The photo is of Andre Durand of Ping looking at the world through STS-colored glasses… I'm trying to convince him to post his presentation from DIDW – which was the best explanation of STS I've ever seen. STS is the Security Token Service defined in the WS-Trust specification – the thing which converts one security token into another one. His DIDW presentation was a very witty photographic essay showing examples of how this “token exchange” happens every hour of the day in our brick-and-mortar lives. Hopefully I'll be able to post it here one day soon.
And I had an aha moment reading this related posting today. If I read it right, Andre is saying that factoring the user into the equation as having an active role which transcends any particular identity relationship means all players have to slightly adjust their sets. I deeply believe the adjustment results in benefits for everyone involved, but Andre's analysis makes it easier to understand some of the seismological activity we are feeling.
I've been giving a lot of thought lately to both the concept of a token generation / validation / exchange service, as is defined within the WS-Trust specification for a Security Token Service (“STS”) and Kim Cameron's work around InfoCards. It all came about as a result of our participation with Microsoft demonstrating interoperability of a Ping developed (J2EE) version of WS-Trust and Microsoft's new InfoCards client at Digital ID World 2005 in SF.
I think this is a scenario where 1+1+1 (SP's + IdP's + End User) is going to equate to much more than 3. The concept of InfoCards is, in my mind, the third leg of the stool. We must involve the end-user in the movement of information which pertains to their identity in order to create a balanced, sustainable equation where a balance of power exists among all three constituents in a mature identity ecosystem. It's the reason Ping got involved in identity in the first place!
Andre's views mean a lot to me not only because he is a proven and smart entrepreneur with a deep knowledge of identity, but because his technical staff have already demonstrated they could understand and interoperate with Microsoft's InfoCards using WS-Trust and the related standards. In other words, he's talking from experience.