Friday, August 03, 2007

Doth not a metasystem make

7 Identity Selectors, 12 IDPs, and 25 RPs ....

Describing the Burton Group User-Centric Identity Interop at the Catalyst Conference in June, Bob Blakly writes

After the event, it can accurately be said that there is a running identity metasystem.

As key a milestone the Catalyst event was for demonstrating interoperability within the Cardspace/WS-Trust world, it demonstrated nothing beyond that world.

Even Microsoft includes 'multiple technologies' in its definition:
The Identity Metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations, and providers.

The event was specific to a single protocol. There have been numerous single protocol demonstrations of similar interoperability for SAML & ID-WSF over the last few years but nobody felt compelled to apply 'meta' as a descriptor (although I expect the marketing people wanted to).

Bob does acknowledge that the metasystem he refers to is early days and that the event identified a number of issues that the community of selectors, IDPs, and RPs need to resolve. My objection to the use of 'meta' is not that what was demonstrated is not fully-formed & complete, rather that, even once these issues are resolved, the result will be 'merely' a system - as the issues he hilites (e.g. card acquisition & presentation) are all specific to the Cardspace 'biosphere'.

These are important issues, but different than those that confront the metasystem.


Dave Kearns said...

Actually, Paul, it is accurately described as a metasystem, since it combined Microsoft's CardSpace, the open-source iCards and OpenID - even SAML (from Shib).

What are you bitching about? :)

Pamela said...

I most cheerfully disagree with you Paul :)

Bob did not say this interop represented the one and only ultimate identity metasystem. He said it was "an" identity metasystem, as in one of probably quite a few, and I think that is a fair definition.

in other words: "doth so!"



Anonymous said...


I think you are wrong in this respect: The "meta" system described in Bob's post consists of the InfoCard profile, WS-Trust, and their implementations. There is NO OpenID, or Shib (and only a limited SAML token format) in the mix. As such, it cannot possibly be called a meta system.

Pam -

So how many meta systems do we need/will we get, and who is the first to propose the identity meta-meta-system ... *grin*