THE SECURITY ZONE

Aldo replied to my last post as follows:

… I think its true that as Kim says, “people will avoid those interfaces”.

Equally if not more important in my opinion is ensuring that metasystem “participants” (implementers) have access to and enjoy sufficient legal assurances (licensing terms to intellectual property necessary to implement a given UI “look and feel”) to enable them to implement as many “standard/recommended” UI elements as possible.

(Sidebar) For those who haven't seen an InfoCard demo, one impressive aspect of how it works is that when an “ID transaction” is initiated the system visually and technically goes in to a type of “security zone”. To be dramatic envision the lights dimming and the sound of cold steel rolling followed by the clang and reverb of metal meeting metal as the doors close around you. I should stress that in this scenario, unlike the movies those doors are closing to provide a security cordon in service for end-users to keep the thieves at bay not to capture them in act. The point I'm getting at is, that because the end-user is entering a separate “zone” it really shouldn't matter if the end-user entered it through Windows, Linux, Sun or the Apple OS as long as their entry is valid. In my opinion much of the “look and feel” of that “zone” shouldn't be a proprietary branding opportunity but should provide a “standard/recommended” visual message to end-users that they've entered the “security zone”. Naturally an end-user will interact with all kinds of proprietary intellectual property once within that “zone” (Visa, Ebay, WalMart logos etc) but the “scaffolding” of that space should ideally be as common a UI as possible. (End Sidebar)

Encouraging “standard/recommended” UI implementations is in the interest of all market participants Microsoft, Novell, IBM included. It seems axiomatic that widespread adoption of the metasystem (accelerated through ease of use implied by UI standardization) will as the saying goes “lift all boats”. Granted some boats are bigger than others and perhaps they'll enjoy the ride more (larger market share) than the small boats but that's competition. But aren't those “bigger boats” currently exposing themselves to more risk in the short-term to see that the tide can rise.

Concluding:

I don't doubt that Kim and the InfoCard folks will work with Paul and the Higgins folks. Furthermore as I've stated on this blog and to other's involved in this field in-person I don't think Microsoft, Kim or anyone else working on InfoCards has something up their sleeve. In other words it's pretty obvious why Microsoft would like to see a Linux or other major OS implementation of InfoCard (see previous paragraph and if only to forestall the “Passport” PR issue). Imagine Kim's challenge in encouraging proactive investment in a Linux implementation of InfoCard from within Microsoft. Frankly I think there's a chance that might happen if a third party doesn't appear reasonably soon to do so. Consider for a moment, the investment Microsoft has already made in InfoCard, the potential upside of a widely adopted Metasystem and the downside risk that it's viewed as another Passport.

So to end this already long post, what I'm advocating is that Microsoft (like it or not the onus is on you all at the moment) should make every effort to make it as clear as possible the specific licensing terms under which third parties can implement the various aspects of InfoCard. Naturally I'm particularly focused on the UI elements aspects but the same holds true for other aspects of InfoCard. As far as I know the licensing terms for implementation of the UI “layer” are not yet publicly available (someone please correct me if I'm wrong).

Perhaps they will be soon?

Given the increasing attention that InfoCard and Digital Identity has received lately it seems the time for publication of those licenses is drawing near.

*My reference to “Channeling Kim Cameron” in the title to this post is a reference to this quote, also from Kim's post cited above. “it was almost like reading a part of my own mind.” Just for the record, I have not ever knowingly been nor do I hope to occupy “the mind of Kim” 😀

I've always been clear that Microsoft's work on the identity metasystem has one goal and one goal only: to create an identity layer for the internet that will launch the next era of computing. This era will be one of great new software, services and physical products, as privacy and identity come to underlie our increasingly interconnected social and virtual environments. Out of this will come tremendous opportunities for all. These opportunities dwarf anything else on the horizon.

This is the identity vision. My colleagues inside Microsoft get it in full technicolor. The identity metasystem must be ubiquitous for this technological liberation to come about. Our approach to licensing derives from that analysis. We will make our identity metasystem intellectual property freely available in furthering this set of goals. We are encouraging others to use our breakthroughs around both protocols and visual interfaces and paradigms as a jumping off point for their implementations. Licensing of this IP is the normal “RANDZ” – reasonable and non-discriminatory zero royalty.

By the way, I don't expect all the Identity Selectors (I actually love the concept of ‘Security Zones’) to be identical – just similar enough that when you see one you know how to use it. It's a bit like designing a car. The interiors are not identical, but when you sit down you know how to drive. If we can get to that point, a safe internet is completely possible.