After successfully avoiding the hurricane in Cancun, I came home to find a potential tempest gathering on the googlegroups idworkshop list dedicated to the identity metasystem. My friend Johannes Ernst, trying to ward off any misunderstandings, had written:
Just received — as you probably have — an e-mail invitation to the upcoming “Digital Identity World/Financial Services Conference” that features the following talk:
11:15AM – 11:45AM: Implications of the Microsoft Identity Metasystem for Strong Authentication Microsoft – Mike Jones (InfoCards)
Arising from unusually open conversations, and based on the laws of identity developed by Kim Cameron through these conversations, Microsoft will be releasing a cross-platform identity metasystem and InfoCard user interface with Windows Vista. This system takes a quite different approach to identity and authentication, allowing many new approaches to solving this problem at scale.
Mike Jones will detail the identity metasystem, and highlight its implications for the problems faced by financial services.
So Microsoft will be releasing the identity metasystem with Windows Vista? And it will be the “Microsoft Identity Metasystem” per title of this talk? Can somebody from Microsoft clarify whether this is indeed the way you position it, or whether this was just the work of an overzealous copy editor somewhere? If that's how you present it, do we — i.e. everybody who is not releasing an identity metasystem with Windows Vista because we are not Microsoft — need a different name for what we are all striving for? The NetMesh Identity Metasystem and the SXIP Identity Metasystem, perhaps?
Or do we need the Identity Meta-meta-system?
I think the question of whether there'll be one identity metasystem everybody participates in — equally? — or whether it is controlled/branded/ perceived to be owned/wanted to be owned by one vendor remains a fairly confused subject.
[This is not meant to be an attack or anything like it, but I really think we need to put this issue to bed. It has been discussed over and over without ever really being resolved, and it's not that hard to resolve … can I encourage Microsoft's powers-that-be to just pick one definition vs the other and stick with it. I'm fine with either choice, I just want to know what the term means…]
So let me provide some definitive and public answers that represent my thinking as Microsoft's Architect of Identity – thinking which I have already articulated in the Laws of Identity; which has been clearly stated in the Microsoft Vision for an Identity Metasystem document; and which Mike Jones, Andy Harjanto, John Shewchuk, and all the rest of us from identity land at Microsoft see as self-evident:
No one can own the identity metasystem – that would be a silly goal by any standards.
We need to work together to create an identity metasystem, and we are doing that – across the industry, and beyond it. We are trying to create and ride a wave. A unique opportunity. There are people with many different skills who are becoming involved with this. We are brought together through our understanding of what digital identity (or the lack of it) means to the future of the virtual and mortar worlds, and trying to push our understanding of these critical issues to the limit.
We at Microsoft are trying to do our part to contribute metasystem components – but we are fully aware that the metasystem has to reach across platforms and technologies (law 5). We have the greatest respect for everyone who is on this expedition. We hope, working with them, to build a ubiquitous unifying fabric, just like TCP/IP.
As for the passage Johannes quotes, it is not our intended message. We've talked about Microsoft's Vision for an Identity Metasystem, but never implied we “owned” the system.
The conference brochure in question was put together at DIDW by people racing against the clock to include InfoCards in a really interesting identity conference for the financial sector (more in an upcoming piece). They did the best they could given that we hadn't sent them a written blurb. In this regard I take responsibility for any ambiguity.
As usual, the DIDW conference organizers were more than responsive when I contacted them. Within minutes the text had been edited to remove any ambiguity of the sort Johannes worried about.
Now the line in question reads:
Microsoft will be releasing the InfoCard user interface for a cross-platform WS-Trust based identity metasystem with Windows Vista.
All said and done, experience tells me there will be lots of things written that do not reflect our – or anyone's – intended messages! That is just the nature of a free-thinking press – and of a technology tornado (read technology hurricane!) As far as I'm concerned, we want both.