Simplifying the Laws of Identity

Kim Cameron – Microsoft’s Architect of Identity, identity guru and all round decent chap, has been working on a simplified ‘plain english’ version of his Laws of Identity. This is an important piece of work, since it sets a number of key principles into a language easily understandable by all. If you’ve been scared off by the complexity of his work, then read on to see what they look like now.

The laws in their simplified version are as follow:

  • People using computers should be in control of giving out information about themselves, just as they are in the physical world.

  • The minimum information needed for the purpose at hand should be released, and only to those who need it. Details should be retained no longer than necesary.
  • It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.
  • We need choice in terms of who provides our identity information in different contexts.
  • The system must be built so we can understand how it works, make rational decisions and protect ourselves.
  • Devices through which we employ identity should offer people the same kinds of identity controls – just as car makers offer similar controls so we can all drive safely.


[Kim at an EPG event in April 2008]