Kim: No one-fits-all in identity


I’m very happy to hear this from Kim Cameron at Microsoft today:

We don’t live in a one-size-fits-all world. Identity involves different – and even contradictory – use cases. Rather than some monolithic answer, we need a metasystem in which the cost (in complexity or money) of using identity is proportional to the value of the asset being protected. OpenID cannot replace crypto-based approaches in which there are trusted authorities rather than trusted web pages. But it can add a whole new dimension, and bring the “long tail” of web sites into the identity fabric.

While I’d quibble with him about how far OpenID can go, anybody who’s heard me speak or has read this blog over some period of time knows that I very much agree with the sentiment: many people have invented (and deployed!) really interesting and useful technologies in this industry, and it simply would be disingenous for anybody to claim that any one such approach meets all requirements, both technical and economic. Fortunately, while such claims were fairly common a year ago, more and people are coming around to the same idea.

He continues to mention the intriguing possibility that the WS-based stack of protocols, the SAML-based protocols and the OpenID-based protocols could merge. Which, of course, has been the whole idea behind an Open Source Identity System, an effort co-initiated by Microsoft and now involving most large technology vendors and a host of startups (including NetMesh). I assume that he means merge-by-plugging, rather than merge-by-requiring-all-of-them-simultaneously so everything and everybody can focus on what they are best at (technically and economically) while getting interoperability all the same.