At Novell, Craig Burton was one of the driving forces behind the modern notion of a network as a collection of services rather than a collection of wires. He's a master at seeing the big picture and identifying the limitations of particular strategies within that picture. I've known him for years and have great respect for his opinion.
In a recent post on his blog, called I Cry Ubiquity, Craig analyzes current strategies around Internet Identity. Identity 1.0 was about server-based authentication to services. Identity 2.0 is about network-based user verified credentials. Dick Hardt likes to talk about them working just like credentials in the physical world: portable and verifiable without having to constantly talk to some central authority. Dick's favorite example is using your driver's license to buy beer. Can you imagine how poorly it would work if the clerk at the convenience store had to call up the Motor Vehicles division every time to make sure the credential was valid?!
As Craig says, Identity 2.0 changes everything. But, only "when Identity 2.0 infrastructure becomes ubiquitous. Free. A given. Like air and sunshine." For that to happen, though the infrastructure must meet certain prerequisites. If you build a proprietary protocol that requires people to adapt to you or not play the game, then you're not likely to achieve the level of ubiquity that Craig's looking for. Open and simple are necessary, but not sufficient. What we need is an "that is independent of mandated adoption." Craig holds up Kim Cameron's Identity Metasystem as an example of a system that meets this requirement.
Kim, who is Microsoft's Chief Identity Architect, goes on to explain:
By definition, a metasystem must be inclusive of the other underlying systems. So for those new to the discussion, InfoCards are not positioned against any of the systems Craig mentions. In theory you could have an InfoCard that represented an identity provider based on SXIP technology, or on Liberty technology or whatever else. In fact a number of people are thinking about building this type of offering. [This would require adding] a bit of code. But ubiquity and inclusiveness make such a potent combination that it would be well worthwhile.
A lot of people are mistrustful of Microsoft's initiatives in this area (and probably with good reason), but Kim has done as good a job as I can imagine being open and inclusive. He's got the additional problem of trying to herd that management cats at Microsoft too and he's been masterful at that. We've got a ways to go before Identity 2.0 is a reality, but I think we're making progress.
If you're interested in Internet Identity a bunch of us are getting together in Berkeley at the end of October to discuss architecture, principles, and governance at the first Internet Identity Workshop. We'd love to have you join us and participate in the discussion.