The Clay Feet of Giants?

Over at Craig Burton, the marketing guru who put Netware on the map and later formed the Burton Group with Jamie Lewis lets loose with a passionate fury that couldn't care less about who has deployed what:

It’s been a week since Microsoft announced that it was never going to release the next version of CardSpace. The laughable part of the announcement is the title “Beyond Windows CardSpace” which would leave you to believe that Microsoft has somehow come up with a better architecture.

In fact Microsoft announced its discontinued development of CardSpace with absolutely no alternative.

Just further evidence of just how irrelevant Microsoft has become.

The news that Microsoft had abandoned CardSpace development is not news to those of us who watch this space, Microsoft hasn’t done Jack with CardSpace for over two years.

It’s just that for some reason Microsoft PR decided to announce the matter. Probably so the U-Prove group could get more press.

Well, that's a bit harsh. Identity selectors like CardSpace only make sense in the context of the other components of the Identity Metasystem – and Microsoft has done a lot over the last two years to deliver those components to customers who are doing successful deployments on a massive scale all over the world.  I don't think that's irrelevant, Craig.

Beyond that, I think Craig should look more closely at what the U-Prove agent actually does (I'll help by putting up a video). As I said here, the U-Prove agent doesn't do what CardSpace did. And the problems CardSpace addressed DO remain tremendously important.  But while more tightly scoped, for the crucial scenario of sensitive claims that are privacy protected the U-Prove agent does go beyond CardSpace.  Further, protecting privacy within the Identity Metasystem will turn out, historically, to be absolutely relevant.  So let's not hit on U-Prove.

Instead, let's tune in to Craig's “Little History” of the Identity Metasystem:

In early 2006, Kim Cameron rolled out the Laws of Identity in his blog. Over next few months as he rolled out each law, the impact of this powerful vision culminating in the release of the CardSpace architecture and Microsoft’s licensing policy rocked the identity community.

Two years earlier Microsoft was handed its head when it tried to shove the Passport identity initiative down our throats.

Kim Cameron turned around and proposed and delivered an Identity Metasystem—based on CardSpace—that has no peer. Thus the Identity Metasystem is the industry initiative to create open selector-based digital identity framework. CardSpace is Microsoft’s instantiation of that Metasystem. The Pamela Project, XMLDAP, Higgins Project, the Bandit Project, and openinfocard are all instantiations in various stages of single and multiple vendor versions of the Identity Metasystem.

Let me clear. The Identity Metasystem has no peer.

Anything less than a open identity selector system for claims-based digital identity is simply a step backwards from the Identity Metasystem.

Thus SAML, OpenID, OAuth, Facebook Connect and so on are useful, but are giant steps back in time and design when compared to the Identity Metasystem.

I agree that the Identity Metasystem is as important as Craig describes it, and that to reach its potential it MUST have user agents. I further agree that the identity selector is the key component for making the system user centric. But I also think adoption is, ah, essential… We need to work out a kink or two or three. This is a hard problem and what we've done so far hasn't worked.

Be this as it may, back at Craig's site he marches on in rare form, dissecting Vendor Speak as he goes.  Mustering more than a few thrusts and parries (I have elided the juicier ones), he concludes:

This means there is an opening for someone or some group with a bit of vision and leadership to take up the task…

But mark my words, we WILL have a selector-based identity layer for the Internet in the future. All Internet devices will have a selector or a selector proxy for digital identity purposes.

I'm glad to finally see this reference to actual adoption, and now am just waiting for more discussion about how we could actually evolve our proposals to get this to happen.

 

Published by

Kim Cameron

Work on identity.

3 thoughts on “The Clay Feet of Giants?”

  1. Kim – it was a sad day to read about the Microsoft exit from the Information Card ecosystem. This blog is a most useful clarification of the considerations and your views on likely directions.

    Best of all, though, as you have hinted the cat is out of the bag. Others like Avoco at http://www.AvocoSecure.com have already developed and launched a superb Cloud Selector. Very shortly, the rest will be history.

    All of which is due to the visionary thinking that you inspired in 2004 and 2005.

    Malcolm

  2. A major reason for the poor uptake is that Microsoft haven't realized that there are a lot of providers that use strong authentication but they don't use Microsoft SW since it is was never designed for consumers. A very simple example are banks that in the EU and Asia have deployed a gazillion “soft certificates”. As banks they require PIN-protection and associated policies. But NONE of the browser-vendors actually supports this fairly basic feature!

    How did this happen? I think that if local MSFT-folks had told Redmond that “CertEnroll has been rejected by all banks in my country” (applies to almost every EU country…), they would get fired or be dismissed with “your banks is a bunch of morons”.

    It is hard to see that U-Prove will do any better without MAJOR investments in the browser/operating system platform.

  3. Agree with you point, though one major difference with U-Prove is that the whole experience can be set up end-to-end by the parties who want to co-operate (e.g. no OS involvement required in order to get a good experience). Again, my video will help clarify if I manage to get around to it!

Comments are closed.