When you organize a typical panel at a typical conference with people you know fairly well, you rarely expect much of a surprise. After all, you know the people, you have heard them on so many other panels, and you can expect that they will largely say what you have heard them say so many times before.
Except that sometimes they don’t.
That happened in the "User-Centric Mastermind" panel that I put together for the European Identity Conference last week. I didn’t record it, but here is what I heard Kim Cameron say, who is chief identity architect at Microsoft, on the panel, for the public record, several times:
CardSpace as it has been built into Windows Vista is just a prototype.
Say what? The most novel, anti-Passport, information-card-based, user-centric identity meta-system frontend built into the world’s most widely deployed software, for which Microsoft has spent countless millions in development and more for attracting partners, a "mere prototype"? According to the guy in charge of not just that software component but everything identity at Microsoft?
I wasn’t the only one who was not prepared for this. I believe it was George Fletcher, who is chief identity architect at AOL and also on the panel, who followed up with something like:
Are you serious?
The answer was clear: Kim was serious. He re-iterated several times that we should think of CardSpace as a mere prototype.
So the question arises: a prototype for what? Didn’t Microsoft, for years, patiently explain its vision for an identity meta-system that would be multi-protocol, multi-party and the exact opposite of we-take-over-the-internet-Passport? Of which CardSpace, as it is in Vista, would be the piece of the puzzle that Microsoft "simply had to do because it has to be bolted into the operating system to be really secure?" [something that, coincidentally, no other operating system vendor building similar components seems to believe]
If anybody talks about a prototype, you can safely assume that they are planning at least two major versions after that as they speak, each contributing at least another 100 percent in functionality, otherwise they’d never call it a prototype. And about those 200 percent pluss of new identity functionality to be sent down the Vista software update one nice afternoon, I presume, we know: well, nothing. Recall that Microsoft, and the rest of the industry, believe that the internet identity function is going to be the core leverage points for the future of e-commerce and all social activity on the internet.
Did somebody open the door? Suddenly, it feels rather cold and the warm and fuzzy Microsoft oven bringing user-centric identity to all peoples for the benefit of mankind seems like it might, just might,3 have been filled with something else than firewood.
Having reflected on this for a week, I have to say that my level of caution about Microsoft’s strategy in identity has just shot up by about a 1000 percent. For implementors, two things are clear:
- Implementing anything for CardSpace as it is in Vista is a no-no: it’s a mere prototype, and why would anybody implement support for a prototype? (Note that Microsoft itself has very little, if any, support for CardSpace today in its software and web properties. This looks like a perfect Exhibit A for it being a prototype only.)
- Implementing anything for CardSpace, the production version that we are apparently waiting for some time in the future, is a very hot potato. We know now that it will be something else than we thought, but what? The strategic risk is just incredibly immense. And we are not talking just software vendors here: the people who ultimately killed Passport were on-line merchants, not software vendors, because they felt that Microsoft would muscle itself between them and their customers. Could CardSpace, the prototype, be a Trojan Horse, that ultimately has the same purpose? It does not appear to impossible any more …
In summary: Wow, that’s all I can say. Microsoft’s foray into identity that appeared so inclusive, so open-source friendly, so unusually "nice", suddenly looks like … well, my warning lights have gone on big-time.
I’ll keep you up-to-date as I learn more …
P.S. Kim, I know you read this: Please say it ain’t so. I’d love to be convinced that Microsoft has indeed changed from the identity bully into somebody who genuinely plays fair. I’d really love to be convinced of that: please do!