CardSpace and OpenID have certainly come a long way during the past few years. Yet important steps must be completed before organizations can put them to widespread use. Despite well-baked standards, CardSpace comes up short on functionality such as mobile credentials. More glaringly, OpenID has serious holes that proposed standards aim to fix, but there has been little traction in getting those standards approved.

That is not to say vendors are at a standstill. In fact, interoperability testing is a bright point for both technologies, with interop events taking place multiple times per year to the tune of deep participation from players large and small. Moreover, tools and libraries abound. For enterprises, however, adoption often depends on product selection. Thus, with only a handful of solutions available with CardSpace or OpenID baked in, deployment has been slow.

“There aren’t a lot of pieces you can buy off the shelf. We've done well on [tools for the] identity selector, but tools for identity providers and relying parties are still lagging,” Hardt says.

Motivating change
Technology, of course, is one thing, but buy-in depends largely on winning over top-line minds. Here is where the particular intricacies of identity play a heavy hand in the fate of user-centric federation in the enterprise.

“Identity is a difficult challenge when you consider that a large organization has so many different kinds of relationships -- employees, contractors, partners, and customers -- all spread across regions and geographies,” says Mike Neuenschwander, vice president and research director at Burton Group. “On top of this is the problem of policy -- expressing what the organization requires or expects in each situation.”

To date, much of the motivation behind identity deployments has centered on the bottom line. “Reduced help-desk costs and increased security are driving consciousness around ID in the enterprise,” says Andre Durand, CEO of Ping Identity (Full disclosure: I am on Ping Identity's advisory board).

But as organizations gain experience with user-centric identity, primary considerations such as reducing customer friction and building brand become important.

To date, much of the federation work has been done in the b-to-b realm, where strong ROI arguments can be made for federating with partners. But in the b-to-c space user-centric identity systems really shine, since enforcing any kind of technology in a b-to-c environment significantly increases the friction of the transaction. Having an identity system that customers are comfortable using is a big win. What’s more, with users in control of their identity credentials, user-centric identity can save you the hassle of password reset and account management in many cases.

As said before, the big problem facing any federated identity deployment -- b-to-b or b-to-c -- is the time it takes to set up connections with the myriad organizations involved. User-centric solutions provide a quick and easy way to knock these connections out and scale as you go.

“If you have to hit a lab with one of these things, you’ve set an upper bound on how many you can do,” Burton Group’s Neuenschwander says, noting that traditional modes of federation necessitate copious lab testing time before rollout.