1007 blog posts ago, Kim Cameron rocked the Identity planet when he rolled out the Laws of Identity. He recently release the “short version” of these laws. Here they are:
People using computers should be in control of giving out information about themselves, just as they are in the physical world.
The minimum information needed for the purpose at hand should be released, and only to those who need it. Details should be retained no longer than necessary.
It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.
We need choice in terms of who provides our identity information in different contexts.
The system must be built so we can understand how it works, make rational decisions and protect ourselves.
Devices through which we employ identity should offer people the same kinds of identity controls - just as car makers offer similar controls so we can all drive safely.
I think the last one still hasn’t quite nailed the issue. We are not after similar identity controls just for safety, we seek consistency for comfort and assurance. People will use the same mechanism over and over if consistency is present. It doesn’t have to be identical, just consistent.
2 responses so far ↓
1 zem // Sep 9, 2008 at 7:54 pm
I agree that the sixth one isn’t covered in the short version. I don’t think the car metaphore works. Consistency isn’t the answer either.
From the 6law paper after law6:
“We have done a pretty good job of securing
the channel between web servers and
browsers through the use of cryptography –
a channel that might extend for thousands of
miles. But we have failed to adequately protect
the two or three foot channel between
the browser’s display and the brain of the
human who uses it. This immeasurably
shorter channel is the one under attack from
phishers and pharmers.”
It is the human in the loop problem - the atoms to bits gap - relying on the untrustable - it is still there and not going away any time soon. Everyone ignores it. The new MS recruit Stefan Brands doesn’t even know of it. MS will only truely want it when they need to rely on it for billing purposes. Anything they support will meet thier needs, not those of law6.
I’d respond on the orignal post, but it seems to be broken to me (and has for some time). I am in with KyleH on his response to Kim’s blog - webpage needs fixing.
2 Sanjay Tandon // Sep 22, 2008 at 1:06 pm
It appears that my former colleague Kim forgot to add one fundamental law…
… devices through which we employ identity must be measurably “trustworthy”
IMHO, we have a long way to go before we can arrive at a trustworthy foundation upon which the world can do business.
Best,
Sanjay
Leave a Comment