Arbitrage

Doc Searls, Marc Canter, Drummond Reed, et al. are all a flittter about an Open Identity System or Internet Identity Infrastructure that has been worked out in insider conversations  at PC Forum (where the elite meet to be discrete and then tell you about part of it on their blogs.) The universal identity metasytem solution sounds amazing and I  can't wait to hear more - which means the hype has worked and this group has me right where they want me.

As we've discussed previously, the identity world already has it's unicycle,  it's Cessna, and it's Space Shuttles - I'm just hoping the Universal Identity Infrastructure Metasystem doesn't turn out to be our Segway...

Bonus excerpt from the hype hall of fame:

"Developed at a cost of more than $100 million... Doerr predicts...the Segway Co. will be the fastest outfit in history to reach $1 billion in sales."

The front page coverage generated by the recent identity calamities at Choicepoint, Lexis-Nexis, et al. has exposed the digital identity status quo and customer behavior is being affected. From Internet Week:

Fully 6 percent of U.S. adults surveyed by Financial Insights said they had switched banks to reduce the risk of becoming victims of identity theft. In addition, the Framingham, Mass., research firm found that 18.3 percent of consumers had stopped shopping online for the same reason.

So, it looks like we have entered a phase where customers are assessing the identity reliability of their bank and switching if they feel uncomfortable - customer abandonment will do more to help spur digital identity reform than any number of seminars and research projects and we have the thieves and fraudsters (and a number of incompetent Choicepoint employees) to thank.

Also, of interest: I wonder how much not shopping online lowers the chances that you will be a victim of identity theft. Based on these stats, my guess is not much if at all.

Ray Wagner of Gartner published a note on SAML 2.0 yesterday in which he calls for vendors (I think he means Identity and Access Management vendors) to more organically support SAML.

...all major vendors must support both SAML token formats and SAML protocols organically within their products. This certainly is not yet the case for most of the leading vendors, and not even the vendors that have developed SAML use it within the federation features of their own products. If those vendors did so, major platform vendors would have a much stronger incentive to focus on full SAML support.

He has a point, in project after project we are seeing a broad diversity in what it means when a given vendor product claims to "support" SAML - and the delta between what is supported at the press release level and what is supported at the product level seems to be particularly large when it comes to SAML. 

The underlying context for Ray's view is that the major Identity and Access Management vendors are, by and large, highly ambivalent about SAML. This is to be expected. All of the IAM vendors develop products that have proprietary functionality that does exactlty what SAML does - and they are driven to extend their customer's dependence on their own proprietary solutions. The major vendors also have limited engineering resources to allocate across broad product lines and tend to have limited expertise in SAML.  The net result is the market condition Ray identified in his note.

In the meantime, enterprise customers continue to recognize/understand/feel the pain of proprietary approaches and increasingly demand the long term business value of open standards, interoperability, and vendor independence.

So the question is, what will occur first? Will the major vendors change course and commit significant resources to developing organic support for SAML (and, importantly, to bringing SAML solutions to market in their established sales channels) or will SAML disrupt the major IAM vendors and usher in a new standards based architecture for digital identity.

It is early days, but my bet is on disruption.

Excellent Kim Cameron interview (by David Berlind at PC Forum) available here...the comments on the ZDNet site are a fun read.  One is titled "I can manage my own identity, thank you very much." - this is about as misguided as saying "I can make my own Driver's License, thank you very much." 

Another describes a 1984-like scenario - only with more comprehensive surveillance technology - that Kim's company is supposedly bring into being. The reality is that Kim is one of the most articulate advocates for reforming identity, protecting privacy, and empowering individuals .

The fear, mistrust, and misinformation around identity - especially as it relates to Microsoft - continue to bubble up  - meanwhile the identity status quo remains spooky. The sad reality is that many of the identity dynamics that the fear mongers fear are already at work. Your consumer behavior is tracked, your transaction history is aggregated and sold, your core identity assets - the attributes that can be used to breed accounts - are managed by incompetent or unscrupulous IT staff .

The identity status quo will be reformed (and very likely regulated), the reform will involve technology innovation, that innovation will be delivered by software vendors large and small, and the major beneficiaries of the reform will be individuals.

How long all this takes depends in large part on how many ungrounded arguments the fear mongers can come up with to delay much needed reform.