Here is Dick Hardt, CEO of SXIP, explaining our joint announcement on OpenID and CardSpace to people in the community who may worry that Starship Microsoft is about to land on OpenID and squish it.
This morning Microsoft announced they would support OpenID in future identity server products. Although this is a huge endorsement for OpenID, there will likely be many people that are fearful of what Microsoft’s involvement may do to OpenID.
At ActiveState I worked with Microsoft to bring Perl and Python technology to the Windows platform. This was a win for Perl and Python programmers that wanted to use their tools on the Windows platform. It was also a win for the community at large, as a fair amount of the threading and Unicode support that is in Perl today was funded by Microsoft. Just as I bridged the Microsoft and Open Source worlds back in the 90s,
I look forward to bridging the Microsoft and OpenID worlds today. The team at Microsoft get what we are doing in OpenID, and want to enable their technology to take advantage of the reach of OpenID, as well as enable the OpenID community to take advantage of CardSpace technology. This looks like a win-win for everybody.
Dick's previous Perl work really is a good example of what came about when we “defactionalized” our industry and got momentum going. The “identity gang” phenomenon has been a good example of the same thing since day one, and this concrete announcement takes things in an even more positive direction.
Let me say something about potential squishing. It just won't happen. One of the best things about OpenID is its organic quality, and the last thing we want to do is interfere with that.
My big ask was to add a way to request credentials based on phishing-resistant authentication. The main idea was to ensure the system is built to handle the dangers that would come with its own success. As it is more widely adopted, and used for more purposes, OpenID credentials will inevitably become a “honeypot”. But through the collaboration going on here, and other similar initiatives, we can make sure we'll have the means in place to protect our users even before they are in danger. This in turn is key to preventing a loss of confidence in identity systems and the internet in general.
In the early 1980’s, James Martin said, “Every successful system will attract usage to the point that it becomes unsuccessful”. He was referring to systems that gobbled up mainframe resources by attracting users until they became bogged down and unusable, but over the years I've thought of his maxim in many contexts. I think one outcome of today's announcement will be to provide an exception, and that's worth celebrating.
