Todd Bishop of the Seattle Post Intelligencer posted another good read – this time about Versign's support for InfoCards. Now, in addition to Microsoft having an InfoCard Project, Verisign has one. This is a big step forward for an Identity Metasystem that gives people increased control over their digital identities.
I hope people see that when enough industry players buy in, the system will no longer be ascribed to Microsoft. It will be a lot clearer that InfoCard does not “belong” to any particular vendor. Microsoft will have its Identity Selector, and its Active Directory InfoCard support, but many other vendors and platforms and organizations will offer InfoCard components. The Identity Metasystem will be like TCP/IP or the Web.
There will be an ecology that will lead us all to a period of great creativity – where a million new possibilities open up as identity becomes easy to program and use. That world is what Microsoft is trying to foster – not brand recognition around InfoCard.
SAN JOSE, Calif. — Microsoft Corp.’s fledgling InfoCard online identification project has won support from one of the biggest names in the field.
VeriSign Inc. showed plans Wednesday to let people use Microsoft's InfoCard program as one way to log into Web sites that are part of its VeriSign Identity Protection Network — which already has signed up Internet heavyweights eBay, PayPal and Yahoo! as its initial participants.
Analysts called it an important first step for Microsoft, which needs to bring aboard a variety of Web sites and identity providers for the InfoCard project to work. VeriSign announced its system, known as the VIP Network, earlier this week.
“That's a really valuable win for Microsoft,” said industry analyst Rob Helm, research director at Kirkland-based research firm Directions on Microsoft. VeriSign's involvement means Microsoft's InfoCard stands a better chance of being “something more than an academic exercise,” Helm said.
VeriSign Chief Executive Stratton Sclavos announced the company's plan to link up with InfoCard during an address Wednesday morning at the RSA security conference here. Before the announcement, the VIP network appeared to pose a potential competitive threat to Microsoft's InfoCard project, as an alternative system.
The VIP network provides people with a common way of securely logging in to a variety of sites. It will work in conjunction with one-time digital passwords generated by devices such as specially equipped mobile phones, key chains and USB keys.
The InfoCard program is designed to serve almost as a virtual wallet on the computer screen, with different cards representing a person's various online identities.
Microsoft hopes to persuade many identity providers — such as banks, governmental agencies and online services — to issue InfoCards. People using the InfoCard program could then select one of the cards to securely provide their digital credentials when they need to log into online sites, authenticating their identity without using a password each time.
Users of the VIP Network would still be able to log into sites using VeriSign's system alone, but the company's decision to work with InfoCard would give them the option of using the Microsoft program as an alternative interface.
On stage at RSA Wednesday, VeriSign demonstrated the ability to access an InfoCard associated with the VIP Network using a digital password generated by one of the VeriSign devices. After that step, the InfoCard program lets the user select that virtual card to securely log in to one of the VIP Network sites.
The InfoCard program, demonstrated by Microsoft Chairman Bill Gates at the RSA conference earlier this week, will be included in the upcoming Windows Vista operating system and made available for the existing Windows XP. It also will work in conjunction with Microsoft's upcoming Internet Explorer 7 browser.
Kerry Loftus, director of product management for VeriSign's authentication services, said the sites with which the company is working were interested in making sure the VIP System was integrated with Microsoft InfoCard, as well.
“They understand it's a reality that's coming down the pike for them,” Loftus said. “It's another alternative log-on for them.”
Loftus said the arrangement between VeriSign and Microsoft is a technology partnership, with no financial terms involved. During his speech, VeriSign's Sclavos cited it as an example of companies in the information-security industry “coming together around standards that can be shared.”
InfoCard is the Redmond company's latest effort to give computer users a uniform way of logging into Web sites and verifying their identities online. It works with a variety of identity providers, unlike the company's Passport log-in program.
As a security measure, InfoCard doesn't store sensitive personal data from identity providers on the computer itself. Instead, after a user clicks on a card, the program retrieves the necessary digital credentials from an identity provider, then forwards them to a site to authenticate the person's identity.
In addition, people would be able to create their own virtual cards inside the program for submitting basic log-in information to Web sites. The InfoCard program itself runs in a secure area separate from the standard PC desktop.
Reflecting the fact that it was a surprise, Sclavos preceded the announcement of VeriSign's InfoCard integration with a nod to Apple Chief Executive Steve Jobs’ signature move — appearing as if he were about to conclude his speech but then saying he had “one more thing” to show.
I thought the demo was great – I hope our friends at Verisign will do a screen-capture video so I can link to it for people who missed the live event.
I hope everyone thinks hard about what happened here. Verisign and Microsoft could have gone in separate directions and the result would be further confusion in the identity landscape. But it didn't happen. There is a lot of vision at Verisign, and my team really enjoyed working with them as they built their proof of concept.