7 laws of identity
1 User Control and Consent
Technical systems must only reveal information with the user’s informed consent.
2 Minimal Disclosure for a Constrained Use
The solution which discloses the least amount of information and best limits its use is the most stable long term solution.
3 Justifiable Parties
Systems must be designed so the disclosure of information is limited to parties having a necessary and justifiable place in a given relationship.
4 Directed Discovery and Authorization
A system must support both “omni- directional” information sets for general use and “unidirectional” information sets for use within specific private authorization relationships, thus facilitating discovery while preventing unnecessary release of correlation handles.
5 Pluralism of Operators and Technologies
A universal system must channel and enable the inter-working of multiple technologies run by multiple providers.
6 Human Integration
The system must define the human user to be a component of the distributed system integrated through unambiguous human- machine communication mechanisms offering protection against attacks.
7 Consistent Experience Across Contexts
The system must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.
Link to original