Where do OpenID and InfoCards fit?

The foundation for security and enterprise management

As I was saying last issue, one of the more interesting sessions I attended at the recent "first annual SSO Summit" was an open space presentation (i.e., the dozen or so attendees all participated led by our discussion leader, Ping Identity's CTO, Patrick Harding) called "Where do OpenID and InfoCards fit?"

Most of the participants were familiar with the names of the two dominant “user-centric” identity technologies, but most were also unfamiliar with how they worked. We spent the first 25 minutes or so exploring all of the possibilities of OpenID (and I’ll get back to that in a moment), then went on to InfoCards and Microsoft’s CardSpace. (Compare Identity Management products)

Harding reminded us that, in the world of user-centric identity, the Gartner Group had called InfoCards the “tortoise” to OpenID’s “hare.” That is, OpenID was getting the spotlight now, but InfoCards would win in the end. It’s a conclusion the whole group appeared to agree with as we found numerous ways that the CardSpace technologies could eventually become quite useful to the enterprise. Perhaps Nulli Secondi’s Pam Dingle might finally have her plea answered.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

As I was saying last issue, one of the more interesting sessions I attended at the recent "first annual SSO Summit" was an open space presentation (i.e., the dozen or so attendees all participated led by our discussion leader, Ping Identity's CTO, Patrick Harding) called "Where do OpenID and InfoCards fit?"

Most of the participants were familiar with the names of the two dominant “user-centric” identity technologies, but most were also unfamiliar with how they worked. We spent the first 25 minutes or so exploring all of the possibilities of OpenID (and I’ll get back to that in a moment), then went on to InfoCards and Microsoft’s CardSpace. (Compare Identity Management products)

Harding reminded us that, in the world of user-centric identity, the Gartner Group had called InfoCards the “tortoise” to OpenID’s “hare.” That is, OpenID was getting the spotlight now, but InfoCards would win in the end. It’s a conclusion the whole group appeared to agree with as we found numerous ways that the CardSpace technologies could eventually become quite useful to the enterprise. Perhaps Nulli Secondi’s Pam Dingle might finally have her plea answered.

But what about OpenID? After tossing the concept around, the group decided that not only did it have no future in the enterprise, at least as currently constituted, but that there didn’t appear to be a place for it in one-on-one transactions either. That really comes as no surprise as on the very day we were talking about OpenID one of the technology’s founders, Sxip’s Dick Hardt, said “…one wonders if the identity opportunities of OpenID have passed.” This was a comment regarding the Facebook announcement of the Facebook Connect platform, an API allowing other sites to leverage the Facebook identity system. 

For Facebook users, it resembles one more applet among the hundreds and thousands they use, but with the added distinction of seamlessly connecting them to Digg and Movable Type blogs (just the first two implementations). They’ll adapt to it in a minute. Hardt has a well thought out monologue about the user-centric space, concluding “Facebook Connect provides great value to the user, great value to the [connecting] site, and deepens the dependency of the user on Facebook, which is great for Facebook.” OpenID won’t go away, of course, but it appears to be doomed as a potentially mainstream identity protocol.

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.