Ping Identity Bill of Rights and Principles
Tue, Jan 8, 2002; by Andre Durand.
Credit
Andre Durand, Phil Becker, Bryan Field-Elliot, Griffin Caruolo, Doc Searls, Tom Wills, David Feldt.
Digital Identity
Rights, Responsibilities and Operating Principles
Version .94 - January 17, 2002
DRAFT – DO NOT DISTRIBUTE YET
Future License to Use This Document (when complete) Copyright (c) 2002, Ping Identity Corporation. All rights reserved. Use and redistribute this document freely and without modification as long as the following conditions are met: 1. Redistributions of this document must retain all elements of this license, including the above copyright notice and this list of conditions. 2. You must make appropriate attributions to Ping Identity Corporation by making the “PINGID” brand visible in accordance with the instructions located at: (http://www.pingid.org/branduse/).
Questions and Comments
Please send questions and comments to andre@durand.com.
Begin
So that Digital Identity systems are created and used in such a way as to protect and provide for individual rights to privacy, security and control we have enumerated the following rights and responsibilities. Among these are the rights to privacy and protection from misuse and the responsibility for accuracy and accountability of our Digital Identities.
DEFINITIONS
Agency – “Agency” shall mean anyone who is designated by You to manage your Digital Identity, for your sole benefit.
Authenticate – “Authenticate” shall mean any generally acceptable means of verifying, certifying or otherwise validating a Digital Identity or any aspect of a Digital Identity
Digital Identity – “Digital Identity” shall mean any globally unique electronic identifier of any uniquely distinguishable entity. (e.g. Digital Identities can exist for an individual, a group (company or organization), a device, an application or a service.)
Digital Notary - “Digital Notary” shall mean any trusted or otherwise recognized or authorized entity which has the ability to verify, certify or otherwise authenticate the relationship between You or something that belongs to You and it’s corresponding Digital Identity.
Host – “Host” shall mean anyone or anything which hosts, holds or maintains a Digital Identity which belongs to You, or any aspect of a Digital Identity which belongs to You with your permission and authorization. (For example: You may be the owner of your Digital Identity, however, you may select another person, company or even another company’s web server to host your Digital Identity on your behalf.)
Reputation – “Reputation” shall mean any collection of information about your Digital Identity, whether positive or negative, which shall serve to inform others of their opinions about your Digital Identities. Reputation shall serve as a foundation for trusted interactions between Digital Identities.
You – “You” shall mean You as an individual, or You a duly authorized representative of a group, company or organization, or You the owner of anything which has a Digital Identity, through which all rights, responsibilities and adherence to these operating principles are vested.
Vouch – “Vouch” shall mean any third party endorsement of a Digital Identity.
OPERATING PRINCIPLES
1. Every interaction with a Digital Identity requires a Digital Identity.
2. Every interaction between Digital Identities shall be conducted as a fair negotiation amongst equals.
RIGHTS & RESPONSIBILITIES
1. RIGHT TO DIGITAL IDENTITY - You have the right to create and use a Digital Identity for You and for anything which belongs to You. If You choose to maintain a Digital Identity, You agree to maintain accurate and timely information. As a consequence of choosing to maintain a Digital Identity, You accept full responsibility and accountability for the actions and communications of your Digital Identity. You have the right to refuse the creation and use of a Digital Identity for You or anything which belongs to You. However, as a consequence of this right, others have the right to choose not to interact with You, or to do so in a limited or restricted manner without being considered discriminatory.
2. RIGHT TO CONTROL - You have the right to control every aspect of your Digital Identities except for, once created, their Reputations. Control includes what information is contained within your Digital Identities, who is the Host, who is the Agent (if any) and who has access to what information.
3. RIGHT TO AUTHENTICATE - You have the right to Authenticate the relationship between You and your Digital Identity and between a Digital Identity and anything that belongs to You. Authentication may include a Digital Notary or any other recognized and generally accepted means. You have the right to refuse to Authenticate the relationship between You and your Digital Identity, or between a Digital Identity and anything which belongs to you. However, as a consequence of this right, others have the right to choose not to interact with You or your Digital Identities, or to do so in a limited or restricted manner without being considered discriminatory.
4. RIGHT TO FULL USE AND CAPABILITY – You have the right to a Digital Identity which has the same attributes, capabilities and benefits of any real identity, or the real identity of anything which belongs to You.
5. RIGHT TO AN ACCURATE REPUTATION – You have the right to have an accurate Reputation. You agree that your Reputation is a result of your actions and communications. As a consequence of the right to an accurate Reputation, You agree that our Reputation may become either positive or negative. You have the right to carry aspects of your Reputation with your Digital Identity or to refuse to carry aspects of your Reputation with your Digital Identity. However, as a consequence of refusing to carry all or part of your Reputation with your Digital Identity, others have the right to not interact with You or your Digital Identities, or to do so in a limited or restricted manner without being considered discriminatory.
6. RIGHT TO INTERACT AS EQUAL - You have the right to have your Digital Identities interact with other Digital Identities in a fair and equitable manner, consistent with a negotiation amongst two equal peers.
7. RIGHT TO VOUCH FOR A DIGITAL IDENTITY - You have the right to vouch for Digital Identities that do not belonging to You by Signing or Certifying their Digital Identity. You also have the right to revoke a prior vouching of Digital Identities that do not belong to You. You have the right to permit others to vouch for your Digital Identities and others have the right to revoke their prior vouching of your Digital Identities. As a consequence of You permitting vouching of your Digital Identities, a Reputation may be created which is either positive or negative. Vouching cannot be done anonymously.
8. RIGHT TO PERMIT USE - You have the right to specify how your Digital Identities will be used, where they will be used, when they will be used and by whom. You have the right to know when your Digital Identities are used, where they were used and by whom. Similarly, you have the right to restrict or limit the permitted use of your Digital Identities in any manner you wish. However, as a consequence of these rights, others have the right to not interact with You or your Digital Identities, or to do so in a limited or restricted manner without being considered discriminatory.
9. RIGHT TO PRIVACY AND ANONYMOUS INTERACTIONS – With the exception of the Basic Required Information created with each Digital Identity and a Digital Identities Reputation, you have the right to keep your Digital Identities private, or any aspect of your Digital Identities private. You also have the right to interact with other Digital Identities as an anonymous entity except when vouching for another Digital Identity. However, as a consequence of this right, others have the right to choose not to interact with You or your Digital Identities, or to do so in a limited or restricted manner without being considered discriminatory.
10. RIGHT TO DESIGNATE AN AGENCY - You have the right to choose an Agency to Host and manage your Digital Identities on your behalf and for your sole benefit. Agencies are not responsible for the reputation or communications which derive from your Digital Identities, but shall manage your Digital Identities in accordance with your instructions and permission.
11. RIGHT TO DESIGNATE A POWER OF ATTORNEY - You have the right to assign a power of attorney to your Digital Identities, allowing this power of attorney to act on your behalf in his or her interactions with your Digital Identity in the same way a power of attorney acts in real-life.
END
 
Created 1/8/2002; 10:38:57 AM. Updated Friday, January 18, 2002 at 7:09:05 AM
(C) 2008 Andre Durand - Federated Identity Management
|
