We hold the Internet Identity Workshop twice a year. One way to track the vector of developments in user-centric identity it to plot the gestalt of the workshop each year. Here's my characterization of that vector (based on some earlier comments from Johannes Ernst):
- IIW2005: we met each other and found out what everybody was working on
- IIW2006A: proponents of multiple identity protocols start to how they can work together
- IIW2006B: small-scale interoperability and some consolidation
- IIW2007A: interoperability demonstrations of Information Cards and lightweight solutions converge on OpenID
At IIW2007B OpenID, CardSpace, and SAML, along with supporting technologies, projects, and consortia are being taken as givens. The questions have become what to do now that the foundational technologies have been worked out.
One of the key features of federated identity systems is a separation of the identity provider and the relying party. Even so, the protocols don't assume a trust model. How does a relying party know which identity providers to trust. How do users know which relying parties they can trust. How to identity providers know which users to trust?
Reputation and other trust models, like certification authorities, are critical to making federation work outside of carefully crafted agreements between partners. Until these trust models have been worked out, using an OpenID for anything higher-value than blog commenting will be risky.
One of the key discussions centers on standards for sharing reputation information. After creating a distributed federation system, it doesn't make sense to create a centralized system for building trust. Distributed reputation systems means sharing data.
Not only are trust models of some kind necessary to make user-centric identity systems work on the Internet, but user-centric identity system enable reputation to become a useful alternative to explicit authorization on the Web.
If you doubt the utility of reputation or it's ability to make the Web more livable, listen to my podcast interview of Dan Lulich of IOvation on IT Conversations. Dan's solving problems--and making money--right now with reputation.