The Laws of Identity define the architecture for what we call the Identity Metasystem.
The Identity Metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations, and providers. Using this approach, not only will individuals be put in control of their identity, but organizations will be able to continue to use their existing identity infrastructure investments, choose the identity technology that works best for them, and more easily migrate from old technologies to new technologies without sacrificing interoperability with others.
This paper starts from the conclusions reached in “The Laws of Identity”; it presents an open and interoperable architecture for building the metasystem, and it describes Microsoft’s plans to participate in the identity metasystem. (12 printed pages)
Browser version . Printable PDF. Word.
The ideas presented here were refined here in the Blogosphere; in several years of work with the InfoCard, Identity and Access, and Web Services teams at Microsoft; and in meetings with many other identerati across many milieux.
The discussion of the metasystem continues and our documents will be updated periodically to reflect this.
[...] This perspective (creating a common user identity experience) led Kim Cameron to develop his laws of identity from the user’s viewpoint, and then conceptualize the development of an open identity metasystem, which would allow his user interface to connect with and manage a user’s information interoperably with nearly any kind of identity infrastructure that exists or might come to exist in the future. [...]
[...] Which is where ActiveWorlds’ Personal Avatars come in. I can’t tell you which 3D technology is going to become dominant, whether its AW’s, SL’s, There’s, Multiverse’s or one that’s yet to emerge. But whatever it is (or whatever set of such technologies, more likely), we’ll want a way to navigate between them more seamlessly than we can navigate between even 2D Web sites today. I think the nicest way to do this would be to develop some kind of protocol, either for 3D sites themselves or for portability of avatars and identity, just as an “identity metasystem†is being contemplated now. And this is just what ActiveWorlds’ Personal Avatars are for the spaces that run on that platform. [...]
[...] Windows CardSpaces Microsoft’s Naming department definitely got it right this time, renaming Infocard to Windows CardSpaces (WCS). WCS is probably the most underrated of the new .NET Framework 3.0 developer technologies. While Communication Foundation, Workflow Foundation and Presentation Foundation are all fantastic products and a huge evolution on previous solutions in those spaces, WCS has the potential to revolutionize the way we deal with Digital Identity on the Internet today. Well rather, the proposed Identity Metasystem has the potential to revolutionize the way we treat identity on the internet. There’s been previous efforts into that space, think Liberty Alliance and others but none got great momentum on the desktop, something I think Microsoft can achieve with their WCS offering which hopefully will soon be followed by other implementations for other platforms. And of course Liberty and Infocard powered services can of happily co-exist as pointed out here. I haven’t been blogging much the past couple of weeks, this was mostly due to Infocard related work that has been taking up most of my evenings. I’ll be blogging more about the WCS experiences over the coming weeks and a little less about other things. A nice side effect was that I’ve also Infocard enabled the blogs here at dotnet.org.za. The update will be deployed a little later this week, I need to update the code to Beta 2 and change to accepting Infocard’s issued by Microsoft’s new Live Labs Security Token Service. powered by IMHO 1.3 Published Monday, June 12, 2006 9:31 AM by armand Filed Under: General, Microsoft .NET, Windows Vista, dotnet.org.za [...]
[...] Ideally, we move to an identity metasystem (with identity providers and identity brokers) and these companies only know what we let them know about us. Arguably, we can do that today without more software or more technical tools to trickle into mass adoption, simply by not playing - not participating - but that kind of defeats the point of having the conversation, doesn’t it? We need tools to protect us AND that let us do what we want to do online - buy, sell, communicate. [...]
[...] Ideally, we move to an identity metasystem (with identity providers and identity brokers) and these companies only know what we let them know about us. Arguably, we can do that today without more software or more technical tools to trickle into mass adoption, simply by not playing - not participating - but that kind of defeats the point of having the conversation, doesn’t it? We need tools to protect us AND that let us do what we want to do online - buy, sell, communicate. [...]
[...] We’d both spent the day on Monday attending a CardSpace Hands On Lab which was great! Nigel Watling (Microsoft Cardspace Technical guru) did a fantastic job of explaining the Identity Metasystem as well as demonstrating Cardspace and the relative ease of how web sites can use Cardspace. Published Monday, September 04, 2006 4:45 PM by nilsv Filed Under: Architecture [...]
[...] I don’t think anyone could have expressed the big metasystem issues better than Red Hat’s Pete Rowley does here: There has been a lot of focus on user-centric identity in recent months, but let us not forget about the identity metasystem. The identity metasystem concept is important because it recognizes that even if it is desirable for there to be one protocol that everyone speaks, to get there from here requires a pragmatic acceptance that there will be more than one protocol in the meantime. While choice is a marvelous thing in many situations, it isn’t something that the vendor relishes at the protocol level. When the customer comes calling must you turn them away because they speak OpenID and your software speaks SAML? Recalling my blog regarding the Microsoft Open Specification Promise, multiple standards mean your bolts don’t fit your nuts unless you buy them both from the same vendor. The identity metasystem must provide the necessary adapters so that different systems produced by different vendors on different platforms can at least understand each other, even if they don’t speak the same language. [...]
[...] Over 2.5 years ago Kim came to us (me and Doc and a few others) and told us of his dream.  A world where Microsoft would GIVE the world key technology to enable disparate Identity systems to inter-connect together.  A world where a theoretical backplane for Identity systems - would enable any all to come along and play in tha park. [...]
[...] Over 2.5 years ago Kim came to us (me, Dick Hardt, Phil Windley, Doc and a few others) and told us of his dream.  A world where Microsoft would GIVE the world key technology to enable disparate Identity systems to inter-connect together.  A world where a theoretical backplane for Identity systems - would enable any all to come along and play in the same park. [...]
[...] There has been a lot of focus on user-centric identity in recent months, but let us not forget about the identity metasystem. The identity metasystem concept is important because it recognizes that even if it is desirable for there to be one protocol that everyone speaks, to get there from here requires a pragmatic acceptance that there will be more than one protocol in the meantime. While choice is a marvelous thing in many situations, it isn’t something that the vendor relishes at the protocol level. When the customer comes calling must you turn them away because they speak OpenID and your software speaks SAML? Recalling my blog regarding the Microsoft Open Specification Promise, multiple standards mean your bolts don’t fit your nuts unless you buy them both from the same vendor. The identity metasystem must provide the necessary adapters so that different systems produced by different vendors on different platforms can at least understand each other, even if they don’t speak the same language. [...]
[...] Effective, distributed, and automated third-party Identity systems will touch and change just about everything on the Internet. (Tip of the hat to Kim Cameron for the proposal and work behind that link.) [...]
[...] 1. Identity systems that address the goals of Kim Cameron’s Principles of Identity are now largely integration and product management problems. [...]
[...] Windows Cardspace sessie downloads Afgelopen maandag verzorgden we een track op de SDE rondom versie 3.0 van het .NET Framework. Mijn bijdrage bestond uit een presentatie over Windows Cardspace, voorheen bekend als “Infocard”. Windows Cardspace is een implementatie van het Identity Metasystem zoals deze volgens Kim Cameron is voorgesteld. Met behulp van Windows CardSpace is het mogelijk om digitale identiteiten op een centrale plaats op te slaan binnen Windows. Wanneer een gebruiker een bepaald programma wil starten of wil inloggen op de site van zijn bank, dan verschijnt de CardSpace Private Desktop waar de gebruiker een van de beschikbare identiteiten kan selecteren. Hierna verloopt het authenticatieproces geheel automatisch. Nou ja, geheel automatisch… daarvoor moet natuurlijk wel iets gebeuren. De website die Cardspace ondersteunt moet wel in staat zijn om het token (lees: xml string) te interpreteren. De Powerpoint slides en democode die ik gebruikt heb, en laten zien hoe je Cardspace implementeert op een website, zijn te downloaden. Andere voorbeelden, bijvoorbeeld eentje om zelf een secure token service (STS) te maken, vind je op Microsoft’s Cardspace website. Omdat Windows Cardspace gebruik maakt van standaard WS-* protocollen (WS-Security, WS-Trust, WS-MetadataExchange en WS-SecurityPolicy) is het ook mogelijk dit voor Firefox en andere platformen te implementeren. Een Java/Firefox-implementatie is hier te vinden. Ook is er een Firefox extensie die wel gebruik maakt van de Windows Cardspace secure desktop. Andere open source bronnen zijn hier te vinden. Veel plezier. Published Thursday, December 14, 2006 9:49 PM door Sander_G [...]
[...] VRM needs interoperable Identity systems. VRM applies Identity to give users control over both vendor relationships and individual transactions. Vendor selection and discovery turn personal digital RFPs into new relationships while giving vendors you already have a relationship with an opportunity to participate in the process. As new vendors are discovered, they become new relationships, and the wonderful cycle continues. [...]
[...] have read that some feel this system should be called the Identity Metasystem and on my last rereading of Kim’s paper, I mostly think that’s his intent. Mostly. But [...]
[...] Whitepaper: Identity Metasystem (Link). [...]
[...] Case for Privacy-Embedded Laws of Identity in the Digital Age by Commissioner Ann Cavoukian … More Information Archived in eCommerce | Trackback | del.icio.us | Top Of [...]
[...] stimulated more pushback than the other example I used — the increasing success of the WS-* based identity metasystem (which is a lot more newsworthy at the moment). But it’s easy to justify the value of [...]
[...] Kim Cameron’s Identity Weblog ” THE IDENTITY METASYSTEM PRIVACY IN THE LAWS OF IDENTITY … Case for Privacy-Embedded Laws of Identity in the Digital Age by Commissioner Ann Cavoukian … Archived in eCommerce | Trackback | del.icio.us | Top Of Page [...]
[...] (through Kim) to espouse the principles of the 7 laws and articulate the need for and design of an Identity Metasystem. We were the first to release a viable identity selector - Windows CardSpace - and continue to [...]
[...] … contributes to the discussion of Identity and Privacy issues and technology. … The LAWS OF IDENTITY … A PRIVACY-COMPLIANT IDENTITY METASYSTEM … Read [...]
[...] Great to see the recent news of the public interop session that was held at the Catalyst conference. This is testament to the continuing maturation of the Identity Metasystem. [...]
[...] Users cannot effectively manage their own identities as yet, or verify their own identities - institutions are effective brokers in this scenario. The role of the broker and trusted verifier is very important to all user-centric identity management systems such as OpenID and identity metasystems. [...]