a user with the user's consent.
- Law No. 2: Minimal Disclosure - The solution which discloses the least identifying information is the most stable, long-term solution.
- Law No. 3: The Fewest Parties - Technical identity systems MUST be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
I think you'd agree that these are pretty practical. I posted an example of why Law No. 2 is important last week, relating it to the security principle of least privilege. So far, the most controversial law of the three seems to be No. 1. That's probably because so few identity systems abide by it.
Equally problematic is getting a handle on what the user's rights really are with respect to identifying information. Let me give an example. Suppose Kim walks into convenience store and purchases a bottle of soda. Later, I come in an ask the clerk "Did Kim buy a bottle of Coke earlier?" Does Law No. 1 preclude the clerk from telling me without Kim's assent? Many would say yes, but in fact, that transaction is jointly owned by the two parties to the transaction. The transaction is not strictly speaking identity information, although it certainly does tell us something about Kim, the transaction is better thought of as relationship information.
Here's another look at that same scenario. Suppose, I go up to Kim after he's been in the store and ask "Did the store sell you a bottle of Coke?" Does Kim have the right to tell me? Practically speaking the store doesn't mind, but suppose they did. The transaction has as much identity information about the store as it does about Kim. Relationship data links two or more identities, telling us something about each of them.
I believe that much of our talk about identity, and about privacy, is confounded by our collective myopia concerning relationships, or data about how identities are linked. When we look at it from just one side, we're likely to mistakenly build systems that asymmetrically protect relationship data. These systems are inherently unfair and thus prone to controversy. So, I'll add something that I think needs to be in Kim's laws:
- Treat Relationship Data Symmetrically - Relationship records (i.e. records that link one or more parties) MUST be treated symmetrically for the identity system to be fair.