The Laws of Identity

I've been working on how to make the Laws of Identity accessible to busy people without a technical background.  If you have ideas about how this can be improved please let me know:


People using computers should be in control of giving out information about themselves, just as they are in the physical world.


Only information needed for the purpose at hand should be released, and only to those who need it, just as we don’t indiscriminately broadcast our private information in daily life.   


It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet.  A single identifier that stitches everything up would be a big mistake. 



We need choice in terms of who provides our identity information in different contexts.


The system must be built so that as users, we can understand how it works, make rational decisions and protect ourselves. 


And finally, for all these reasons, we need a single, consistent, comprehensible user experience even though behind the scenes, different technologies, identifiers and identity providers are being used.


[UPDATE:  important comments integrated and new version here.]

Published by

Kim Cameron

Work on identity.

2 thoughts on “The Laws of Identity”

  1. I don't like the wording in the last paragraph. It makes it real easy to infer that all user interfaces must be identical. Consider the dashboard and other controls in a car. You can rent a model that you've never been in before. Yet you will be able to understand and operate the controls safely without having to read the user's manual. I think it's the words “single” and “consistent” that cause problems.

    How about language along the lines of “Users must be able to comprehend, safely operate the controls. and make informed decisions regardless of the underlying platform or protocols”?

Comments are closed.