Burton Group’s Neuenschwander agrees. “On their own, they’re not likely to be deployed. Enterprises will deploy OpenID and CardSpace through a federation or ESSO [enterprise single sign-on] product. That will be a safer and more functional way for enterprises to acquire and deploy these technologies,” he says.

As for the likelihood of either technology gaining widespread vendor acceptance over the short term, Neuenschwander adds, “Most of the federation vendors are going to support interaction with CardSpace. For one thing, it will get them single sign-on capabilities with Microsoft environments like SharePoint and Exchange. That’s all rolling out over the next year.”

A related component is the identity selector itself. Microsoft has included it in Vista, but getting the identity selector anywhere else requires downloading and installing it. Incorporating identity selectors into the OS without a separate download will increase penetration and will eliminate one side of the chicken-and-egg problem that enterprises face with CardSpace in b-to-c scenarios.

On the standards front, OpenID 2.0, with standards for user-attribute exchange, is an important milestone. For CardSpace, watch for the ability to synchronize claims among multiple machines, including mobile claims functionality.

Early adopters
Although there’s still much to be done before most organizations will embrace these technologies wholeheartedly, some deployments are already under way.

Product managers are one group likely to embrace user-centric identity early because they are being driven to understand and serve customers in innovative ways. Two examples: AOL and France Telecom have both deployed OpenID. “As b-to-c, consumer-facing companies, AOL and France Telecom will view user-centric identity as a competitive advantage,” says Ping Identity’s Durand.

The governments of British Columbia and Singapore have announced plans to roll out identity cards based on CardSpace for citizens. Federation does not scale for many government uses because in most cases governments can’t dictate architecture the way powerful business partners can. That said, governments has long served as a foundational role for identity in society, and these early steps may in fact help businesses see the benefits of user-centric identity systems, especially as they expand the technology’s user base.

Distributed organizations, such as universities, will also be early adopters because of their need to allow developers outside the traditional IT trust circle to authenticate users and retrieve attributes appropriately. In fact, authentication systems built for use in higher education, such as CAP (Common Authentication Project), are already being retrofitted with OpenID and CardSpace.

Many Web sites have already adopted these technologies, and this adoption is not limited to blog comments, rather it extends to authentication services for consumer-facing services. The key benefits are fast proving to be easier account management and the ability to avoid inventing yet another authentication scheme.

Near-term planning
During the next year, expect to see products from federation vendors that begin to capitalize on user-centric technologies. When they do, there will undoubtedly be projects in your organization that would benefit from putting the user in the middle of the transaction.

In the meantime, it’s not too early to start exploring. You can use both OpenID and CardSpace now on a variety of sites on the Web. If you really want to get your hands dirty, good libraries and toolkits are available for CardSpace and OpenID. Identify a pilot project where user-centric identity would solve a sticky problem and dive in.

The biggest challenge in deploying these new identity technologies is understanding how they -- and all their moving parts -- work