Ben Laurie of Google writes that something important was left unsaid in the recent discussion of federation and large Internet properties:
OK, its nice that Microsoft are developing identity management software that might not suck (but remember, it still doesnâ€™t satisfy my Laws of Identity) but the question thatâ€™s being posed about Google applies equally to Microsoft, and, indeed, anyone else with an identity silo.
So, hereâ€™s the question: is Microsoft going to accept third party authentication for access to Microsoft properties?
How about it, Kim?
OK. The answer to your question is “yes”. Windows Live ID is going to accept third party authentication for access to Microsoft properties.
Let me quote from the Windows Live ID Whitepaper. It seems like I gave the wrong link before, so I've checked that this one works. I've also copied the paper onto my blog as I always do so my links will be permanent. The original appears here. The quote below is one of several places where these issues are discussed in the paper, so it's probably worth checking out the whole paper (about 8 pages).
How Does Windows Live ID Participate in the Identity Metasystem and Work with â€œInfoCardâ€?
Microsoft is working with others in the industry to create an identity metasystem that brings existing and future identity providers into a connected identity ecosystem and empowers end users to control the use of their identities. The Windows Live ID service will participate in the identity metasystem as one identity provider among many, able to accept claims from other identity providers and transform them so they can be used within Microsoft online services. This participation will include acceptance of self-issued and managed â€œInfoCards.â€ It will thus provide full support for the â€œInfoCardâ€ identity model.
Roles of the Windows Live ID Service in the Identity Metasystem
Microsoft has published its vision of a universal identity solution that is inclusive of a plurality of identity operators and technologiesâ€”the identity metasystem. In such a metasystem, identity providers, relying parties, and subjects can select, request, transfer, transform, and consume identities through a suite of well-defined and open Web Services (WS-*) protocols. Microsoft is working to implement components of the identity metasystem, as are many other companies in the industry. As a result, various building blocks for the metasystem are being developed. Some of these components will be delivered to end users in the form of software installed and running locally on their computers and devices, while others will be online services.
The design philosophy of the identity metasystem is not to replace the existing identity systems in use today, but instead to bring these existing systems together by enabling interoperation among subjects, relying parties, and identity providers through industry standard protocols. The Windows Live ID service will participate in the identity metasystem as a â€œmanagedâ€ identity provider already at Internet scale. Windows Live ID will bring a large base of end users and relying parties to the metasystem, taking us one step closer to Internet-wide identity federation and doing our part to help the industry move beyond the â€œwalled gardenâ€ paradigm.
The Windows Live ID service will play several essential roles that are strategic for Microsoft. The service:
- Is an Internet-scale identity provider intended primarily for users of Microsoft online services, which are all relying parties of the Windows Live ID service.
- Is open and issues claims in a form that can be consumed by any relying party, any device, and any other trusted identity authority.
- Serves Microsoft online services as a â€œclaims transformer,â€ allowing those services to accept identities issued by third-parties. Third-party identity providers include other Internet service providers and managed-identity providers, such as the planned Active Directory Security Token Service (STS).
- Will be the identity provider and federating authority for third party services and software built on top of the Microsoft online services platform
So now some other questions remain. Who can federate with Windows Live ID and what are the conditions? What will the business model be? What services will people want to use that cause them to seek to federate?
So don't take me as sounding glib. There are lots of important issues that the Windows Live ID folks are still thinking about.
Meanwhile your comment that “its nice that Microsoft are developing identity management software that might not suck” is one of the nicest things anyone has ever said to me, and I'll treasure it.