Posted 11:29 AM

Human integration and Instantiation

Kim Cameron's now posted the Sixth Law of Identity:

The Law of Human Integration

The universal identity system MUST define the human user to be a component of the distributed system, integrated through unambiguous human-machine communications mechanisms offering protection against identity attacks.

Kim explains what he's getting at: "...we have done a pretty good job of cryptographically securing the channel between web servers and browsers - a channel that might extend for thousands of miles. But we haven't done a very good job at all of setting up the two or three foot channel between the browser and the human who uses it. And this is the channel that is attacked by phishers."

But he seems to posit that any transaction with an identity component would involve human interaction - that would be a tremendous step back into the dark ages! We've had machine-to-machine transactions for 40 years and more, why should we stop now? It's also true that identity transactions will not necessarily take place within a web browser.

Still, if you modify the language a bit, requiring unambiguous communication when a human is involved in the transaction, it might be more palatable.

However, there's a danger of a tautological transaction as an unambiguous exchange is needed to authenticate the user to the identity store so that the user can be authenticated!