Identity Management is Taking Off
February 11th, 2007I have been watching this bubble up slowly over the past 8 years. My first exposure to a form of identity management was PGP which has never become a widespread technology despite the efforts of many. PGP is an implementation of public key encryption just like SSL which has been a part of web browsers nearly from the beginning when Netscape developed SSL 3.0 over 10 years ago. We have used SSL to buy products do our banking online ever since.
These days with identity theft and phishing exploits there is a very real need to finally create a functional solution for identity management. A couple of months ago Microsoft released their branded solution Cardspace with .NET 3.0 which has been included with Vista. And this week Microsoft put their weight behind OpenID. (see OpenID Gets a Boost From Microsoft ) All of the recent activity is adding up to identity management finally taking off.
Kim Cameron writes the Identity Weblog, a WordPress managed blog. He is the lead at Microsoft on identity management and intentionally runs a PHP-based blog to show the CardSpace solution is not limited to the Microsoft platform. His blog shows that while PHP and WordPress are not Microsoft products he was able to adjust the WordPress installation to allow for CardSpace logins. What makes this more powerful is the fact that extensions for Firefox and the Safari web browsers allow for users to log into the Identity Blog to post comments. One early extension for Firefox even implemented it's own card selector with Java. The next major Firefox release will include native support for CardSpace.
What has kept identity management from taking off all this time is the complexity of the concept. What it means to you is less passwords to remember and better overall security. You will instead use your own identity card to log into blogs, commerce sites and your bank. You can create a self-issued card for use on low security websites while your bank or employer can issue you one with a higher trust level. And just like a credit card, you can have your identity card canceled and reissued if you believe it has been compromised. The same is already true for SSL certificates.
There is also work in progress on creating identity enabled thumb drives so you can log into your home or work computer by just plugging in your key.
I strongly encourage everyone to jump into CardSpace and OpenID. To get a head start, listen to the latest Hanselminutes Podcast on OpenID and CardSpace.
The following links will show you where to get started.
Microsoft
- Official .NET 3.0 Website
- Official CardSpace Website
- Kim Cameron's Identity Weblog
- InfoCard Explained (video)
OpenID
Firefox
- XmlDap Identity Selector Extension (requires Java runtime and runs on all FireFox/Java platforms)
- Identity Selector Extension for CardSpace (requires .NET 3.0)
