On this page
Hellō and the Laws of Identity
In 2005, Kim Cameron led an industry discussion to create the “Laws of Identity”. One of the Hellō tenets is to follow these laws. Here is how we comply with each one.
1. User Control and Consent
Law summary:
Technical identity systems must only reveal information identifying a user with the user's consent.
Hellō only releases your data with your explicit consent. We track all data released, allowing you to review what you disclosed, when, and to whom.
2. Minimal Disclosure for a Constrained Use
Law summary:
The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.
Hellō can limit disclosure of personal information to just what’s needed. For example, an application needs to verify that you are over 21. Sharing your entire digital driver’s license could prove this but also discloses a lot of unnecessary identifying information.
Instead, Hellō will be able to calculate if you are over 21 from the date of birth on your license and share just that information.
3. Justifiable Parties
Law summary:
Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
Hellō stops your data from “leaking” between the different services you use. Continuing the previous example, while you do want to prove to the application that you are over 21, the application does not need to know who issued your digital driver’s license, and the issuer does not need to know which applications you are using.
Hellō looks like the application to the issuer, and like the issuer to the application, so that neither the application nor issuer learns about the other.
4. Directed Identity
Law summary:
A universal identity system must support both “omni-directional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
Hellō creates a unique, unidirectional identifier for you for each service provider you share data with. If you do not share any omnidirectional identifiers – such as an email or phone number – with the service provider, they can not easily combine data sets with other service providers.
5. Pluralism of Operators and Technologies
Law summary:
A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.
Hellō is a universal identity system that encapsulates all current and emerging identity technologies and services. You can unlock your Hellō wallet with any provider, including Google, MetaMask, or your mobile phone. You can prove who you are with what you have, including government-issued physical cards, mobile wallets, or your online bank.
6. Human Integration
Law summary:
The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.
With Hellō, it’s clear what data you are sharing and with whom. We use proven, well-known interaction patterns you are already familiar with – and will evolve the experience as new threats emerge to ensure you continue to make informed decisions when sharing your data.
7. Consistent Experience Across Contexts
Law summary:
The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.
Hellō gives you the same experience everywhere that accepts Hellō. No longer will you need to learn a new login and personal data interface for every application you use.