Many business operations in
the United States require disclosure of the Social Security
Number or SSN (see the sidebar ???America and Identity Theft??? in
Chapter 1). It often happens that the SSN will end up being
memorized in the user pro?¬?le, even if there??™s no need to know it
beyond the current transaction. It is kept just in case because it
is information dif?¬?cult to obtain. In the most appalling cases, it
is even misused as record key because it is a unique identi?¬?er.
The latter are the worst cases. Not only is the SSN very valuable
information per se, it also provides a key for aggregating and
interpreting identity data stolen elsewhere! That means spreading
the damage across different identity contexts, annihilating
one of the only advantages of today??™s identity silos. Because it is
so dif?¬?cult for information to ?¬‚ow between silos, the scope of
damage is often contained too.
The principle of minimal disclosure for constrained use is very
pragmatic, and the strategic value of the practice is clear. It is
clearly proven architectural wisdom applied to the context of
identity.
Justi?¬?able Parties
Digital identity systems must be designed so the disclosure
of identifying information is limited to parties having a
necessary and justi?¬?able place in a given identity relationship.
Pages:
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178