Google’s Ben Laurie continues with a post I’d call “Cogent with cloudy periods”:
Not surprispingly, my post “Google Account Authentication†attracted some pretty instant responses, as well as comments on the post itself.
On further reflection, comparing Live ID with Google’s authentication is comparing apples and oranges. Live ID may allow people to choose who they accept authentication from, but where does it say that anyone is planning to accept anyone’s word other than their own? In particular, where do Microsoft say they’re going to grant access to Microsoft properties using identity tokens issued by anyone other than Microsoft?
Interesting. Let me explain how I see it. The Windows Live ID whitepaper is about the technical architecture of Windows Live ID, and new capabilities allowing it to be part of a standardized, multi-centered, federated identity fabric. This includes support for Information Cards. Reading the paper, it’s easy to see how enterprises or groups of users could gain access to Windows Live services using their native systems federating with Windows Live ID, rather than requiring separate accounts. The business model for this would be totally straightforward.
Now, in terms of how the protocols work, a similar federation relationship could be established between a Windows Live and a Yahoo or a Google. But the business models there are way harder to figure out. You need multiple players to buy in - it needs to be a win/win/win. I don’t think anyone has figured this stuff out. Basically, it’s a lot easier to change technologies than to change business models.
Still, to me, it makes sense to put a safer, more flexible technical infrastructure in place that offers advantages within current business models while simultaneously laying the groundwork for new approaches as they arise. But let’s try to see the two as relatively autonomous.
Ben continues:
Eric Norlin says: “Lots of people inside of Microsoft now understand *why* they must open the silo, and that learning is precisely because of their experience with Passport.†But is this actually true? What Microsoft appears to have learnt is that it can’t get everyone to accept its credentials. So, what’s the next best thing? Get everyone to use MS technology for accepting credentials. Perhaps that’ll even lead to Passport Mark II where the default is to trust Microsoft. Where does Microsoft’s work on Infocard or Live ID or whatever-the-passport-nom-de-jour is show that Microsoft has any intention whatsoever of opening their silo? What it shows is that they think everyone else should open their silo.
This mish-mashes so many orthogonal ideas together that it gets a wee bit looney. If the following sounds disconnected, it’s because the way Ben connected things doesn’t make any sense to me:
-
It’s true that a lot of us at Microsoft want to “open the silo”. That doesn’t make it easy, or make it obvious what to do.
-
WS-Trust is not Microsoft Technology, unless IBM is now part of Microsoft - not to mention the hundred or so other companies who have worked on the WS specifications.
-
Information Cards are not Microsoft proprietary for two reasons: first, the protocols are in OASIS standardization and available royalty-free; and, second, because there is a consortium building real open-source implementations today (OSIS).
-
I don’t understand why Ben wants to confuse a service offering like Windows Live ID with a cross platform technology initiative like the Identity Metasystem.
-
I’m even more mystified at the implication that our Cardspace implementation of Information Cards is a plot. It doesn’t offer special advantages to Windows Live ID. Services like those offered by Google get equal billing with services that might come from Microsoft. What is the sin here?
-
Given the difference between services and open cross platform technology, why call Cardspace “the-passport-nom-de-jour” - except to be naughty?
Anyway, I’m just going to assume Ben had a bad hair day, which everyone has a right to.
Parhaps the flurry of postings made it look like people were ganging up on Google - not at all my intention - I still think that on identity our interests converge and we’re all in similar places.
At any rate, Ben concludes thus:
Fred asks: “could you explain why Google shouldn’t allow their accounts system to be accessed by Yahoo credentials?â€
All I can say is what I already said: there isn’t a widely used, mature, reliable, secure identity federation mechanism available today. Whether Google wants to do this or not, in practice, they can’t. Such decisions have to wait for standardised mechanisms to emerge, in my view.
Dick is “suprised to see this post given conversations we hadâ€. Well, Dick, if the fact that I don’t always agree with you is surprising, then you’d better stock up on soothing music or something.
I think the situation calls for soothing music all around. How about Iggy Pop?
[...] Kim thinks I had a bad hair day I dont understand why Ben wants to confuse a service offering like Windows Live ID with a cross platform technology initiative like the Identity Metasystem. [...]
[...] For more delicacies try this piece on the recent Eric Norlin / Ben Laurie exchange (my comment that Ben must have had a “bad-hair day” is qualified as incendiary, whereas I thought Ben would just get a chuckle out of it).  And there is this beyond the fringe story on the targeting of Craigslist users for violent crime (hmmm, seems like we might want to know who we’re dealing with before an in-person meeting - which happens to be Opinity’s forte). [...]
Ok, I have installed .NET 3.0 July CTP and since I already had IE7 Beta 3, it took only a few minutes, no reboot required. This stuff seems to be of good quality already!
To the comment …
I have to admit Ben Laurie has some good arguments.
Today we have identity silos without the possibility of interoperability. With Infocards we might end up with the same identity silos but with the distant promise of interoperability. However, the technological opportunities will be stopped by the business who wants to protect some important aspects like identity information and branding.
The cardspace implementation will create a much more pleasant and more importantly secure and consistent environment for the user. Small sites will benefit from the interoperability with the big silos.
Larger sites however will keep a tight guard on their identity information and will continue to do so in the future, even with Identity 2.0 or Infocards.
Consider this: would Microsoft ever give up being an identity provider? Why not?
[...] Then Bavo was able to comment - contributing an astute comment to the identity silo thing. [...]
[...] The end result of the blog deathmatch between me, Kim, Eric and Dick was a deathly silence on what I consider to be the core issue. [...]
[...] Ben Laurie of Google writes that something important was left unsaid in the recent discussion of federation and large Internet properties: The end result of the blog deathmatch between me, Kim, Eric and Dick was a deathly silence on what I consider to be the core issue. [...]
[...] Identity 2.0: ÑтраÑти накалÑÑŽÑ‚ÑÑ Ðовое поле битвы в Software-as-a-Service (и Web-технологиÑÑ… в целом) формируетÑÑ Ð²Ð¾ÐºÑ€ÑƒÐ³ подходов к идентификации и авторизации пользователей. Следом за централизованными каталогами поÑвилиÑÑŒ федерации, на Ñмену которым ÑÐµÐ¹Ñ‡Ð°Ñ Ð¿Ñ€Ð¸Ñ…Ð¾Ð´ÑÑ‚ более изощренные механизмы, Ñ Ð¿Ð¾Ð´Ð°Ñ‡Ð¸ Dick Hardt коллективно именуемые Identity 2.0.ОÑновной кулуарной диÑкуÑÑионной площадкой Ð´Ð»Ñ Ñтих тем ÑвлÑетÑÑ ÑÐ¾Ð·Ð´Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð»Ð³Ð¾Ð´Ð° назад Ñ€Ð°Ð±Ð¾Ñ‡Ð°Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ð° IETF DIX (Digital Identity Exchange). Диапазон выÑказывавшихÑÑ Ð¸Ð·Ð½Ð°Ñ‡Ð°Ð»ÑŒÐ½Ð¾ мнений был наÑтолько широк, что ÐºÐ¾Ð½ÐµÑ‡Ð½Ð°Ñ Ñ€ÐµÐ·ÑƒÐ»ÑŒÑ‚Ð°Ñ‚Ð¸Ð²Ð½Ð¾ÑÑ‚ÑŒ DIX ÑтавилаÑÑŒ многими под Ñомнение. Однако под идейным натиÑком предÑтавителей Sxip обÑуждение обрело конÑтруктивный характер и поÑтепенно перешло в техничеÑкую плоÑкоÑÑ‚ÑŒ. Однако Ñ Ð¼Ð¾Ð¼ÐµÐ½Ñ‚Ð° выхода Google Account Authentication API диÑкуÑÑÐ¸Ñ Ð²Ñ‹Ð¿Ð»ÐµÑнулаÑÑŒ в публичную блогоÑферу и превратилаÑÑŒ в PR-фиаÑко Ð´Ð»Ñ Google.Dick публично обвинил Google в том, что тот углублÑет водораздел, призвав в ÑпиÑке раÑÑылки IETF DIX европейÑкого Ñотрудника Google Ben Laurie прокомментировать планы по интероперабельноÑти Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ API. Ð’ то же Ð²Ñ€ÐµÐ¼Ñ Ñтали плодитьÑÑ Ð´Ñ€ÑƒÐ³Ð¸Ðµ публикации, Ñравнивающие GAA Ñ Ð¿Ñ€ÐµÐ´Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñми Microsoft, такими как Passport и Live ID, в веÑьма нелеÑтном Ð´Ð»Ñ Google тоне. Ðе Ñмог оÑтатьÑÑ Ð² Ñтороне и главный идеолог и оратор Microsoft на Ñту тему Kim Cameron.ОÑновной Ñ‚ÐµÐ·Ð¸Ñ Ð¾Ñ‚Ð²ÐµÑ‚Ð° Ben Laurie ÑоÑтоит в том, что Google ничего не объÑвлÑет заранее, а Microsoft в Ñвоих коммуникациÑÑ… по поводу digital identity оперирует иÑключительно планами, а не реальноÑтью. ÐапоÑледок Ben риторичеÑки Ñпрашивает, не желает ли Dick иÑпользовать ÑервиÑÑ‹ Google под Ñвоим логином Yahoo, на что Dick не без удовольÑÑ‚Ð²Ð¸Ñ Ð¾Ñ‚Ð²ÐµÑ‡Ð°ÐµÑ‚ утвердительно. ЕÑли вам интереÑна Ñта тема, то рекомендую ознакомитьÑÑ Ñ Ð¿Ñ€Ð¾Ð´Ð¾Ð»Ð¶ÐµÐ½Ð¸ÐµÐ¼ Ñтой жаркой диÑкуÑÑии: здеÑÑŒ, здеÑÑŒ, здеÑÑŒ, здеÑÑŒ, здеÑÑŒ и здеÑÑŒ.Можно было бы Ñчитать критику Google беÑпочвенной, ÑƒÑ‡Ð¸Ñ‚Ñ‹Ð²Ð°Ñ Ñ‡Ñ‚Ð¾ Google Account Authentication и не задумывалÑÑ ÐºÐ¾Ð¼Ð¿Ð°Ð½Ð¸ÐµÐ¹, как имеющий отношение к Identity 2.0. Однако именно Ñто, похоже, и раздражает критиков, обвинÑющих Google в отÑутÑтвии не только инициативы, но и декларированной Ñтратегии в отношении интероперабельноÑти механизмов авторизации.technorati tags: web 2.0, digital identity, google, microsoft # Ðвтор: Daniel Feygin @ 15:07    Комментарии: Отправить комментарий СÑылки на Ñто Ñообщение: См. ÑÑылки на Ñто Ñообщение  [...]
[...] Ñтой жаркой диÑкуÑÑии: здеÑÑŒ, здеÑÑŒ, здеÑÑŒ, здеÑÑŒ, здеÑÑŒ и здеÑÑŒ.Можно было бы Ñчитать критику Google [...]