One of the hallmarks of the Internet Identity Workshop (IIW) is the high ratio of getting-stuff-done to idle chat and marketing drivel. I remarked at the closing session that this wasn't a workshop in the usual sense of "conference not quite grown up." This really is a workshop where people work.
Pat Patterson demo's Lightbulb at IIW2006B
Probably the highlight of the workshop for me was the speed geeking and related demonstration sessions. If you've never done speed geeking, it works like speed dating or speed pitching: you put each geeker at a table, break everyone else up into the same number of groups as you have tables and rotate every five minutes. In an hour, I saw 8 or 9 demonstrations of user-centric identity tools and systems. Kaliya set it up and it was very effective.
One thing I thought was pretty cool was Pat Patterson's session on the Lightbulb project. Lightbulb natively implements SAML in PHP (rather than with a PHP/Java bridge), allowing PHP Web sites to use SAML authentication services. He showed some demo sites that use Lightbulb to use a third-party, SAML-based identity provider.
The best part was that the integration layer was dead simple: four functions of 3-4 lines of PHP code each. The functions tell how the user connects to the SAML authentication service for logging in and out and then tell how to map the login or logout event to the local identity system.
Something else that debuted at IIW was Sxipper, a Firefox plugin for managing identity information. Sxipper features one-click logins, local storage of the identity data, form-filling, and extensibility. The extensibility was what made me take notice. Sxipper uses "semantic mapping files" that describe, for any given form, how to map the identity data Sxipper knows about onto the form. Sxip has created semantic maps for popular sites like Google, but you can create your own as well. These are shared with the community so that for any give form, only one person ever needs to create a semantic map.
Steve Gillmor remarked to me that Sxipper is a great example of a product that points out a problem you might not have known you had and then solves it brilliantly. I agree. Once you've started logging in to a site with a single click, you don't want do back.
This might be something only an identity geek could love, but Chuck Mortimor showed how to use an OpenID to log into a CardSpace site (specifically the blog of Kim Cameron , the CardSpace inventor). Chuck has a screencast showing how it works.
These and the other things I saw at IIW indicate that an identity layer for the Internet is a real possibility. There's still considerable work to do for real interop, but we're close. Interop will be the theme of IIW in May when this group gets together again.