Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Seven Laws of Identity

Posted by Zonk on from the you-are-who-you-are dept.

pHatidic writes "Something strange is a brewin' at Microsoft these days. Check out this video interview with Kim Cameron, Microsoft's Architect of Identity, about Kim's Laws of Identity." From the post: "We have undertaken a project to develop a formal understanding of the dynamics causing digital identity systems to succeed or fail in various contexts, expressed as the Laws of Identity. Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires. They also provide a way for people new to the identity discussion to understand its central issues. This lets them actively join in, rather than everyone having to restart the whole discussion from scratch."

17 of 250 comments (clear)

  1. say what by ta+ma+de · · Score: 3, Interesting
    identity layer it so obviously requires

    Says who? How can something that is inanimate require anything? People create requirements. Maybe M$ needs the internet to have an identity layer, I say, tough noogies for them. I don't require the internet to have an "identity layer." And since I have spent this entire weekend in the "total proportion vortex," I know that my opinion is more important than M$'s.

  2. One step closer... by jmcmunn · · Score: 4, Interesting


    This just makes me feel like I am one step closer to the personalized advertising (think minority report?) where every site I visit is bombarding me personally (instead of anonymously) with ads for stuff I recently looked at or purchased.

    If I know who I am connected to, we're only a step away from advertisers and companies knowing who is connected to them.

    I don't see scams online being any worse than over the phone or anything else. I could get a call from some random person and see "out of area" on my caller id, and they could try to sell me some product, eventually acquiring my credit card number, or some other personal information. It's no less anonymous than online really, IMHO.

  3. Passport's failure is not a question of "context" by poopooboi · · Score: 3, Interesting

    This is philosobabble bullshit. Most people at MSN couldn't even figure out how to integrate passport into the internal apps correctly (i.e. without trouble on the client side a lot of the time).

    That's the problem. It was shit. Shit doesn't shine in any context. I'm still listening, but my impression so far is that of a pseudointellectual who needs a reality check.

  4. Microsoft's Architect of Identity by Anonymous Coward · · Score: 4, Interesting

    What ever happed to being a good'ole programmer? Or if you really stuck with it, you'd be a senior programmer.

    All this architect shit is just a bunch of marketing crap that is foisted on folks in lieu of salary.

    I don't know about Microsoft, but at Bank of America, when the "architects" join the conference calls, that's my cue that it's about to get thick and smelly.

  5. Please. Stop. by Anonymous Coward · · Score: 4, Interesting

    Ugh. What a pretentious pile of horse hockey. Here are the shills of Microsoft, attempting to co-opt your data once again, by creating pseudo-intellectual "Laws of Identity". What a laugh. Why don't they fix their stupid insecure OS instead? Because they can't. It's beyond fixable. So now they seek to redefine identity in the virtual space so they can claim the high road in secure transactions.

    Please. Stop. You are hurting people. You are the problem, and you should please cease and desist, and go away. I am fine with my identity, and the rights therof under the laws of my land. If you were actually LIABLE for your crappy software, then you wouldn't have the time to create this faux intellectual crap. Just because you lable it a law does not make it so....

  6. Seems quite a reasonable article by Anonymous+Brave+Guy · · Score: 3, Interesting

    Having skimmed the article (the PDF works fine for all you 404 moaners...) it seems to make a lot of reasonable arguments. The title isn't entirely clear: we're basically talking about prerequisites for an effective identity framework to exist. In this respect, it's good to be up-front in acknowledging principles like the first law:

    Technical identity systems must only reveal information identifying a user with the user's consent.

    Any hint of subterfuge will immediately harm any information-based system's credibility, so we might as well start by ruling out the most serious form.

    I also like the claim-based approach. A claim needn't be "I am John Doe of 16 Some Street, Someville." It can be much more general, e.g., "I am a member of Group X, and therefore entitled to access Service Y." I think this sort of framework is far more likely to gain user acceptance and trust, and with good reason. The author clearly realises this as well; the second law is:

    The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution.

    All in all, given my stated views about complete anonymity on the Internet, this sort of research seems like useful progress, and a better compromise and basis for further research than much that I've seen before.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  7. Other way around by pHatidic · · Score: 3, Interesting
    Identity is used to protect your privacy, not to violate it. Currently, the only way your bank can know who you are is to record your name, Date of Birth, SSN, mother's maiden name, phone number, address, etc. However none of this is needed at all, the only thing that your bank needs to know is that the same person who put the money in is the same as the person who is taking it out. If we had an identity system, this would be possible. Instead of needing to enter in 20+ personal identifiers about yourself, there would be just one number and none of your other personal info would be needed.


    So really your feeling of your lack privacy loss comes from not having enough identity, and not the other way around.

  8. One more thing by pHatidic · · Score: 4, Interesting
    This was my original post. Zonk changed it to make it more anti-Microsoft:

    "Something strange is a brewin' at Microsoft these days. To see what I mean, check out this video interview with Kim Cameron, Microsoft's Architect of Identity, about Kim's now famous now famous Laws of Identity. Personally, I was so schocked to see Micrsoft come down this hard on the side of open standards and corporate responsibility that I almost choked on my tinfoil hat. Is this the beginning of a new Microsoft? But more importantly, now is the time to start an open and ongoing discussion about the future of digital identity. Is Kim's vision something the Slashdot community could get behind?"

    1. Re:One more thing by Anonymous Coward · · Score: 1, Interesting

      Zonk pointlessly made something more sensationalistic? I'm shocked. SHOCKED.

    2. Re:One more thing by Anonymous Coward · · Score: 2, Interesting

      Zonk misquoted you. It says you wrote what he quotes, but you assert you wrote something else. That is just sad. Changing a submission to a more anti-X point of view is one thing, misquoting someone so that it appears he/she wrote that anti-X point of view is another. Sad, sad, sad. This blog is just that. A bunch of zealots with dogmatic views. Microsoft sucks. Apple and Google rocks. Sad. For the record, this Anonymous Coward 'dislikes' both Microsoft (and Google) and although i haven't read the PDF yet the concept worries me a little already but that Microsoft is gonna try it via an open standard is an interesting note. I think a smart one too for their goal and adoption, but nevertheless and interesting one. Interesting enough to add the notion in the ****ing story.

    3. Re:One more thing by InfoCynic · · Score: 2, Interesting

      Slashdot editors are anti-Microsoft? Sheesh, next thing you know they'll be telling me that Linux is some sort of superior operating system or something...

      --

      "Recta non toleranda futuaris nisi irrisus ridebis"

    4. Re:One more thing by Trogre · · Score: 2, Interesting

      Zonk changed it to make it more anti-Microsoft

      Which is surprising, given that Zonk is a suspected XBox (and therefore Microsoft) shill.

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  9. Does the internet really need an identity layer? by ShatteredDream · · Score: 2, Interesting

    Given the fact that the TSA just got caught trying to continue TIA, I think that this is the last thing we need. It starts out very innocently. The industry adds something like this and pretty soon we have followup laws that begin to gradually force software to make full use of any sort of identity layer. Anonymity becomes nearly impossible, and for many countries that means that the Internet loses its alleged immunity to censorship.

    One of the things that disturbs me about this sort of thing is that extreme rendition can work both ways. The Syrian government might want their back scratched for a change and Uncle Sam then turns over a few names held on US soil using USA PATRIOT Act powers to secret get the information. If our government is willing to ship people to get tortured, what makes anyone think that it's not immoral enough to scratch another, more abusive government's back a little by helping them clamp down on dissent?

    Biometric information tied to your credit card would go a very long way toward solving many of these crimes. What we need are open standards for communicating and storing biometrics information. I should be able to look into a webcam with a retina scanner and it should be able to tell Amazon.com that I'm the person who owns the credit card being used. The problem with this system is that it'll end up making something like TIA more realistic because it'll be accompanied by laws that force software developers to make good use of it.

    --
    Click here or a puppy gets stomped!
  10. Re:No, but probably by kaens · · Score: 5, Interesting
    There would be advantages to having the ability to trace back all online activities to someone - you are correct in saying that spamming, virus distribution, etc could be reduced. The problem, of course, is the "suitable authorities" issue. If implemented, something like this would have a lot of chances for abuse.

    I honestly would not trust anybody with a position of political power to have the capability of tracking back everyone's online activities - there is too much of a chance that it would eventually get used for reducing more than just the harmful activities, it could get used for reducing the amount of people in the public that have dissenting opinons.

    Also, even if the capability could be introduced, it would be cracked/spoofed/worked around somehow eventually, unless there was some sort of way to prevent computers from communicating with each other in the ways that they currently do, and some sort of way to prevent people from creating their own networks.

    Subject to the devil in details, agreed. The thing is, who do you think would have control over what the details are? As it stands not you or I.

    --
    kaens.blogspot.com
  11. Ontologies by Tetravus · · Score: 2, Interesting

    It sounds like Microsoft has learned about ontologies, you know those things that we're going to use to build the semantic web. Now they're trying to build an identity ontology to allow software agents to act on your behalf. I'd prefer to see something based on authorization rather than identification but MS doesn't work along those lines. I looked at the 'Laws of Identity' page and the blog it's sourced from, but didn't watch the vid... so consume this comment with some skepticism.

  12. Re:Obviously? by it_flix · · Score: 2, Interesting

    For example, your television and coffee maker can have an identity without comprosing your personal anonymity. But your coffee habits and program choices can reveal a lot about your personal identity. Especially if the coffee maker and the tv can be tied together.

    --
    www.notesmax.com
  13. Golden Rule by Doc+Ruby · · Score: 2, Interesting

    Rule #1: MS Passport is the only choice for identity management.

    --

    --
    make install -not war