Federating identity for the Web

User-centric innovations CardSpace and OpenID may finally bring the promise of federation within reach

Page 2 of 2

Distributed organizations, such as universities, will also be early adopters because of their need to allow developers outside the traditional IT trust circle to authenticate users and retrieve attributes appropriately. In fact, authentication systems built for use in higher education, such as CAP (Common Authentication Project), are already being retrofitted with OpenID and CardSpace.

Many Web sites have already adopted these technologies, and this adoption is not limited to blog comments, rather it extends to authentication services for consumer-facing services. The key benefits are fast proving to be easier account management and the ability to avoid inventing yet another authentication scheme.

Near-term planning
During the next year, expect to see products from federation vendors that begin to capitalize on user-centric technologies. When they do, there will undoubtedly be projects in your organization that would benefit from putting the user in the middle of the transaction.

In the meantime, it’s not too early to start exploring. You can use both OpenID and CardSpace now on a variety of sites on the Web. If you really want to get your hands dirty, good libraries and toolkits are available for CardSpace and OpenID. Identify a pilot project where user-centric identity would solve a sticky problem and dive in.

The biggest challenge in deploying these new identity technologies is understanding how they -- and all their moving parts -- work

| 1 2 Page 2