The landscape below the internet identity standards war has shifted and it is notable how little comment this has raised among the mob of identity bloggers. Two things have happened. First, is the arrival of in the US of a manditory national ID card which is likely to be chock full of wild and crazy technological gadgetry. The second was the public revealing of Sun and Microsoft ongoing work to bring their identity product offerings into alignment.
Both events were in the air, both seem inevitable. Like the California earthquake. Let me take a very rough and very sloppy run at teasing out what’s really going on here.
The national ID card being brought to live by forcing states to adopt standard driver’s licences. These are likely to be choke full of this years technological widgetry, i.e. RFID tags and such. Technology like this thrives if it finds enthusiastic hosts and these widgets have found lots of those. They have been been spreading very rapidly across the installed base of entities with minimal privacy rights: kids, cattle, shipping containers. There is a huge enthusiasm in our culture for using technology to enable club gate keeping. So there are hordes of folks out there who have problems they want to solve with these toys. Highway toll keepers, prisoner’s on work release or house arrest, owners of clubs and bars that want to keep children out, financial institutions who want stronger authentication. While there is a vocal and concerned community warning that these toys and the systems they enable carry a lot of risk of damaging our social fabric that community hasn’t found a way to get a seat at the table.
The Sun Microsoft story can be read in two ways. The standard media narative has had Sun/Liberty v.s. Microsoft. If you need to maintain that story line then this is truce, defeat, or something. I don’t think that’s the right way to read these tea leaves. I think this is a story best understood by introducing another player: the buyers. Buyers do, sometimes, have some power. The buyers in this case are the CIO/CTOs of huge firms. These folks have a huge amount of pain around issues of intra-enterprise and inter-enterprise identity and data exchange. The buyers are got sick and tired of waiting on the vendors to get their act together. They need highly open dependable solutions, solutions that are not owned by one vendor. I believe that they began put pressure on Microsoft to find common ground with the folks at Liberty. Of course, that was one of the options the Liberty organisers created when they set up the effort.
I do not think that either of these events mean the standards war is over. Some days I think this could be a 100 year standards war. Lots of reasons why this story is going to have lots of chapters. The drivers licenses are amazingly expensive and states won’t swallow that expense without a fight. The huge internet portals like Google, Yahoo, AOL really haven’t entered the standards game yet in a meaningful way. The huge population of tiny web sites don’t have a useful solution at hand. We don’t know what the phone companies and credit card companies are going to do. The whole nature of how we as a culture reframe our privacy in the modern age is totally unclear.
Now, I doubt either of those stories I just constructed off the top of my head are particularly accurate. That they have garnered so little comment from the identity bloggers is a shame. They need a lot more careful picking apart than they have gotten. One way or another, the landscape is now fundimentally different.