Solving the digital identity crisis

All-encompassing digital identity solutions have been promised for years, but thanks in part to CardSpace and OpenID, we may actually be getting somewhere You can't help but be disappointed at the current state of digital identity. By now, weren't we...

All-encompassing digital identity solutions have been promised for years, but thanks in part to CardSpace and OpenID, we may actually be getting somewhere

You can't help but be disappointed at the current state of digital identity. By now, weren't we all supposed to have ultra-secure stores of personal information in the cloud, containing everything from our preference for aisle seats to the results of our last medical checkup? Transparently and securely, we could share appropriate bits of that information with travel sites, insurance companies, and so on, and spend a whole lot less time juggling passwords and filling in forms.

There was an enterprise version of that promise, too: single sign-on backed by strong authentication -- with granular, centrally managed access to data stores and applications. A patchwork of products has delivered some of that, but implementations of digital identity inside organizations tend to remain pretty primitive.

Federated identity was supposed to be the solution to the identity crisis, but the complexity of the business rules to determine who can share what with who turned out to be overwhelming.

Could federated identity be about to get a second wind? In "Placing the user at the center of identity," contributing editor Phil Windley observes that a new, simpler, user-centric notion of federated identity is emerging, thanks in part to two evolving standards: OpenID and Microsoft CardSpace.

According to Phil, both those standards need work before we can expect widespread adoption, but broad support among vendors is promising. And when the user is making decisions, the tangle of business rules for sharing personal information is a moot point. In businesses, those sorts of decisions must be framed by security policies, but managing identity metadata could get a lot simpler.

Digital identity has great potential to empower people and organizations, providing fine-grained access to data and functionality that would otherwise be locked away. We may still be a long way from enjoying seamless, federated, user-centric identity -- and a lot will depend on how many vendors decide to incorporate new identity standards in their software during the next year or so. But as Phil's article suggests, we could be on the verge of a real breakthrough.

Copyright © 2007 IDG Communications, Inc.

How to choose a low-code development platform