http://www.identityblog.com/?p=353 Kim Cameron Microsoft
Digital identity systems must only reveal information identifying a user with the user’s consent
The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.
(different card types with different tokens)