I'd like to share this interesting comment by Francis Shanahan, who works on identity from the vantage point of Citi:
“Your blog talks about “Cardspace enabling Apache”. Regarding the language in the post, I know I'm being picky here but…
“Wouldn't it be more correct to say “XML Tokens as an additional authentication…” rather than “…Information Cards as an additional authentication mechanism…” since I can use Kerberos or SAML tokens with Cardspace over WS-Fed.
“Wouldn't it be more correct to say “token enable” rather than “Cardspace enable”? I don't need to use the Cardspace selector with a WS-Trust enabled site.
“Wouldn't it be more correct to say “The whole identity token processing can…” rather than “The whole cardspace processing can…” and so on. CardSpace is just the ID selector used to faciliate the token exchange.
“Just don't want to confuse folks thinking there's a Cardspace specific token.”
First I'll say that technically speaking I think you make good points, and I'll try to be as careful as I can to bring out these ideas.
Then, since pointing the finger at someone else is so fashionable, I'll say I was quoting what another company said it was doing. (That, in itself, is interesting.)
But most important, I'll argue that the simplification of our current ideas into “iconic” notions is inevitable, and worthwhile, even though subtleties will be lost. So we have to achieve a balance between the irreconcilables of breadth and accuracy.
I'll start with an analogy – the analogy to file and folder icons. Computer scientists know files are potentially complex mappings of streams of bits onto blocks of storage. They know folders are doubly linked lists of pointers to these streams of bits. But if they're smart, they keep all of this to themselves – even when they're with other computer scientists and the door is closed. If we told people about the inner workings of file systems, we'd drive them crazy. In fact, they still wouldn't know how to manage documents or pictures or music.
Instead, people have gotten used to little pictures of files, and drag them from one “folder” to another – or even “onto” their mp3 players. Our official help files say things like “Double click on the document to open it”. We conveniently overlook the fact that the document exists as magnetic fields on the hard disk and you can't double click them.
There is a dualism between the science of the thing and the way we conceive of it in usage, just as there is in all aspects of reality.
When we invent new technologies, we start from the science, and it's really hard to explain what one is doing. It takes months or even years to develop an “elevator pitch” – the ten second description of what you've done that makes it seem worth doing. But that doesn't actually matter much, assuming you get funding. What matters is the way the idea eventually enters mainstream consciousness.
It is inevitable that marketers will talk about products (CardSpace, Higgins, etc) rather than technology.
While people will “get” that something is being transferred when you authenticate or authorize, I suspect they'll always see the visual image as being the identity itself, with few understanding it as “a means to manage the metadata enabling connectivity between identity providers and relying parties”.
I think protocols like WS-Federation and WS-Trust will be more or less invisible except to backbone engineers.
Once we get an Information Card icon out there and people start to use it, I think people will take it as meaning “Information Cards accepted here” – and that, in their minds, will be synonymous with CardSpace or whatever Information Card selector they run on their devices. They'll realize that some sites want some cards and other sites want others, but will never think about token types.
So my reading is that Ping, which developed the Apache product being referred to, is already thinking about how to present a message that begins to deal with taking Information Cards to a wider audience. Not out of the technology ghetto yet, but to a wider audience within the very busy technology community. It would be interesting to hear what Andre Durand has to say about this.