{"id":1167,"date":"2011-02-22T14:37:27","date_gmt":"2011-02-22T22:37:27","guid":{"rendered":"\/?p=1167"},"modified":"2011-02-22T16:09:06","modified_gmt":"2011-02-23T00:09:06","slug":"the-clay-feet-of-giants","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1167","title":{"rendered":"The Clay Feet of Giants?"},"content":{"rendered":"<p>Over at <a href=\"http:\/\/www.craigburton.com\">Craig Burton<\/a>, the marketing guru who put <a href=\"http:\/\/en.wikipedia.org\/wiki\/Novell_NetWare#The_rise_of_NetWare\">Netware <\/a>on the map and later formed <a href=\"http:\/\/www.burtongroup.com\/\" class=\"broken_link\">the Burton Group <\/a>with Jamie Lewis <a href=\"http:\/\/www.craigburton.com\/?p=3128\">lets loose<\/a> with a passionate fury that couldn&#39;t care less about who has deployed what:<\/p>\n<p style=\"padding-left: 30px;\">It\u2019s been a week since Microsoft announced that it was never going to release the <a href=\"http:\/\/blogs.msdn.com\/b\/card\/archive\/2011\/02\/15\/beyond-windows-cardspace.aspx\" class=\"broken_link\">next version of CardSpace<\/a>. The laughable part of the announcement is the title \u201cBeyond Windows CardSpace\u201d which would leave you to believe that Microsoft has somehow come up with a better architecture.<\/p>\n<p style=\"padding-left: 30px;\">In fact Microsoft announced its discontinued development of CardSpace with absolutely no alternative.<\/p>\n<p style=\"padding-left: 30px;\">Just further evidence of just how irrelevant Microsoft has become.<\/p>\n<p style=\"padding-left: 30px;\">The news that Microsoft had abandoned CardSpace development is not news to those of us who watch this space, Microsoft hasn\u2019t done Jack with CardSpace for over two years.<\/p>\n<p style=\"padding-left: 30px;\">It\u2019s just that for some reason Microsoft PR decided to announce the matter. Probably so the <a href=\"http:\/\/microsoft.com\/u-prove\">U-Prove<\/a> group could get more press.<\/p>\n<p>Well, that&#39;s a bit harsh. Identity selectors like CardSpace\u00a0only make sense in the context of\u00a0the other components of\u00a0the Identity Metasystem &#8211;\u00a0and Microsoft has done <strong>a lot<\/strong> <strong>over the last two years<\/strong> to\u00a0deliver those\u00a0components to customers who are\u00a0doing successful deployments\u00a0on a massive scale all over the world.\u00a0 I don&#39;t think that&#39;s irrelevant, Craig.<\/p>\n<p>Beyond that, I think Craig should look more closely at what the U-Prove agent actually does (I&#39;ll help by putting up a video). As<a href=\"\/?p=1164\"> I said here<\/a>, the U-Prove agent doesn&#39;t do what CardSpace did. And the problems CardSpace addressed DO remain tremendously important.\u00a0\u00a0But while more tightly scoped,\u00a0for\u00a0the crucial scenario of sensitive claims that are privacy protected the U-Prove agent\u00a0does go\u00a0beyond CardSpace.\u00a0\u00a0Further, protecting privacy within the Identity Metasystem will turn out, historically,\u00a0to be <em>absolutely<\/em> relevant.\u00a0 So let&#39;s not hit on U-Prove.<\/p>\n<p>Instead, let&#39;s tune in to Craig&#39;s\u00a0&#8220;Little History&#8221; of the Identity Metasystem:<\/p>\n<p style=\"padding-left: 30px;\">In early 2006, Kim Cameron rolled out the <a href=\"\/?p=354\">Laws of Identity<\/a> in his blog. Over next few months as he rolled out each law, the impact of this powerful vision culminating in the release of the CardSpace architecture and Microsoft\u2019s licensing policy rocked the identity community.<\/p>\n<p style=\"padding-left: 30px;\">Two years earlier Microsoft was handed its head when it tried to shove the Passport identity initiative down our throats.<\/p>\n<p style=\"padding-left: 30px;\">Kim Cameron turned around and proposed and delivered an Identity Metasystem\u2014based on CardSpace\u2014that has no peer. Thus the Identity Metasystem is the industry initiative to create open selector-based digital identity framework. CardSpace is Microsoft\u2019s instantiation of that Metasystem. The <a href=\"http:\/\/www.pamelaproject.com\/\">Pamela Project<\/a>, <a href=\"http:\/\/www.xmldap.org\/\">XMLDAP<\/a>, <a href=\"http:\/\/www.eclipse.org\/higgins\/\">Higgins Project<\/a>, the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Bandit_project\" class=\"broken_link\">Bandit Project<\/a>, and <a href=\"http:\/\/code.google.com\/p\/openinfocard\/\">openinfocard<\/a> are all instantiations in various stages of single and multiple vendor versions of the Identity Metasystem.<\/p>\n<p style=\"padding-left: 30px;\">Let me clear. The Identity Metasystem has no peer.<\/p>\n<p style=\"padding-left: 30px;\">Anything less than a open identity selector system for claims-based digital identity is simply a step backwards from the Identity Metasystem.<\/p>\n<p style=\"padding-left: 30px;\">Thus SAML, OpenID, OAuth, Facebook Connect and so on are useful, but are giant steps back in time and design when compared to the Identity Metasystem.<\/p>\n<p>I agree that the Identity Metasystem is as important as Craig describes it, and that to reach its potential it MUST have user agents. I further agree that the identity selector is\u00a0<em>the key component<\/em> for making the system user centric. But I also think adoption is, ah, essential&#8230; We need to work out a kink or two or three. This is a hard problem and what we&#39;ve done so far hasn&#39;t worked.<\/p>\n<p>Be this as it may, back at Craig&#39;s site\u00a0he marches on in rare form, dissecting Vendor Speak as he goes.\u00a0 Mustering more than a few thrusts and parries (I have elided the juicier ones), he concludes:<\/p>\n<p style=\"padding-left: 30px;\">This means there is an opening for someone or some group with a bit of vision and leadership to take up the task&#8230;<\/p>\n<p style=\"padding-left: 30px;\">But mark my words, we WILL have a selector-based identity layer for the Internet in the future. All Internet devices will have a selector or a selector proxy for digital identity purposes.<\/p>\n<p>I&#39;m glad to finally see this reference to actual adoption, and now am just waiting for more discussion about how we could actually evolve our proposals to\u00a0get this to happen.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;We WILL have a selector-based identity layer for the Internet in the future. All Internet devices will have a selector or a selector proxy for digital identity purposes.&#8221;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[16,37,8,7,3,11,74,5],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1167"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1167"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1167\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}