Sxip's Fourteen Requirements
Dick Hardt and John Merrells of Sxip recently published Fourteen Design Goals for web-based identity systems. As Dick says in his blog entry, these are offered with a nod to Kim Cameron's Seven Laws. I've pulled out the 14 requirements from the doc -- see the doc for more in-depth discussion:
1. Provide a mechanism for presenting users with the information that is being requested.
2. Provide a mechanism for users to identify the recipient of the identity information they
release.
3. Provide a mechanism for relying parties to inform users of the reason for requesting the
information and how the information will be used.
4. Provide a mechanism for users to compartmentalize their identity information according
to the context of the interaction.
5. Provide a mechanism that ensures that user information is only released after the user
consents to its release.
6. Provide a mechanism for the user to specify what the relying party can do with the
information.
7. Provide users with a mechanism for granular control over the information that they are
releasing.
8. Provide a mechanism for separating the transaction for acquiring a claim from the
transaction for presenting a claim.
9. Provide users with the ability to choose their identity storage agent.
10. Provide pairwise identifiers for anonymous identity transactions.
11. Provide identifiers for public identity transactions.
12. Provide interoperability with existing platforms and standards.
13. Provide a low barrier to entry.
14. Provide a consistent user experience by ensuring that the user always sees the same
agent, regardless of the context.
Comments
testing
Posted by: karen | April 13, 2006 04:30 PM