Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Seven Laws of Identity

Posted by Zonk on from the you-are-who-you-are dept.

pHatidic writes "Something strange is a brewin' at Microsoft these days. Check out this video interview with Kim Cameron, Microsoft's Architect of Identity, about Kim's Laws of Identity." From the post: "We have undertaken a project to develop a formal understanding of the dynamics causing digital identity systems to succeed or fail in various contexts, expressed as the Laws of Identity. Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires. They also provide a way for people new to the identity discussion to understand its central issues. This lets them actively join in, rather than everyone having to restart the whole discussion from scratch."

14 of 250 comments (clear)

  1. I win! by Anonymous Coward · · Score: 5, Funny

    "We have undertaken a project to develop a formal understanding of the dynamics causing..."

    Bingo!

  2. Obviously? by Atlantis-Rising · · Score: 5, Insightful
    ...that can offer the Internet the identity layer it so obviously requires.

    It obviously requires an identity layer? News to me. As a card-carrying member of the tinfoil hat brigade, I prefer anonimity.

    --
    "It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
    1. Re:Obviously? by pHatidic · · Score: 4, Insightful
      It obviously requires an identity layer? News to me. As a card-carrying member of the tinfoil hat brigade, I prefer anonimity.

      You can have both, i.e. you can have strong identity and strong anonymity at the same time. For example, your television and coffee maker can have an identity without comprosing your personal anonymity. Furthermore, identity is only a record of your actions. You can create a record of your actions without actually tying that record to yourself. This way you give your anonymous speech more credibility without compromising your privacy.

  3. Seven is 5 too many by realmolo · · Score: 4, Insightful

    We all know that the only 2 rules are going to be:

    1. Any corporation can find out whatever they want to about you for whatever reason, and use that information for any purpose they see fit.

    2. Rule number 1 also applies to city/state/federal governments

    I wish I was joking, but I'm not.

  4. One step closer... by jmcmunn · · Score: 4, Interesting


    This just makes me feel like I am one step closer to the personalized advertising (think minority report?) where every site I visit is bombarding me personally (instead of anonymously) with ads for stuff I recently looked at or purchased.

    If I know who I am connected to, we're only a step away from advertisers and companies knowing who is connected to them.

    I don't see scams online being any worse than over the phone or anything else. I could get a call from some random person and see "out of area" on my caller id, and they could try to sell me some product, eventually acquiring my credit card number, or some other personal information. It's no less anonymous than online really, IMHO.

  5. Oops Microsoft, you don't know your own identity! by joelparker · · Score: 4, Funny
    Tell me, Microsoft, what good is identity... when you cannot find your own web pages?

    Browser report is 404 Not Found. Doh!

  6. No, but probably by Anonymous+Brave+Guy · · Score: 4, Insightful

    You're entitled to your tinfoil-wrapped opinion, of course, but as I always point out in these discussions, there would be a lot of advantages to having some form of confirmed identity connected with Internet-based activity, even if it's generally concealed or only anonymously verifiable except to suitable authorities.

    If everything could ultimately be tracked back to you eventually, things like spamming, virus distribution, defamation, on-line fraud, and numerous other harmful behaviours would be dramatically reduced. You could improve a lot of people's lives here.

    Of course, you also have to identify "suitable authorities" who should get the right to access this information. That might be relatively easy in the West -- we have court systems that most people would probably trust to issue such orders if and when necessary -- but the Internet is international and what's free speech to you might be illegal anti-government propaganda in certain other places.

    Personally, I think most of the supposed advantages of anonymity on the Internet are illusory anyway. Does anyone really believe that all these people in China are happily speaking freely on the Internet as it stands today anyway?

    Hence, on balance, a reliable identity system gets my conditional agreement, subject to the devil in the details of course.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    1. Re:No, but probably by kaens · · Score: 5, Interesting
      There would be advantages to having the ability to trace back all online activities to someone - you are correct in saying that spamming, virus distribution, etc could be reduced. The problem, of course, is the "suitable authorities" issue. If implemented, something like this would have a lot of chances for abuse.

      I honestly would not trust anybody with a position of political power to have the capability of tracking back everyone's online activities - there is too much of a chance that it would eventually get used for reducing more than just the harmful activities, it could get used for reducing the amount of people in the public that have dissenting opinons.

      Also, even if the capability could be introduced, it would be cracked/spoofed/worked around somehow eventually, unless there was some sort of way to prevent computers from communicating with each other in the ways that they currently do, and some sort of way to prevent people from creating their own networks.

      Subject to the devil in details, agreed. The thing is, who do you think would have control over what the details are? As it stands not you or I.

      --
      kaens.blogspot.com
  7. Microsoft's Architect of Identity by Anonymous Coward · · Score: 4, Interesting

    What ever happed to being a good'ole programmer? Or if you really stuck with it, you'd be a senior programmer.

    All this architect shit is just a bunch of marketing crap that is foisted on folks in lieu of salary.

    I don't know about Microsoft, but at Bank of America, when the "architects" join the conference calls, that's my cue that it's about to get thick and smelly.

  8. Re:say what by Dachannien · · Score: 4, Insightful

    Indeed. Passport should be proof enough that most Internet users are not interested in an identity layer.

    On the other hand, the Internet is sorely lacking in appropriate identity verification measures for the sorts of e-commerce being done by people who don't grasp the concept of spyware (despite it having a firm grasp on them).

    The problem in this case is, who gets to implement such a standard? The list of laws sounds good on paper, but once corporations or governments start trying to implement it, any concept of user privacy goes out the window. And as commercialized as the Internet has become, it's becoming incredibly difficult for benevolent users to set these standards and have them perpetuated without abuse or wanton modification.

  9. Please. Stop. by Anonymous Coward · · Score: 4, Interesting

    Ugh. What a pretentious pile of horse hockey. Here are the shills of Microsoft, attempting to co-opt your data once again, by creating pseudo-intellectual "Laws of Identity". What a laugh. Why don't they fix their stupid insecure OS instead? Because they can't. It's beyond fixable. So now they seek to redefine identity in the virtual space so they can claim the high road in secure transactions.

    Please. Stop. You are hurting people. You are the problem, and you should please cease and desist, and go away. I am fine with my identity, and the rights therof under the laws of my land. If you were actually LIABLE for your crappy software, then you wouldn't have the time to create this faux intellectual crap. Just because you lable it a law does not make it so....

  10. Anonymity by mosel-saar-ruwer · · Score: 4, Informative

    As a card-carrying member of the tinfoil hat brigade, I prefer anonimity

    Here are the seven principles, in abbreviated form [if anyone could make voodoo dolls of the creators of the PDF format, and stick pins in their - ah - whatevers, I'd be most grateful]:

    1) User Control and Consent
    Technical identity systems must only reveal information identifying a user with the user's consent.

    2) Minimal Disclosure for a Constrained Use
    The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution.

    3) Justifiable Parties
    Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

    4) Directed Identity
    A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

    5) Pluralism of Operators and Technologies
    A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.

    6) Human Integration
    The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.

    7) Consistent Experience Across Contexts
    The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

    I'm with you: Any WWW/Internet-ish global identity management system is gonna need a principle zero:
    0) Anonymity.
    All users are free to opt to retain their anonymity.
    With the understanding that the subsequent rules 1-7 apply only to those users who chose to forgo their principle zero rights.

    1. Re:Anonymity by Linus+Torvaalds · · Score: 4, Funny

      Actually, rule zero is really that there is no global identity management system.

      I thought the first rule of identity is you do not talk about the global identity system.

  11. One more thing by pHatidic · · Score: 4, Interesting
    This was my original post. Zonk changed it to make it more anti-Microsoft:

    "Something strange is a brewin' at Microsoft these days. To see what I mean, check out this video interview with Kim Cameron, Microsoft's Architect of Identity, about Kim's now famous now famous Laws of Identity. Personally, I was so schocked to see Micrsoft come down this hard on the side of open standards and corporate responsibility that I almost choked on my tinfoil hat. Is this the beginning of a new Microsoft? But more importantly, now is the time to start an open and ongoing discussion about the future of digital identity. Is Kim's vision something the Slashdot community could get behind?"