On the Demise of CardSpace

If you like slugfests between respected people, go no further than the recent yelling contest between Craig Burton (of Novell fame) and Kim Cameron (Microsoft) on what went wrong with CardSpace. Craig for sure has reasons to be angry because he’s been on the board of the Information Card Foundation that was set up by, among others, Microsoft, to promote information cards, and, as he writes:

Microsoft didn’t even bother to let the ICF board know it was going to announce the discontinued development of CardSpace until AFTER the press release was distributed.

But that’s only the last of the very many hiccups that have plagued Microsoft’s user-centric identity efforts for years:

I know first-hand, because Microsoft toted the OSIS project (that I started) for a long time as the primary evidence that the market adopted their point of view. That always looked rather odd to me: yes, we had lots of impressive company affiliations in OSIS, but just because you assemble a bunch of your friends in an open-source/interoperability project, it does not mean that the companies they work for have anything serious in mind. In particular in the face of having CardSpace distributed with each and every copy of Windows. And little OSIS is the poster child?

I gave up on the whole information card idea a la Microsoft several years back — silently, as not to upset too many people, when the following discussion transpired in an OSIS working session at IIW:

“So what do we do if X Y Z in this particular use case?”

“Oh easy — we just fall back to the password reset functionality”

If technologies and their technologists dismiss millions of dollars in additional customer support costs as “oh easy”, isn’t it very, very obvious, that no business person will ever adopt the technology? I’m pointing out this one particular exchange because it was so memorable to me; the entire project was, from the beginning, totally disassociated from any understanding what problems normal customers actually wanted to have solved, and what constraints they were facing. And over time — that’s the bad part — there were no lessons learned that could have acted as a course correction. There were plenty of people who had relevant insights that would have been useful.

For right now, Facebook has won the identity wars. Not because they were brilliant (although they have been smart), but because the rest of the industry, from Microsoft on down, has been asleep at the wheel or dream walking. And when they had something (like OpenID at some point) it seems like they were hell-bent on killing it off, by, among other things, fighting over a $0 billion market such as whether it should URLs or cards, pull or push, or by inventing so many more incompatible ways of doing the same thing.

A sad state of affairs. Hopefully that will change again, but not this year and probably not next. For now, user-centric identity is dead.