I am glad to see I am providing Robin Wilton and various of his friends with suitable amusement these days. Luckily this doesn't distract him too much from interesting comments on the dynamics shaping federated identity frameworks.
First, on yesterday's topic of ‘identity protection and financial services’, you may be heartened to learn that the Financial Services Technology Consortium (FSTC) is working on stronger mutual authentication as part of the solution to this problem, and has just concluded Phase One of its ‘Better Mutual Authentication’ project. More information at www.fstc.org.
The FSTC has been looking closely at SAML and Liberty for several years now, and concluded back in 2003 that Liberty technology could help financial services organisations improve security and identity management.
I think what's changed since then is the increased recognition that strong authentication is, simply stated, a great example of a web service which one member of a circle of trust can provide to other members.
Second, Liberty members (especially the techier ones) are watching with interest as Kim Cameron is gradually exposed to some of the (frankly fun) group dynamics among the participants. You know how it is; you get to know people over the course of sometimes heated debate about identity principles, and every so often you have one of those arguments which looks to any outsider like a bare-knuckle dust-up. It's only when you know the two participants and their history that the whole thing looks altogether less vicious and more amusing.
There's also a good deal of innocent amusement to be had from reading these lines in Kim's blog:
“One of them asked why Liberty hasnâ€™t caught on more since it has been around for almost five years. Not knowing Conor I might have imagined he would sidestep the issue with marketing gloop. “
As Kim immediately discovered, Conor is fresh out of marketing gloop… and is not expecting a re-stock ;^)
Without wanting to get into the subsequent to-and-fro between Conor, Paul Madsen and others, I'd just note this, as I have done in public comment on several occasions:
Those looking for mass adoption of Liberty often ask why large-scale e-commerce adoptions are not more visible. I think the e-commerce boom of the late 90s offers instructive parallels. The B2C bubble was highly visible and easily grasped, conceptually, by those seeking to understand this new technological phenomenon. However, there was both more money and greater longevity in the B2B market using exactly the same technology.
I think we're seeing some of the same thing in the identity market. Yes, there's adoption and growth in B2C applications – and that will continue; but there's a steadier undercurrent of adoption for B2B applications, even if those are not always as visible to the consumer or onlooker.
An interesting event to look out for is the point at which it becomes realistic for G2C identity infrastructures to intersect with B2C applications. That's not primarily a technology event – it's one driven by market and policy conditions – but in my view, if you're looking for candidate technologies to make it happen, Liberty is at or near the top of the list.
To me this doesn't look much like a bare-knuckle dust-up – just a good discussion.