I've just come from the first full day of sessions at the Internet Identity Workshop (IIW) and I've got a feeling unlike any I've had before after IIW. From the first of the twice yearly gatherings, back in late 2005, I've always come away with a feeling that we're on the right path and the breakthrough event is just around the corner. This time, though, I'm despairing that we may never get there.

The feeling started on Monday, the first afternoon. As usually happens, we were divided into heterogeneous small groups (5-7 people per group) to consider a question after which the groups would come back together to examine the answers. This year's question was "when will we achieve the 'Big Bang' for identity?" I felt a bit uneasy because I think whoever made up the question was groping for an analogy for “killer app,” but “Big Bang” (the initial event that spawns all others) isn’t as apt as, say, “tipping point” – the event which makes acceptance of the protocols and technologies inevitable. Still, we chatted about that event. At the end we found that most of the groups thought the same way – except for those that completely ignored the question and answered something else. Still, the opening question doesn’t always lead to great insight. So I was disappointed, but hopeful.

Tuesday morning started as all IIWs do with a gathering of the entire group for an agenda setting session. Looking at what was being offered for the day’s first session (there were 7 or 8 choices), I picked one that would address “third-party identity assurance.” This was a well-attended session (about 20 people), which appeared to bode well for an interesting discussion.

Twenty minutes into the session, however, we realized that there was a major disconnect – a large number of people believed that “identity assurance” concerned the verification of identity at the time an account was created while another large number believed it was the level of risk associated with an authentication event. There were also, of course, a small number of folks who held differing views.

The ensuing discussion went round and round (with no resolution) with stops along the way to disagree about a number of other terms – including “identity.”

It isn’t that no one has tried to define these terms before – just the opposite, in fact: too many different groups have come up with too many incompatible definitions. Every group, it seems, that discusses identity issues, standards, technologies or protocols has come up with their own word list of definitions starting with “identity” and moving outwards. But to the simple question of “how many identities can you (or do you) have?” it appears each group has a different answer.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.