I came across an MSDN article The Law of Identity. It was an interesting reading, especially in the context of how .NET Passport breaks many of the laws. It helps explain why it failed in its mission to become the single sign-on mechanism on the Web.

The second Law of Identity is "minimal disclosure for a contained use". With Passport, the user cannot control how personal information is disclosed; in fact, all information is disclosed. According to the Law of Identity, the user should be able to control when and how much personal information to disclose.

The third Law is "justifiable parties," that is, user information should be shared only among the parties that need the information. Since Passport is a proprietary technology of Microsoft, it doesn't make sense to most non-MSN sites since Microsoft is always involved.

The fifth Law is "pluralism of operators and technologies". This is in direct conflict with Passport’s mission to become the single, centralized sign-on technology. Passport's biggest strength turned out to be its biggest weakness: single point of failure. The Law of Identity proposed a more federated metasystem.

The sixth Law is "human integration" in terms of "offering unambiguous human-machine communication mechanisms offering protection against identity attacks." With Passport it is too easy for hackers to create phising sites.