The Fewest Parties Law of Identity
Technical identity systems MUST be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
My own understanding of this law is one of the happy by-products of what I think of as my “Passport Aha”.
On the one hand, Passport has always been a system for authenticating to Microsoft's “Internet properties”, and was immediately successful in this role.
On the other, it was positioned as an early identity service. Given my long-term interest in identity, I was personally skeptical about this broader use of Passport. It's proponents argued that a centralized Internet service could act as an identity broker mediating between consumers and relying parties. They thought that life would be a lot easier (and more secure) if :
consumers had a strong identity relationship with Passport ; and
web sites started to use Passport identities to recognize their customers.
There were only two problems with the concept. The first was that web sites didn't really want Passport mediating between them and their customers. And the second was that consumers didn't see what Passport was doing there either.
Put in terms of the Third Law of Identity, beyond the perimeter of Microsoft's own sites, few saw Passport's presence in an identity relationship as being necessary or justifiable.
Some observers who are less than enraptured by Microsoft have explained this rejection of Passport by citing a widespread distrust of Microsoft. But I don't subscribe to that explanation. There are, after all, a couple of hundred million active Passport accounts on any given day – the scale is amazing. But consumers use the accounts to access Hotmail and other properties owned by Microsoft – again, in accordance with the Third Law, where Microsoft's participation in the identity relationship is necessary and justifiable.
I argue that all of us involved with identity should “listen up” to this experience and come to understand the Third Law.
For example, it is natural for governments to operate identity services. And it is natural for people to use government-issued identities when doing business with the government. But in my view, it will not be seen as “necessary and justifiable” to insert a government intermediary between family members seeking to verify identity or between a consumer and his hobby or vice. Thus the success of government-run identity systems will be determined by governments’ understanding of the Third Law.
The same is true of other identity providers. For now, I leave it as an exercise for the reader to explore the applicability of this law to various potential candidates for provision of identity.