Day: May 17, 2005

I just saw that Jamie Lewis has posted this set of links to articles on DIDW by Between the Lines – Phil Becker's keynote, the discussion of federation standards, John Shewchuk's keynote and Jamie's Wednesday keybnote.

I look forward to Jamie's presentations for their panoramic scope – a rare pleasure – and invariably find myself on the edge of my seat waiting for the pithy new metaphor he has discovered.

And this year, it was the idea that the current debates over protocols deserve about the same degree of interest as do arguments over the chemical composition of asphalt amongst those building a network of highways for the nation. Even here, it isn't the roads themselves that are the final product. It's the “neat cars and trucks” that run on them.

Today's post adds clarification to some of the coverage:

I … want to clarify one thing that Chris Jablonski said in his post summarizing my keynote. Chris summarized something I said this way:

However, he cautioned that achieving meaningful implementation by the end of the decade will depend on how long the vendors want to fight over building the road (standard framework) as opposed to building neat cars and trucks (more proprietary solutions).

Actually, the “neat cars and trucks” aren’t proprietary systems in the analogy I was using. My point was this: Arguments over the chemical composition of asphalt (the protocols necessary to build the standard framework) is of little value to customers who need a solution to a very real problem. What customers want is products and services that solve their identity problems (the cars and trucks that actually help people get somewhere) but that work in an interoperable system (cars that run on the public road). So in the analogy, I was trying to encourage the vendors to quit arguing over how to build the road, settle on what asphalt formula we’ll use, and focus instead on building the interoperable solutions that solve a real problem, which customers will want to buy.

And in that light, the interoperability profile for Web-based SSO between Liberty and the WS-* frameworks that Sun and Microsoft announced today are certainly encouraging. More on that later.

Want some links? Doc Searls has been assembling some over at Doc Searls’ IT Garage (the blog where he discusses identity issues):

Here's a pile of links on the Identity Conversation, coming out of last week's DIDW conference in San Francisco…

• Seven Laws of Identity, by Kim Cameron
• Microsoft's Vision for an Identity Metasystem, by Microsoft Corporation
• Laws of Identity white paper, by Kim Cameron, at the Microsoft site
• Microsoft's enlightened identity metasystem, by Dan Farber, in ZDNet
  • See also Dan's Microsoft’s Identity Chief: After Passport, Microsoft is rethinking identity
  • More background: Federation of Identities in a Web Services World, A joint whitepaper from IBM Corporation and Microsoft Corporation (with 16 authors)
• What is Microsoft InfoCard, by Johannes Ernst
• Something in the Air, by Steve Gillmor
• Microsoft sells ID mgmt. plan, by John Fontana in Network World
• DIDW 2005: Kim Cameron's 7 laws of identity, by Scott Mace
• Whitepaper on the laws… and more, by Kim Cameron
• Closing Session – Summint It Up, Doc Searls (Linux Journal), by James van Kessel
• The Laws Live, by Drummond Reed
• Fare the well DIDW, by Timothy Grayson
  • Themes in Identity
  • DIDW theme update
• Identity Commons Announces Interoperability of i-Names and LID
• OpenLDAP.buzz(Microsoft ID Mgmt Plan)
• A Thread You Should Follow, in Security Identity Focus Connection
• ID Gang, by Marc Canter
• Microsoft calls for online identity overhaul, by ixo blog
• Microsoft calls for online identity overhaul, by Tom Sanders for VNUNet
• Microsoft: Your new best friend for online identities, by Silicon Valley Sleuth
• Identity Ontology Taxonomy, by P.T. Ong
• ZDNet Interview with Kim Cameron. Part 2. By Stefan Brands in Identity Corner.
• fyi Microsoft Sells ID Mgmt Plan, by James Kobielus.

On the one hand, it's clear that most of the folks following this thing are giving Kim and Microsoft a lot of slack (no “Passport 2.0” this time around, thankfully). On the other hand, we still have a long way to go.

He's right. We do.

Doc did an amazing couple of sessions on the final day at DIDW – I wonder if Phil Becker will eventually make them generally available as podcasts? That would sure be cool – though it's a lot to expect out of a conference – even a forward thinking one like DIDW.

By the way, in case you don't know me personally, I want to make sure one thing is pretty clear. When I look at the “Kim Cameron World” aspect of what happened at last week's DIDW (as described, humorously, by Dave Kearn below) I hope everyone sees my name as being symbolic – a convenient shorthand for referring to the work a great number of us have done together to get the identity metasystem and laws off the ground.

This doesn't mean I don't appreciate the personal gestures and remarks – I am completely overwhelmed by the generosity of my colleagues across the industry.

Few are better at rooting out half-baked ideas than Dave Kearn of Network Fusion and Network World. When he shoots a barb your way, pay attention. First of all, it will be too witty to ignore. More important, it's sure to contain at least one important idea.

So it's been great having Dave along in the part of the identity odyssey we've completed so far. I've counted on him to point out the parts of the discussion which are flabby, ill-expressed or don't hold together – and for offering remedies from his long experience in the trenches. In this regard, Dave is very well known as a neutral and trustworthy commentator by all those who deploy and manage identity systems.

I'm very moved by his kind personal comments in the piece below. But above all, I'm proud that through this conversation we have been able to earn his support for the laws as a place from which to begin structuring an ongoing identity conversation that doesn't always revert to page zero. Here's what he says in his latest newsletter.

I spent an enormously enlightening week at Digital ID World in
San Francisco last week. Actually, it probably could have been
renamed “Kim Cameron World.” The soft-spoken Microsoft identity
architect has taken the world (or, at least, that small corner
of the world populated by those of us who think identity is key)
by storm with his promulgation of the Seven Laws of Identity
(link to Cameron's identity blog below).

Not only was his session on the laws filled to overflowing by
those eager to understand their nature, but also the laws were
the central theme of Burton Group CEO Jamie Lewis’ opening
keynote and Linux Journal Editor Doc Searls’ closing summary.
Cameron also walked away with a Digital ID World award.
According to the show organizers, the awards are “…dedicated
to recognizing those individuals or organizations that have made
a significant contribution (technology, policy or social) to the
digital identity industry.”

Cameron's contribution goes well beyond the content of the laws
themselves. He's fostered, almost single-handedly, a constant,
globe-circling conversation taking place not only in the
metaverse of the blogosphere (where the “listener” sometimes
feels they're at a virtual tennis match as they snap back and
forth from one blog to another) but also in the physical world
where any two or more people with an interest in defining
identity (and identity solutions) gather.

In the lobbies of the San Francisco Hyatt Regency, you could see
and hear small groups of attendees talking about one law or
another, what it might mean or where it might lead. In the
almost 20 years that I've been involved with identity, this is
the most exciting event to have occurred.

I urge all of you to get involved in this conversation. For
consumers of identity products, the seven laws give you the
foundation for the questions to ask of any vendor looking for
your business. For vendors, the laws provide a working context
for designing the next version of your products and services.
For all of us, the laws force us to look at our own beliefs
about identity and re-think them. Get involved in these
conversations or risk being left behind.

In his post today, Eric Norlin of Ping gets right to the essence of the seventh law:

So *everyone* was talking about Kim's laws at last week's show, but one aspect of the whole thingy (btw – a “thingy” is totally different than “thingifying” something 😉 that really stuck with me is the Mysterious Law 7 (or something containted within it):

7. Consistent Experience Across Contexts

The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

At first glance (or mine at least), i thought this was just about user interfaces – and i admit to not quite getting it…but hey – by the time you've made it through 6 laws you're exhausted – you don't care what they slip by you on law 7! 😉

Yes, this is indeed a problem.

Buried within law 7, however, may be the most significant thing about the laws — the fact that for the first time in identity technologies we're aiming for something that spans *both* the enterprise and end-user. (quoting Jamie quoting Inigo Montoya) Lemme sum up:

In the short history of identity technologies, there has generally been 2 universes: the end user and the enterprise. Think firefly (aka passport) vs. the metadirectory. the closest attempt we've really had is the Liberty Alliance's work (SAML is admittedly not a “user facing” technology) — but frankly, it just hasn't caught on with the “end-user” (does it violate a law? dunno – that's a totally different conversation).

In the metasystem we have, for the first time, a unifying construct that A) solves enterprise problems and is necessary and B) becomes an incredibly powerful end-user facing technology. The vehicle for this is WS-Trust; the now oft-called “STS” or “secure token service” — what i've taken to calling “project cadillac.”

In essence, the STS exchanges tokens within the enterprise “onion layers” of security, thus enabling the use of identity tokens all the way back into the fossilized layers of mainframe security. Simultaneously, the STS exchanges tokens as the user moves throughout his/her differing domains.

I don't think i can emphasize *how* important this is…..this isn't the “mosaic” moment (where we realize the internet's potential by seeing it), but it is an important point of coalescence that surely is closely related to the mosaic moment (big bang) for identity. Digital Identity has not had this available before, and this convergence should not be underestimated.

Law 7 says that the metasystem really can be distributed, belong to no one, AND unifying and universal. No more sith (enterprise) vs. jedi (end user) – this could become the end of Return of the Jedi (without the ewoks, hopefully).

so – that's what i learned last week — how HUGE law 7 is……..

could we really be on the cusp of something big? god, i hope so.

Exactly. Enterprise identity systems normally”deal with” employee end-users – who go home at night and jump into consumer-to-enterprise and even peer-to-peer identity relationships. If we stop tying UX and protocols to these various silos, we can imagine that a user-centric paradigm would replace the scenario-specific paradigm. A user-centric identity paradigm could remain consistent across these various scenarios, resulting in portability of understanding across them. This is just one example of what happens when identity systems begin to benefit from synergy – the magical ingredient which has so far remained just beyond their reach.

My readers know how hard it was for me to name the seventh law and put it into words. The implications of introducing synergy are huge. With a little help from our friends we've been able to get closer to the bone and jettison a bunch of verbiage. Eric's contribution here makes it clearer still.