Their goal is to give
rise to a system that can enjoy true acceptance while serving the
intended purpose of an identity system to the full satisfaction of
all the parties involved. The seven identity laws de?¬?ne how to
successfully extend the Internet with an identity management
layer. In the remainder of this section, we examine the laws one
by one.
In the following section, ???The Identity Metasystem,??? we describe
a solution that abides by such laws. The Identity Metasystem is
the model of reference for which Windows CardSpace has been
designed.
The ???Laws of
Identity??? white
paper summarizes
the ?¬?ndings of an
open, industrywide
conversation
The laws of identity
are not dogmas.
They derive from
very practical considerations
94 Hints Toward a Solution
User Control and Consent
Technical identity systems must only reveal information
identifying a user with the user??™s consent.
??”The Laws of Identity, Cameron, 2005
This is truly the most fundamental principle of an identity management
system.
The user must be able to decide to whom he discloses information,
which speci?¬?c data is being shared, when exchanges take
place, what the purpose is for which the information is gathered
in the ?¬?rst place, and what the trail is that a speci?¬?c transaction
may leave behind.
Pages:
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171