Wednesday, April 25, 2007

The 7 Laws of Identity: User control in system design

As the level of fraudulent activity online grows, consumer confidence in e-commerce is increasingly threatened. In response, Kim Cameron, Chief Identity Architect at Microsoft developed the 7 Laws of Identity, in cooperation with a number of leading experts from around the world. At the recent Privacy and Security Conference in Victoria, British Columbia, Ann Cavoukian, Information and Privacy Commissioner of Ontario, presented a white paper proposing privacy-embedded laws of identity, based on Cameron’s 7 Laws.

The proposal would create an identity layer in software and web services. Programmers are urged to embed privacy capabilities based on the following seven laws:

Law #1 – User Control and Consent
The user must have control over how much information to provide and under what circumstances.

Law #2 – Minimal Disclosure for a Constrained Use
The user must only provide the least amount of information for a specific purpose.

Law #3 – Justifiable Parties
The disclosure of personally-identifiable information is limited to only those parties that have reason to require it in order to fulfill a specific purpose.

Law #4 – Directed Identity
Web sites and other technology should be unidirectional and shouldn’t be able to access your personal information without your prior consent.

Law #5 – Pluralism of Operators and Technologies
Systems should ensure that users can decide how much personal information to provide, depending upon the context. A “one size fits all” solution is not desirable where your personal information is concerned.

Law #6 – Human Integration
The ways in which users interact with systems must be done in a way that ensures users can more easily detect fraudulent websites and messages.

Law #7 – Consistent Experience Across Contexts
Systems are designed with standards and conventions that are easily recognizable to users, while allowing the user to exercise control between contexts.

More and more of our personal information is accessible than ever before and most of is controlled by others, in both the private and the public sectors. As more of our routine tasks and commerce take place on the Internet, the 7 Laws of Identity are a means for users to take back control of their personal information.

1 comment:

Santhosh Koyilada said...

Nice inforamtion with good tips, and feel free in visiting my blog