The Office of the Ontario Privacy Commissioner has long been a world leader in privacy advocacy, displaying a remarkable ability to anticipate the privacy impact of cutting-edge technologies. Given its track record, the attention being lavished on the release of a new document on identity management is much deserved as it merits wide reading. The Seven Laws of Identity builds on work being done by Microsoft designed to allow Internet users to better manage their online "identities" by limiting the disclosure of personal information ("data minimization"), using better authentication practices, and building in user consent and controls. In recent news reports, the Office has touted the virtues of its Seven Laws of Identity approach, with claims that it will help solve Internet ills such as phishing, pharming, and spam.
As I read the coverage and white paper, I am left somewhat uncomfortable.