Here's a piece by Steve Gillmore that nicely captures how what we are doing together in identity is part of a broader “something's happening here” that could really revitalize our industry and take us past our preconceptions – hard as it is to let go of them.
I love Steve's audio work – his podcasts have helped me evolve many of my ideas.
Here's John Fontana's take on the seven laws and the metasystem proposal in his piece published at Network World. John has been writing about identity forever and this is a really good story. I'd love to pick it up as if it were a blog, but it isn't marked “blog” so I'm waiting to see if that is possible.
Here's Dan Farber's story over at ZDNet on the way Microsoft is approaching the identity metasystem. I'm not the only one who has seen Dan as a multi-talented guru over the years – so having him vet our thinking is important to me. It's also great to see Dan giving my friend John Shewchuk the credit he deserves – he is a tireless supporter of the identity metasystem.
On the final day of Digital ID World 2005, John Shewchuk, CTO for distributed systems at Microsoft, and Kim Cameron, identity and access architect at Microsoft, outlined their company’s plan for delivering a unifying identity metasystem, an abstraction layer, based on WS-* Web services technology.
“The essential concept of the metasystem is you have a bunch of contexts and need to achieve separation or amalgamation across the [contexts],” said Cameron. “Getting the metasystem working, like networking [via TCP/IP], can expand what’s happening by orders of magnitude, bringing synergy that current does not exist. If we do, we’ll get to the identity big bang.”
The big bang identity metasystem addresses many of problems in digital identity, avoiding the patchwork of single provider, single technology siloed solutions. It also places the user at the center, giving them control over how their identity information is parsed out. Microsoft’s identity framework supports multiple identity technologies, as well as multiple operators and implementations, Shewchuk said. This is not the typical of Microsoft, which tends to focus on developing its own proprietary solutions rather what’s in the best interest of the industry, but it seems that Cameron and Shewchuk so far have convinced Gates & company for any identity system to succeed–unlike Passport–it must be interoperable and open standards-based.
Shewchuk said that the fundamental metasystem functions include enabling relying parties and identity providers to negotiate technical policy requirements; providing a technologically agnostic way to exchange policies and claims (Cameron’s definition: an assertion of the truth of something, typically one which is disputed or in doubt; claims could include an identifier, knowledge of a secret, as in password based systems, personally identifying information, membership in a group…) between identity providers and relying parties; allowing a trusted way to change one set of claims, regardless of the token format, to another, so users aren’t stuck in one technology stack; and maintaining a consistent user interface across multiple systems and technologies.
WS-* has the underpinnings for building the metasystem and mostly political correct credentials—broad participation from heavyweights in the technical community; open, published specifications on a standards track; and a promise of non-discriminatory, royalty free use. The security token format is neutral and embodied in WS-Security, supporting multiple profile (Kerebos, SAML flavors, XrML, x509, etc.). WS-MetaExchange and WS-Security Policy provide a dynamic system for exchanging claims. WS-Trust provides a way to transform claims.
Microsoft’s Indigo is the Web services platform for creating .Net applications, and the user interaction takes place via Infocard, a creation and management experience that allows users to maintain control over how their identity information is used online. Users can authenticate themselves to a security token service (STS) using different methods such as a self-issued token (similar to PGP), Kerebos, smart cards and other technologies, Cameron said.
Shewchuk said that he showed a prototype of the identity metasystem to Bill Gates three weeks ago, who apparently has allowed the project to live on. Microsoft plans to make its identity metasystem code available to developers in an SDK in a few weeks.
I asked Jamie Lewis of the Burton Group about whether Microsoft can be a trusted steward of digital identity, spanning multiple platforms. “We can complain all we want about Microsoft’s approach to developing specifivations, but you can’t say they haven’t been clear about where they are headed the last several years,” Lewis said. “They have some very valid approaches. Federation is the most reasonable idea so far, and there is starting to be coalesence around the WS-* framework as a general purpose federation framework. Ping Identity demonstrated a Java-based STS, which is a powerful statement about the ability of others to play–call it enlightened self interest.”
Cameron and Shewchuk mentioned several times the necessity to maintain a consistent user interface, so that users can actually manage their online personas without having to learn arcane commands. It’s likely to be an area where Microsoft is less forthcoming on how to build solutions using its metasystem. “I doubt Microsoft will be publishing guidelines for front end as they will for back end,” Lewis said. Cameron seemed to say the Infocard would be supported on non-Windows platforms. Lewis also pointed to Microsoft’s focus on XrML (eXtensible rights Markup Language), which he gets into the contentious IP rights and management space. And we know that Microsoft wants to be a major platform in digital rights management.
“If we work together on a metasystem, we can avoid the need to agree on dominant technologies a priori—they will emerge from the ecosystem,” Cameron said during a session on his much discussed Seven Laws of Identity. The Holy Grail of identity management and efficient, reliable ecosystem is still years away, but there is a movement afoot that appears to have the best interests of users as its guiding principle. Whether it lasts and Microsoft doesn’t revert to its darker side remains to be seen, but Cameron and Shewchuk make convincing arguments that there is no turning back.
Just for the record, I need to correct Jamie on the “front end versus back end” comment. We want to talk with every interested platform vendor about our work – and be open about our concepts and plans. I'm trying to get some meetings going. We want the strongest identity metasystem possible – and the ideal would be a consistent basic approach across platforms. We'll want to have our own “distinct look”, of course. But our friends over at Apple and on other platforms have shown themselves to be fully capable of innovative design, haven't they? So I don't suspect they need me telling them how to design their user interfaces!
In Britain, the identity card debate is heating up again.
Before the recent election, the British government proposed a law introducing identity cards and a corresponding central identity database. Of course the political issues are for Britains to decide. But several of us who are involved with identity issues have commented on the situation from a technlogical point of view: governments would be well advised to look at advanced technologies through which they can achieve their governmental objectives while better protecting privacy and lowering the risk of an identity catastrophy.
Now the election is over. The British debate has started up again. And Edward Heath of Ideal Government, a site dedicated to issues of how to improve government at all levels, has issued a broad “Appeal to Brainstorm”. What a cool idea.
What do we want from identity systems? Wouldn’t it be better if…?
The Home Office is to reintroduce its idea of an ID system to underpin the sort of world it wants. Some are in favour. Some raise principled objections. Some are too angry to be coherent. There’s a major political row brewing. But very few people can really get their heads aroud it.
Some people, who like political rows, will say – bring it on.
This is a call to people who:
- don’t care for political rows
- are hardcore in their desire to live in an intelligently e-enabled world, built on a foundation of trust
- insist on good public safety measures but reject needless authoritarianism
- insist on respect for human rights and dignity
- hate to see money wasted (whether through incompetence or deliberate fraud)
- and want good, convenient and common-sense public services.
If that’s you, please join us at www.idealgovernment.com in an intense on-line brainstorm about what we want from identity systems for an e-enabled world. Ideal Government – the web log where ethnographers of bureaucracy come together to say what they want in e-enabled public services – is delighted to be official host for the LSE’s on-line debate in preparation for the Identity Project final report. All welcome. Ususal rules apply. Anyone can apply for author password. Anyone can comment. Anything offensive or actionable is taken down.
Contrary to what Baroness Scotland has said, there has not been an effective consultation and debate. A few cosy discussion between a partially-informed buyer and a few willing suppliers is no substitute for intelligent, passionate and measured engagement between people who really understand the issues in which they are respectively expert.
The LSE Identity Project is an essential contribution to setting out a user requirement of what we want from e-enabled government. Identity systems will produce a big bang in the e-enabled world. Let’s make sure we get the fireworks right.
For those not familiar with the British landscape, the LSE is the famous London School of Economics. They published a profoundly interesting report on the British proposal as first introduced, which I wrote about here.
Scott Mace did amazingly accurate notes – pretty much a transcript – of my presentation on the Seven Laws at DIDW. How can he do that? If he ever needs someone to testify as to his accuracy, he can call on any of us who were there.
Over lunch Scott came up with the concept of an ID-Legal web site, joking that:
“…what we need is a Web site that determines which Web sites and services comply with (the) 7 laws of identity. Maybe it could be modeled on this, and let the visitors vote on the compliance of each particular Web site with the 7 laws.”
Anyway, if you know people who would benefit from the laws, I've made some printable versions (pdf and doc) that may be easier for people to read.
John Pallato at eWeek.com did a really good piece on the laws as well. I can't say enough about excellent journalism and what an important part of our world it is. People say it's rare. But excellent anything is rare – by definition.
A number of us have spent the last four or five days at Digital Identity World (DIDW) in San Francisco. DIDW really is an entire world, and a great one for getting a deeper understanding of identity. Many of us had the chance to meet in person for the first time, and I'm sure came away with a deep supply of “aha” moments.
I gave a presentation on the Laws of Identity and was on a panel led by Doc Searls featuring Marc Canter, Dick Hardt, Drummond Reed and Johannes Ernst. In addition I participated in the Digital Identity Update presented by Microsoft's Distributed Systems CTO John Shewchuk and InfoCard's Bill Barnes. It was a pretty moving experience.
Flying down, a fellow passenger in my seat (they were really packing us in) spilled her coffee on my laptop so I've been doing Cameron Unplugged for the last few days. I haven't got a clue yet about who's been blogging or what has been said.
For those who weren't able to attend, I've finally finished a whitepaper on the Laws of Identity, which I will post on www.identityblog.com in “pdf” format as soon as possible. In a meantime, msdn has published an online version here.
At the same time, those of us working on InfoCards and other Web Services identity components at Microsoft published a whitepaper clarifying our thoughts about how to bring about the kind of Identity Metasystem defined by the Laws… This thinking is very much in line with our presentation a year ago at DIDW – though our research and conversations have led to ideas which are noticeably more refined. Further, within a few weeks people will be able to play with early ‘beta bits’.
But whatever you do, don't crank your expectations into overdrive… A metasystem only works if people who can prosper through this kind of ecology climb aboard. This is not something Microsoft wants to do – or even could do – by itself. We won't be “declaiming”… We're early in this process.
The good news is there are a great number of innovative people from all over the industry – and crossing all the conventional fault lines – who want this project to happen. It's actually an incredible experience. More to come…
|
The bottoms up identity meeting will be in room Pacific A at the Hyatt Embarcadero at 1pm Monday. |
Here is Marc Canter's take on DIDW versus the bottoms-up identity initiative:
So I am going to DIDW. It's key. I have no way of NOT going!
Eric Norlin slapped me around a bit today and both me and Doc took so lumps for not getting it together by grabbing an entire afternoon for our communal cause.
But it's all good – cause this will be a catalyst for us to go out and have our own dam show. DIDW is an enterprise show – and we need a show of our own.
Don't give up the ghost yet! Since last year, those of us who believe in bottoms up have made a lot of progress in getting parity with top-down.
Here's a call for everyone interested in bottoms up identity to be at the Hyatt in San Francisco on Monday afternoon at 1:00 – no conference pass necessary.
I'd love to meet you if you can get there. Stay tuned for room number.
I have received a surprising volume of correspondence in multiple media about the use of “dialog” as a verb. There seems to be a bug in Radio Userland since it currently shows only 4 comments whereas I have pages of comments and emails. I do like this link brought to us from an “anonymous blog reader”:
Usage Note: In recent years the verb sense of dialogue meaning “to engage in an informal exchange of views” has been revived, particularly with reference to communication between parties in institutional or political contexts. Although Shakespeare, Coleridge, and Carlyle used it, this usage today is widely regarded as jargon or bureaucratese. Ninety-eight percent of the Usage Panel rejects the sentence Critics have charged that the department was remiss in not trying to dialogue with representatives of the community before hiring the new officers.
I can assure you that the usage panel doesn't want to dialog about their conclusions.
Which means I can get back to work.
Recently, in keeping with my goal of getting people who have worked on identity to start supporting each other more, I nominated Pat Patterson of Sun Microsystems for an important award (the coveted Serenity Award as mentioned here).
I have to thank Pat for taking the time to answer me. But – and I'm not complaining about his obvious passion – his response read like this:
“Sorry to be a language bore, but… “dialog with them”??? Does every noun have to be munged into a verb? Is there anything that “talking with them” doesn't convey that “dialog with them” does? Sorry – pet hate of mine…”
I was “on the road” at the time, and assumed I must have lost touch with our mother tongue. Embarrased, I wrote back to Pat as follows:
“You are right. Hats off to anyone who still believes in language. So we'll talk instead.”
And indeed we are setting up time for that (and a glass of something, I expect) at DIDW.
But back at home, I turned to my twenty volume edition of the Oxford English Dictionary for “cultural renewal”. And guess what I found?
Hmmm. I wonder if 400 years of continuous usage makes it? Est-ce que c'est une dialogue de sourds?
I'm feeling “intransitive” on this one, Pat. Looking forward to dialoging again, too.
