Here's some more interesting thinking by Andre Durand – CEO of Ping.
Bryan, David and a few others over here in Pingland were kicking around some afternoon whiteboarding ideas on InfoCards. Figured since I'm getting back into my bloghead, I'd start posting a bit more…
- It centers on the user. Users rule.
- It can stop Phishing attacks cold — as we know them today
- Its better than Gator-like utilities or IEs auto formfill for new account registration
- It provides users with the convenience of SSO
- It eliminates the need to manage weak passwords
- Its a branding opportunity for 3rd party Identity Providers
- And of course, the client will be built into every Windows desktop
Challenges to overcome
- How to roam and maintain your InfoCards
- How to recover if something bad happens to your computer
- How to enable InfoCards on other operating systems
- How to streamline the 1st time user experience
- Existing consumer-facing (external) federation use-cases will be displaced by user-mediated exchanges of attributes between IdPs and SPs
A battle will ensue between companies looking to become the branded (most trusted) identity providers
All Andre's challenges represent opportunities to contribute to the ecosystem. For example, roaming provides opportunities for smart card manufacturers, USB donglemakers, people who build phones (or software that runs on them) and web service operators. And so on for the other challenges. More about these as we go forward.
I agree with Andre's “implications” point: the proposal puts the user front and center, and thus rebalances the federation equation. This is bound to be unsettling to some – until it is understood that the new formula raises all the components of the previous equation to a higher power.