Why OpenID leads to CardSpace…

The recent announcements about OpenID made enough impact that I've had a number of people ask what our interest in OpenID means for Information Cards in general and CardSpace in particular.

The answer is simple.  OpenID provides Single Sign On to social networking sites and blogs.  It means we can use a public personna across sites, and just log in once to use that persona.

But OpenID doesn't have the privacy characteristics that would make it suitable for government applications or casual web surfing.  And it doesn't have the security characteristics necessary for financial transactions or access to private data.  In other words, its good for a specific set of purposes, and we are interested in it for those purposes, but we remain as committed to more secure and privacy-oriented technologies as ever.  In other words, we are interested in OpenID as part of a spectrum.

Information Cards are a way of safely organizing a palette of digital identities into a “digital wallet”.  Over time, some of these identities will be very valuable, controlling access to government information, bank accounts, and corporate resources.  Other identities will be very private, like those associated with health information or perhaps dating.  Others will be the kind of public personas we are talking about with OpenID.

These different identities will co-exist in a metasystem with contextual separation but a similar use model.  Importantly, the metasystem won't replace the underlying technologies – it will unify them and provide a consistent experience. 

The relation between OpenID and CardSpace provides a good example of the issues involved here.   OpenID provides convenience and power but suffers the problem of all the Single Sign On technologies – the more it succeeds, the more dramatically phishable it will become.  I've created a visual demo to help explain how this works – and how CardSpace works with OpenID to solve the problems.

My takeaway is that OpenID leads to CardSpace.  I don't mean by this that Information Cards replace OpenID.  I just mean that the more people start using cross-site identities, the more the capabilities of CardSpace become relevant as a way of strengthening OpenID and put it in a broader technology context.  

Information Cards were created to put in place an infrastructure that can solve the security problems of the web before they explode in our faces.  It's a serious technology and involves secure high-strength products emerging across the industry.  The recent announcement by Higgins of the new user-centric identity framework for Eclipse  is a great sign of the progress being made.  And there are other important announcements coming as well.

[In this demo I use my favorite OpenID provider, which is myOpenID.com.  It is super important to point out that I think the company is great.  None of my analysis is a critique of myOpenID – I'm explaining some of the “browser-redirect” problems that face all OpenID providers (as well as SAML and Shibboleth providers). Importantly, myOpenID have supported Information Cards for a long time – and their implementation works well.  So they are at the forefront of working these problems.  Try using their Information Card solution.]

Heavyweights, Giants, Bigwigs and Snugglers

Last week's announcement about the OpenID Foundation, and news of participation by a number of large industry players has echoed far and wide.  In fact, Bill Gates announced Microsoft's decision to collaborate with the OpenID community almost a year ago at RSA (See the CardSpace / OpenID Collaboration Announcement and a lot of Blogosphere discussion or postings like these from identityblog.    

Since the announcement many of us have been involved in sorting out the intellectual property issues which plagued the community.  We've come through that, and arrived at a point when we can begin to look at how the technology might be integrated into various services and user experiences.  We've also made progress on looking at how the phishing vulnerabilities of OpenID can be addressed through Information Cards and other technologies.

My view is simple.  OpenID is not a panacea.  Its unique power stems from the way it leverages DNS – but this same framework sets limits on its potential uses.  Above all, it is an important addition to the spectrum of technologies we call the Identity Metasystem, since it facilitates integration of the “long tail” of web sites into an emerging identity framework.   The fact that there is so much interest from across the vendor community is really encouraging. 

Here's some of coverage I have been made aware of.  It ranges from the fanciful to the accurate, but demonstrates the momentum we are beginning to acquire in the identity arena.

IDG News Service
Major Vendors Join OpenID Board
Chris Kanaracus

(Appeared in:  The Industry Standard, Computerworld, InfoWorld, The New York Times, PCWorld.com, CSO, Techworld, iT News, Reseller News New Zealand)
CNET News.com
OpenID Foundation scores top-shelf board members
Caroline McCarthy
PC Magazine
Microsoft, Google, IBM Join OpenID
Michael Muchmore
Read/Write Web
OpenID: Google, Yahoo, IBM and More Put Some Money Where Their Mouths Are
Marshall Kirkpatrick
Microsoft and Google join OpenID, but where’s Cisco?
David “Dave” Greenfield
The Web's Biggest Names Throw Their Weight Behind OpenID
Scott Gilberston

OpenID Foundation Embraced by Big Players
O'Reilly Radar
OpenID Foundation – Google, IBM, Microsoft, VeriSign and Yahoo
Artur Bergman
Major Tech Companies Join OpenID Board
Antone Gonsalves
OpenID Welcomes Microsoft, Google, Verisign and IBM
Michael Arrington
PC Pro Online
OpenID receives heavyweight backing
Stuart Turton
Google, IBM, Microsoft and VeriSign join Yahoo on OpenID
Larry Dignan
Forrester Research
OpenID family grows – How it can transform Identity Federation between enterprises
Andras Cser
Technology Leaders Join OpenID Foundation to Promote Open Identity Management on the Web
Jonathan Tigner
Conde Naste Portfolio
Microsoft, Google, Yahoo Agree … on Open ID
Sam Gustin
SoftPedia News
Microsoft, Google and Yahoo Join Hands – Over OpenID
Marius Oiaga
OpenID Goes Corporate
Eric Norlin
OpenID Gets Star Power
Kenneth Corbin
Windows IT Pro
Industry Behemoths Join OpenID Board
Mark Edwards
Microsoft, Google, Yahoo gain seats on OpenID Foundation board
Scott Fulton
The Register
Microsoft! snuggles! with! Yahoo! on! OpenID!
Gavin Clarke  
San Francisco Chronicle
Tech heavyweights join OpenID Foundation board
Deborah (Debbie) Gage
Cox News Service
One password for the Web? Internet giants back idea
Bob Keefe
(Also appeared in Atlanta Journal-Constitution)
IT heavyweights join OpenID project
Clement James
Industry giants join OpenID foundation
Asavin Wattanajantra
Computer Business Review
Industry bigwigs back OpenID single sign-on
Janine Milne
BBC Online
Password pain looks set to ease
Microsoft, Google Sign On To OpenID
David Utter
OpenID Has Big New Friends
Carleen Hawn
Real Tech News
Microsoft, Google, Verisign, Yahoo! and IBM Join OpenID’s Board
Michael Santo
ComputerWorld Canada
OpenID gains support for online single sign-on
Shane Schick
(Also appeared in ITworldcanada)