The recently published report by Burton’s Bob Blakley summarizes the
result of an interoperability testing fest at the Burton Catalyst
conference earlier this year. This venue was a great success for the
Windows CardSpace identity system, since it was the second OSIS event
where a variety of open source projects and closed source commercial
products demonstrated a significant level of interoperability. Given the early and evolving state of the InfoCard
system, this is a great success for all parties involved.
However, Bob is somewhat mistaken in parts of his article:
“The interop participants
accomplished in two months of concentrated
effort what it would probably have taken them a year to do working
independently without the looming deadline provided by the Catalyst
This is not quite correct – the Catalyst interop fest was the second
such event organized by OSIS. The first one was held earlier at the Internet Identity Workshop 2007. Results and blog reports on this can be found all over. Having been a member of OSIS for some time now, I find it a little unfair that this interesting (un)organization – that certainly had its ups and downs – is not given the credit it deserves.
“While it is still fair to say that user-centric identity
technology is in its infancy, if progress continues at this rate the
technology should be ready for enterprise adoption within a year.”
I am surprised to see such a bold
statement, especially since even some of the core developers
and architects not quite happy with the term “user-centric identity”. Let’s just step back and start to count how many glossaries, lexicons, and lists-of-used-terms define digital identity, identity system, user, and user-centric in different ways with sometimes completely different semantics. Predicting enterprise adoption within a year seems a little overly optimistic to me, especially if we consider that there are still a number of significant issues even within the reference implementation of the InfoCard identity system.
As Mark Wahl has pointed out earlier, most of the issues encountered
during the second OSIS interoperability fest are related to the lack of
proper schema management for attributes and their semantics . The
only project in the Infocard system currently working on these issues
is Higgins, with their use of OWL (although some people might argue
that this is technological overkill).
Outside of the InfoCard system, there have been other efforts to get to at least some standardization of attribute interpretation (SAML attribute profiles, which work nicely with LDAP/X.500 and XACML and other likely sources) and work is being taken up by Liberty to standardize identity attribute sharing rules (e.g. the IGF/IDG work, based on CARML/AAPML).
At the end of the day (closing the loop and coming back to Paul’s and Robin’s point): Even though there have been a number of different products and projects
that successfully worked together, this technology is a far cry from
being an identity meta-system. Multiple-protocol interop on the wire would be a true metasystem, and is a goal that various systems — Liberty, OpenID, and Windows CardSpace included — would need to work on together. Concordia is (probably more than) a first step towards this goal.