Identity is Hard
I just finished listening to a recent episode of .NET Rocks! featuring Michele Leroux Bustamante in which she talks about claims-based identity and, more specifically, Windows CardSpace.
Michelle is obviously very knowledgeable about the subject and is really evangelising the technology, but as I was listening to the episode, glassy-eyed feeling the whoosh as the words flew over my head, it struck me that I'd heard this episode before. So upon arriving at work this morning I had a browse back through the past episodes of DNR.
Ah! Here we are! Episode #173 - Kim Cameron on Digital Identity. Dated 24/4/2006. For those keeping score at home, that's two and a half years ago. What else were we talking about two and a half years ago? Well, let's look at some of the topics in shows around that time. AJAX. Vista. LINQ was just starting to generate buzz.
What this tells me is that in two and a half years we've seen almost no development around Identity Cards. Hardly anyone seems to be using it. Certainly none of the "big" identity providers (Yahoo, Google etc) have bothered becoming a card provider. Windows Live ID has tinkered with it - if you can find the right URL you can sometimes see, buried in the fine print, a link to associate your Live ID with a self-generated card. Microsoft themselves aren't an identity card provider though.
Is it really that hard? Has it failed that badly?
Stack Overflow has proven to me that OpenID is a viable way to "federate" identity. It's complicated, sure, but if a Yahoo or Google user can use their own credentials to set up a user at Stack Overflow and sign in, that's a win.
Just for the record, myopenid.com is supporting Identity Cards in some way. I managed to associate my own OpenID with a self-generated card on my laptop. Confusingly, though, when I attempted to use that same card to sign in only a month or so later, OpenID told me that it didn't recognize it. I re-associated it and found that now two cards were associated with my ID. WTF? If my Identity Card can just ... I don't know ... change like that then how is it worth anything?
I had big hopes for Windows CardSpace when Microsoft first started talking about it pre-Vista. I still do have big hopes for it. But if it hasn't gained any traction in over two years (compared with other technologies like LINQ and AJAX) then I wonder how long it'll be before my mum and dad are signing into their Internet Banking application with an Identity Card.
Comments
# TimothyP
30/10/2008 8:18 AM
While listening to that episode I had the exact same feeling. Personally I find CardSpace support difficult to implement... especially if you look at how easy it is to implement OpenID support.