Will web 2.0 identity make the same mistake?

Will web 2.0 identity make the same mistake?

Summary: Two things have caught my eye recently (both on Dan Farber's blog):1. Mashery launching: an API management service that offers, among other, things "access control.

SHARE:
TOPICS: Enterprise 2.0
2

Two things have caught my eye recently (both on Dan Farber's blog):

1. Mashery launching: an API management service that offers, among other, things "access control."

2. Intel's Web 2.0 Business Suite: a suite of content management and distribution mechanisms that offers "single sign on" across the various applications.

All of this reminds me of how enterprise identity management (at the application layer) was built out. Identity began as embedded in the application layer, and only after the identity's non-interoperable proliferation did the vendor community respond by *abstracting* identity -- thus, resulting in identity management systems.

Is the web 2.0 world doomed to the same fate? Will web 2.0 companies embed non-interoperable identity in its applications and suites and only after identity's proliferation move to abstract it into its own web 2.0 identity management?

I hope not, but its not looking good (see the examples above).

Topic: Enterprise 2.0

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • of course not - there's no such thing as web 2.0 (nt)

    nt = no text
    CobraA1
  • Mashery offers authentication, not identity

    Identity is indeed a major issue, and Mashery does not purport to wade into that discussion, let alone to inflict yet another identity concept on the world.

    On the contrary, we have built the system from the ground up with the intent to offer authentication based on a wide range of identity services. Based on early customer demand, we support developer authentication through Typekey or through whatever identity our clients currently use to register developers in their programs.

    For us, "access control" means that only authorized developers who have agreed to the API vendor's terms and conditions are able to access those APIs, and they can only do so in ways that are consistent with those terms and conditions.

    As big believers in using APIs to build applications based on existing web services, we made the conscious decision to architect our system from the ground up to accommodate whatever identity services emerge in the marketplace - even though doing so added considerably to our launch timeline.
    oren michels