The big news out of the RSA conference is the announcement of a "marriage" of OpenID and CardSpace. For those that aren't up on the inner workings of user-centric identity: CardSpace is Microsoft's instantiation of the InfoCards Meta-system that Kim Cameron proposed several years ago; OpenID is a URL-centric identity protocol that has grown up with the grassroots nurturing of players like Sxip Identity, JanRain, Verisign, Cordance, Six Apart, and Netmesh. A while back, we made the prediction that OpenID would gain some serious traction this year, and this announcement of interoperability between CardSpace and OpenID effectively seals the deal.
For some time, Phil and I have been arguing that the release of CardSpace (in Vista) would not only jump-start the user-centric identity space, but also (and maybe more importantly) change the way the enterprise deployments architect their identity management solutions. That is to say that CardSpace will become as important *inside* of the enterprise as it is outside of it. Adding OpenID interoperability into this mix means that the long tail and non-Microsoft components of the internet will now be interacting with the obvious heft of the Microsoft machine.
For years, identity engineers and evangelists have been tirelessly laboring away to solve the user-centric identity problem — one that has always seemed to have a "boil the ocean" component. This "marriage" of OpenID and CardSpace won't boil the ocean, but it will definitely raise the global temperature of the identity ocean.
Bottom line: we now have the interoperability needed for a true internet-scale identity system. The only hurdle remaining is the big one — adoption.
