Laws of Identity

From P2P Foundation
Jump to navigation Jump to search

Laws of Identity

Version for Everybody

Kim Cameron:

"I’ve been working on how to make the Laws of Identity accessible to busy people without a technical background. If you have ideas about how this can be improved please let me know:

  • People using computers should be in control of giving out information about themselves, just as they are in the physical world.
  • Only information needed for the purpose at hand should be released, and only to those who need it, just as we don’t indiscriminately broadcast our private information in daily life.
  • It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would be a big mistake.
  • We need choice in terms of who provides our identity information in different contexts.
  • The system must be built so that as users, we can understand how it works, make rational decisions and protect ourselves.
  • And finally, for all these reasons, we need a single, consistent, comprehensible user experience even though behind the scenes, different technologies, identifiers and identity providers are being used."


Seven Laws of Identity - Kim Cameron

Shortened version of an excellent introductory overview by Kim Cameron at

1. User Control and Consent

Technical identity systems must only reveal information identifying a user with the user’s consent. (Blogosphere discussion starts here…)

2. Minimal Disclosure for a Constrained Use

The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

The concept of “least identifying information” should be taken as meaning not only the fewest number of claims, but the information least likely to identify a given individual across multiple contexts.

We can also express the Law of Minimal Disclosure this way: aggregation of identifying information also aggregates risk. To minimize risk, minimize aggregation.

3. Justifiable Parties

Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

The identity system must make its user aware of the party or parties with whom she is interacting while sharing information.

4. Directed Identity

A universal identity system must support both “omni-directional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. (Starts here…)

5. Pluralism of Operators and Technologies

A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.

The universal identity metasystem must not be another monolith. It must be polycentric (federation implies this) and also polymorphic (existing in different forms). This will allow the identity ecology to emerge, evolve, and self-organize.

6. Human Integration

The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks. (Starts here…)

7. Consistent Experience Across Contexts

The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

As users, we need to see our various identities as part of an integrated world that nonetheless respects our need for independent contexts." (

Fen Labalme's additions

From the entry, 'Four More Laws of Identity', at

8. Freedom

The entity (often a person) using an online digital identity system must be in total control of their information. This implies that not only the data but also the access protocols and authorization mechanisms must not be encumbered by someone else's (IP) rights, unless such restrictions were previously - and explicitly - agreed to.

9. Decentralization

An identity system should be decentralized.

10. Portability

Bridges must exist - or be straightforward to create - between identity systems so that users are not locked into a single provider.

11. Transparency

There should be a clear and (if desired) visible cause and effect relationship in all identity related transactions." (

Drummond Reed's Corrollaries

Drummond Reed has published corrolaries to the above principles, which are listed here at


Dave Pollard on Dave Snowden's theses on Identities in Networks


"Dave Snowden has pointed out that our networks do not include us as individuals, but rather as identities. This means that you may have people networking with you in your various identities e.g. as a parent, as a co-worker, as a member of a project etc. He says we have both formal (formed for us) and informal (self-organized) manifestations of each of three different types of identity:

  • role based (e.g. as CIO or as acknowledged facilitator)
  • membership based (e.g. as employee in a division or as cohort of some association)
  • event or project based (e.g. as part of a project team or as player in a pick-up game)

Dave argues that informal, self-selected, self-organized networks tend to be more effective than formal networks, for various reasons such as greater trust and less hierarchy. But while formal networks can be controlled and directed to some extent by those with appropriate authority, informal networks are much harder to influence. The best way to stimulate and influence them is through what Dave calls boundary conditions (or rules), attractors and barriers, instituted early in the network's evolution.

To be effective, informal networks need to have (I've amplified Dave's list somewhat here):

  • a complex, shared problem, and either a sense of urgency to address it or a strong affinity to make it durable if the problem endures (e.g. the Toronto Maple Leafs' failure to put together a decent team for its fans)
  • a means to measure success, so that progress can be assessed
  • meaningful (to the members) rewards to belong and contribute
  • some constraints on the formation and membership to prevent it becoming uselessly elitist, hopelessly conflicted, an echo chamber, or unwieldy (Dave says the 'natural limit' of a network is 15"


What makes networks so fragile

Continuation of the discussion above, as it applies to the fragility of networks:

Dave Pollard at

"Blog networks probably combine all three types of identity basis: Some people will 'join' (e.g. subscribe to a blog's feed and comment regularly) because they have role affinity -- other knowledge management directors or consultants, for example, subscribing to a KM blog. Some will be attracted by membership affinity -- a shared belief in or love of something, such as Gaia, or vintage cars. Some will be drawn by project/event affinity -- getting Obama elected, for example. My blog covers so much diverse territory that it creates dissonance for some readers ( e.g. those who love my practical articles on KM but loathe my political views). The networks of people it attracts are not always congruent (though I'm surprised and delighted how often they are).

Role affinity draws principally on shared or related actions and behaviours. Membership affinity draws principally on shared beliefs or passions. Project/event affinity draws principally on shared objectives.

What makes informal networks so fragile is that our identities are constantly changing. If I move from a job as Chief Knowledge Officer to one as Facilitator, it's likely to affect which networks I select to belong to. If I give up on the political process, I'm likely to abandon networks whose members still believe in it. Once the election is over, by campaign networks are likely to dissolve. Shared problems eventually lose interest or urgency, or are given up as insoluble, or get solved. Progress may become impossible to measure or impossible to achieve. Rewards may lose their lustre. Or despite membership constraints, the cohesion of the network may just dissipate to the point there is no focus or purpose left.

While informal networks are fragile, formal networks are, usually, ineffective. There is something in human nature that makes us object to being told who we must network with -- it's like being forced into an arranged marriage. Imposed formal networks depend on hierarchy and power, and on sanctions for refusing to work within the prescribed network. Given our affinity for sharing peer-to-peer, this means communication in formal networks is usually forced and dysfunctional -- instructions go down and are (often) ignored, while data is extracted (often) begrudgingly and reported upward. We share knowledge only when and to the extent that we have to.

The most powerful phenomenon in formal networks is workarounds. These are the ways we find to do things effectively despite the formal networks pressuring us to do things (usually) ineffectively. It's not that those high in the hierarchy want us to be ineffective. They just don't know any better. They have never done our jobs so they don't know the best way to do them. And because messengers are shot, they are not told what isn't working or why, so their decisions are inherently flawed by lack of essential information.

Workarounds are what make the world work as well as it does, despite the dysfunctions of hierarchy and size. Courageous organizations (those that are small enough to be able to do it, anyway) recognize this by not establishing any formal networks, by having no hierarchy. They have no need for workarounds, just trust in people's ability to figure out how to do their best given the constraints they have to live with." (

More Information

See the related entries on Reputation, Trust, Privacy, Anonymity

Identity Standards are listed here at

Identity discussion at