Mike Jones from Microsoft hopped up at the Internet Identity Workshop to share Microsoft's "Laws of Identity":
- User control and consent
- Minimal disclosure for a defined use
- Justifiable parties
- Directional identity
- Pluralism of operators and technologies
- Human integration
- Consistent experience across contexts
These tenets are what Microsoft states are behind InfoCard, its own persistent identity initiative, which has the goal of a consistent user experience. In the identity metasystem that Jones articulated, you have have subjects, identity issuers, and relying parties. It takes out one player from the dynamic that Dick Hardt described. It also requires that you tie your identity to a particular device, since it's meant to be a "real-world metaphor of physical cards."
There's more about Microsoft's InfoCard effort at the Identity Weblog.
This is all well and good, but what I really would have liked to hear is about why Passport fails to meet these needs - why isn't Passport a market-driven industry standard for identity? Was it because no one wants to trust Microsoft with their identity, or is there an underlying design issue? And what is conceptually different between Passport and InfoCard?
Tags: christine herron christine.net space jockeys identity iiw2006 best practices technology infocard microsoft