I read an excellent White Paper on The Vocabulary of Identity Systems Liability, published by OIX, The Open Identity Exchange. The lead authors are Thomas Smedinghoff, Mark Deem and Sam Eckland.

Liability is often named as the unknowable threat to the viability of federated identity arrangements. The  uncertainty around liability is partially caused by lack of understanding of the term and how it is applied in law.

This white paper uses accessible language to walk the reader through definitions, common concerns, methods to assess and contain, and how liability is handled in General Public Law, ID-Specific Public Law, and Contracts (Private Law).

It is a must-read for anyone involved in policy for trust frameworks, federations or other related structures.

For the ‘liability’ that many think of, the actual term may be “Fault-Based Liability” – where one party is ‘at fault’ for losses incurred by another party.

The four conditions that must be met (quoting from page 7 of the white paper):
1) The business had a legal duty to the other party to act (or to refrain from acting) in a certain way;
2) It breached that duty;
3) The other party suffered an injury or loss; and
4) The business’ breach of duty was the ‘proximate’ (i.e., legally recognized) cause of that other party’s loss.

The paper then goes on to elaborate and also discuss how damages are treated.

Excellent work and, I hope, widely circulated to help inform legal and identity practitioners.