Monday, January 24, 2005

imho Further thoughts on Cameron’s “laws of identity”


It’s been interesting to see everybody’s comments on Cameron’s “laws of identity.” Some further comments from yours truly.

First, I’ll have to take issue with Jamie Lewis’ contention that Kim’s terming his principles “laws” was a “minor conceit.” In fact, Kim meant “laws” in both senses of the term:

• Descriptive (i.e., empirical) principles characterizing the actual dynamics of (identity) system behavior (in this case, the behavior of users accepting or rejecting that system);
• Prescriptive (i.e., imperative) principles governing the desired dynamics of (identity) system behavior (in this case, an identity system designed to support user self-empowerment and be privacy-friendly)

And there’s nothing wrong with Kim proposing identity principles (aka “laws”) in either sense. However, as I said in a previous post, I still haven’t seen any evidence for real-world IdM systems that have failed to gain acceptance because they failed to implement Kim’s descriptive “laws.” But, as I also said, I applaud Kim’s development of prescriptive “laws” to promote user self-empowerment and privacy protection. In other words, Kim’s development of “architecture principles” (Jamie’s term) to guide IdM planning, design, implementation, and administration. Kim’s use of the uppercase word “MUST” in each “law” gives away the prescriptive nature of what he’s proposing.

Second, it occurs to me that Kim’s prescriptive/imperative “laws” revolve around a core IdM principle that one might describe as “the law of identity opacity”:

• Universal identity systems must allow users to opaque (or reveal) as much or little of their identity as they wish at any time, for any reason, from any other party, and for any duration.”

With this as the core principle, we can derive four of Kim’s six (so far) principles: the “law of control,” “law of minimal disclosure,” “law of fewest parties,” and “law of directed identity.” However, the “law of pluralism” doesn’t follow from this (it really should be called the “law of identity federation”), nor does the “law of human integration” (it should be called the “law of identity idiotproofing,” or is that too condescending?).

These laws/principles can sustain Lewis' "motherhood" test. Reasonable people can suggest and defend contrary positions:

• Contrary to the "law of identity opacity": identity transparency (i.e., no secrets, concealment, or privacy) promotes universal accountability, auditing, and security, which is valuable from the point-of-view of law enforcement (aka "Big Brother")
• Contrary to the "law of identity federation": identity aggregation (i.e., one big identity vault) promotes universal SSO, which is valuable from the point of view of all users
• Contrary to the "law of identity idiotproofing": identity multifactoring (i.e., onerous multi-step registration, validation, and login procedures with IDs, passwords, PINs, biometrics, etc.) promotes a high degree of authentication assurance, which is valuable from the point of view of relying parties, and also end users

Anyway, Kim's principles are a sound basis for further development of the universal IdM governance structure. I’m curious what else Kim has up his sleeve. And whether/how/when IdM vendors are interpreting/implementing these in their solutions (the laws of identity federation, idiotproofing, and opacity, or, per the universal law of analyst self-aggrandizement, “Kobielus’ meta-laws of identity governance”).