Here is the Second Law of Identity as expressed by Anne Cavoukian, Privacy Commissioner of Ontario. The “technology” law is on the left; the “privacy-embedded” form is on the right:
The identity metasystem must disclose the least identifying information possible, as this is the most stable, long-term solution.
DATA MINIMIZATION
The identity metasystem must disclose the least identifying information possible, as this is the most stable long-term solution. It is also the most privacy protective solution.
The concept of placing limitations on the collection, use and disclosure of personal information is at the heart of privacy protection. To achieve these objectives, one must first specify the purpose of the collection and then limit one's use of the information to that purpose,avoiding disclosure for secondary uses. The concept of data minimization bears directly on these issues, namely, minimizing the collection of personal information in the first instance, thus avoiding the possibility of subsequent misuse through unauthorized secondary uses.
Dr. Cavoukian's restatement of the First Law is here. I can't overstate the importance of her collaboration with the identity community. Nothing is more important to getting identity right than getting privacy right. And there's no better way to get privacy right than by working side by side with those who, like Dr. Cavourkian, have been studing, writing about and protecting privacy for many years.
Kim, I have some doubts about the completeness of your Laws: should Portability be included. And, I am also thinking maybe there is an easier way than introduce the whole new Cardspace thing by fixing Passport (YahooAuth). Please see my comment at http://thebiggrid.com/2006/10/how-can-i-talk-to-kim.html and http://thebiggrid.com/2006/10/questions-to-kim-cameron-on-identity.html at The Big Grid. You reply is appreciated.