Showing posts with label kim cameron. Show all posts
Showing posts with label kim cameron. Show all posts

18 August 2008

ID Cards Break the Laws (of Identity)

Regular readers of this blog will know that I follow the wacky world of ID cards and related matters quite closely, and it will come as no surprise that the following "short version" of the Laws of Identity by Mr Identity himself, Kim Cameron, piqued my interest:


People using computers should be in control of giving out information about themselves, just as they are in the physical world.

The minimum information needed for the purpose at hand should be released, and only to those who need it. Details should be retained no longer than necesary.

It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.

We need choice in terms of who provides our identity information in different contexts.

The system must be built so we can understand how it works, make rational decisions and protect ourselves.

Devices through which we employ identity should offer people the same kinds of identity controls - just as car makers offer similar controls so we can all drive safely.

What struck me was how badly our dear ID cards will do against these, especially:

It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.

I think we can safely say that however they implemented, the UK ID card will comprehensively break these laws of ID, not least through the process of "stitching everything up"...

04 April 2008

Microsoft on the Side of the Angels

No, really:

In recent years Microsoft has shown every sign of knowing which way is up when it comes to identity management. The company already has on board Kim Cameron, its chief architect of identity and one of the key thinkers in the field, and with the arrival of Dr Brands - who joins Cameron in the company's Connected Systems Division - it adds a second. Cameron cleared up the mess and set the new rules after Microsoft's monolithic, centralised and panoptical Hailstorm ID management policy collapsed under its own weight. Dr Brands is author of the seminal Rethinking public key infrastructures and digital certificates, and the developer of 'blind' or 'minimum disclosure' credentials.

Together, these support a privacy-friendly and user-centric view of identity management - the antithesis, effectively, of the controlled, centralised vision that's currently crashing and burning at the Home Office.

Now all we have to worry about are the patents....

Anyway, great article - worth reading all of it.