I apologize that I can't keep up with all the great comments, posts and emails people are doing around so many aspects of the laws of identity, the metasystem, InfoCards, WS and so on. I am reading and working hard to incorporate all the information. I hope to catch up eventually on all the different threads here in the blog.
I'm a fan of Don Park's blog. The remarkable story which precedes this posting is an example of how interesting it gets. I particularly like the “feeling” he projects. Here's an example of his thinking about identity. I agree that it is useful to think of identity as a verb, and that, as Don puts it, “you need both sides of the equation.” I want ito include these ideas in a more formal discussion of identity from the poiont of view of “the relying party”…
To me, identity is not something one has, like an InfoCard or a key, but something one does, a verb if you will. Identity is like the equal sign of an equation. For identity to happen, you need both sides of the equation.
In the real world, identity happens when I see someone I met before. I compare the face in front of me with the face I remember and, voila, identity happens. Identity stops happening as soon as the person walks away or the person hits me hard enough to faint.
Likewise, online identity happens when a website and I agree on some piece of secret and then I later show it. Yup, the website would say, you showed us what we saw before. As soon as that is done, the website has to give me something else because identity is an event and the website will forget who I am otherwise. Usually, they give me a ticket which I have to show everytime I say something. When I am done with the website, the ticket is thrown away.
But does the website know who I am? Nope. If I tell them that I am the Don Ho who sang Tiny Bubbles, they'll accept that so, when online identity happens later, they'll be able to say Yup, you showed us what we saw before from a guy who claimed to be Don Ho.
At this point, I forgot what I was going to say. It's too bad that, like identity, enlightment is a verb.
He also wanted to know how he could get the beta of InfoCards. It is included with the “Indigo” and “Avalon” download available here.
In terms of this beta, I want to make several things very clear. First of all, the user interface is just what we call “a wireframe”. It gets the basic idea across, but is not even close to our plans for a final user interface. Don't expect anything glitzy. The glitz will be applied by glitz specialists later in the process.
Second, the first beta only supports one identity provider – the “simple” local “bootstrap” identity provider. The next version of the beta will support the “managed” identity providers – the ones that would be operated by service providers or put on dongles and phones, and that can be plugged in to the selector.
Third, the Implementor's Guide (rather than wire traces) should be taken as the definitive description of the final protocols (it will include examples of all the final wire exchanges). We learned a number of things doing the first beta that we want to fix for the second so sniffing the current wire exchanges will be close to but not an exact match with the final deliverable.
When will the Implementor's Guide be out? I'm working on a definitive answer, but am told people are working very hard to advance this project. The guide will describe how to build the managed identity providers as well as relying party software.
Don goes on to ask a branding question:
Will the ‘InfoCard’ be the umbrella brand name for all implementations or just Microsoft's own rendition?
My guess is that it's the latter and am worried that this will just lead to market confusion because I frankly don't think rest of the folks can huddle together and come up with the necessary synergy and resources to push a single brand name.
And adding a little “InfoCard-compatible” sticker will mean we'll be back to licensing land.
Here I should make it clear that ‘InfoCard’ is just a code name and not the name of a product, so whatever it is, that won't be it (it is “taken”). But to tell you the truth, we haven't figured all this stuff out. You are right that there may be benefits to having “a sticker” or something like that.
People should let me know what they think about these issues – our goal is to make everyone who wants to build a metasystem 100% successful.