Laws of Identity

​From time to time, I am asked; Can we change this to Ping, Dell CAM, <fill in whatever>?  The answer is usually, yes.  Why?  Most modern Single Sign-on products adhere to Kit Cameron’s Laws of Identity.  As such, there is high degree of compatibility between all true SSO.  Incidentally, this is also why Accela’s product has never been SSO, they fail to implement the industry accepted Laws of Identity.
 
I have sent this because in seven bullet points, you have strong guidance of what makes modern identity management system and what it should be able to do. Also, please note the reference source, in my graduate program there is a definite focus on clear communications. 😀
 
Kit’s laws of identity are as follows:

1. User Control and Consent: Technical identity systems must only reveal information identifying a user with the user’s consent
2. Minimal Disclosure for a Constrained Use: The solution which discloses the least amount of identifying information and best limits its use is the most stable long-term solution
3. Justifiable Parties: Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship
4. Directed Identity: A universal identity system must support both ‘omnidirectional’ identifiers for use by public entities and ‘unidirectional’ identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles
5. Pluralism of Operators and Technologies: A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers
6. Human Integration: The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human–machine communication mechanisms offering protection against identity attacks
7. Consistent Experience Across Contexts:   The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

(Lacey 177-178)
Lacey, David. Managing the Human Factor in Information Security: How to win over staff and influence business managers. John Wiley & Sons P&T, 2009-02-17. VitalBook file.