Digital ID World's Eric Norlin explains why security executives should pay attention to OpenID in this article from CSO – the Resource for Security Executives:
Kim Cameron has posted another thoughtful piece about why he (and by extension Microsoft) is supportive of OpenID. For those of you that don't eat, sleep, dream and breathe identity, Kim is the guy at Microsoft that was responsible for writing the “Seven Laws of Identity,” which led to the idea of an identity metasystem, which effectively gave birth to all kinds of meetings (the “identity gang”), which led to things like OpenID and Higgins really taking off. Bottom line: Kim's a VIP in the identity world (he's also one helluva nice guy).
Kim's main point is this:
“My takeaway is that OpenID leads to CardSpace. I don’t mean by this that Information Cards replace OpenID. I just mean that the more people start using cross-site identities, the more the capabilities of CardSpace become relevant as a way of strengthening OpenID and put it in a broader technology context.
Information Cards were created to put in place an infrastructure that can solve the security problems of the web before they explode in our faces. It’s a serious technology and involves secure high-strength products emerging across the industry.”
Its important to note that Kim is thinking about identity ecosystems, not “one protocol to rule them all.” Really, it comes down to making the use of an identity a “ritual.” That sounds a bit off, I know, but hear me out. Believe it or not, the great majority of humanity had its first contact with email in a workplace setting. Now, if the interface (and interaction) for email was substantially different for work-usage and home-usage (or should I say, WorkUsage and HomeUsage?), do you think the adoption curve would've been the same? I don't.
One of the essential points that Kim's been hammering on for a couple of years is that we have to make the underlying “ritual” of using identity similar in a foundational sense.
Yet one more reason why you (as a CSO) should be paying attention to OpenID. After all, people don't always first see and experience things in the workplace.
This matter of influences from the internet converging with the enterprise is incredibly important, and I'm going to expand on it soon. By the way, it was Eric's encouragement that got me hooked on writing the Laws of Identity.