Let me try to answer his question to the Identity Gang here: Has Identity 2.0 got anything to say about this? Is the[re] some strategy where we can put a positive marker in our scribblings [all over the web] so that automated processes can find them all and bring them all back together? Identity 2.0…

He quotes Darren Platt (unfortunately, he does not provide a link), who apparently said: …shorter assertion lifetimes will always prevail over longer assertion lifetime values, given the infrastructure to deal with them is in place. I very much agree. Which is why LID is an “on-line” system, built around light-weight on-line queries that can be…

It occurred to me that we might not have to do “round-trip nonces” at all between a Relying Party and the LID site to prevent replay attacks. The following one-directional protocol seems to be sufficient (using our patient Mr. LID Demo User and FirstSSO Inc. as an example, as always) The challenger (e.g. the LID…

Many people (e.g. Doc Searls, Julian Bond, Dave Kearns) have pointed out to me that InfoCard isn’t the Identity Metasystem and won’t become it in the future either, since my post on Monday, and they are of course right. InfoCard, at the most, will be a component of such an Identity Metasystem, and there will…

Microsoft InfoCard is frequently described as an "Identity Meta-System" (as opposed to, say, Microsoft Passport, which is/was a plain identity system and not a meta-system). This term seems to have beek picked up widely, but like some others (e.g. Doc Searls), the longer I think about it, the more I realize that I have a…