go ahead and share
It’s been a week since Microsoft announced that it was never going to release the next version of CardSpace. The laughable part of the announcement is the title “Beyond Windows CardSpace” which would leave you to believe that Microsoft has somehow come up with a better architecture.
In fact Microsoft announced its discontinued development of CardSpace with absolutely no alternative.
Just further evidence of just how irrelevant Microsoft has become.
The news that Microsoft had abandoned CardSpace development is not news to those of us who watch this space, Microsoft hasn’t done Jack with CardSpace for over two years.
It’s just that for some reason Microsoft PR decided to announce the matter. Probably so the U-Prove group could get more press.
A Little History
In early 2006, Kim Cameron rolled out the Laws of Identity in his blog. Over next few months as he rolled out each law, the impact of this powerful vision culminating in the release of the CardSpace architecture and Microsoft’s licensing policy rocked the identity community.
Two years earlier Microsoft was handed its head when it tried to shove the Passport identity initiative down our throats.
Kim Cameron turned around and proposed and delivered an Identity Metasystem—based on CardSpace—that has no peer. Thus the Identity Metasystem is the industry initiative to create open selector-based digital identity framework. CardSpace is Microsoft’s instantiation of that Metasystem. The Pamela Project, XMLDAP, Higgins Project, the Bandit Project, and openinfocard are all instantiations in various stages of single and multiple vendor versions of the Identity Metasystem.
Let me clear. The Identity Metasystem has no peer.
Anything less than a open identity selector system for claims-based digital identity is simply a step backwards from the Identity Metasystem.
Thus SAML, OpenID, OAuth, Facebook Connect and so on are useful, but are giant steps back in time and design when compared to the Identity Metasystem.
Interpreting Vendor Speak
Two years ago when I had the chance to ask the people making the decision to abandon CardSpace what was driving their decision, here was the answer: “We will invest in CardSpace when our customers ask for it.”
To understand this statement, one needs a short course in “Vendor Speak.” Vendor Speak is the language all vendors seem to somehow learn to use when cornered and asked about sensitive topics. Examples of Vendor Speak to questions are as follows:
Tough Question: When are you going to release such announced product or feature?
Vendor Speak Answer: We will ship that product in Fourth Quarter.
Interpretation: Engineering will be burning the late night candles on December 31st.
Tough Question: What is the status of delivering a promised or much needed product feature.
Vendor Speak Answer: We will build that feature when the customer demands it.
Interpretation: There is no one working on that feature and there is no budget available to get it done.
So when the Program Manager gave me the “we will deliver when the customer demands it” I knew we were in for a dry spell with CardSpace. I probably should have kept quiet instead of telling him what I thought as in the end in made no difference.
Hey, Microsoft is not alone in this. ALL of the big vendors that made a commitment to the Identity Metasystem have stopped their funding of development.
When I ask each one of them why, the ALL give me the same Vendor Speak answer: “We will be happy to work on this when the customer demands it.”
Where does this leave us?
The bad news:
For now, we are going to continue to wallow without an identity layer for the internet. This will continue to bring security and scam woes down on the heads of companies and individuals for the foreseeable future.
The good news:
I am glad Microsoft is out of it. The company’s lack of leadership and innovation have rendered it irrelevant anyway. Microsoft has become the IBM of the past. A crumbling giant with feet of clay.
This means there is an opening for someone or a some group with a bit of vision and leadership to tack up the task.
I have no doubt that this will happen.
Microsoft blew it when it dropped CardSpace development. Microsoft is a company without leadership, vision, or innovation. In terms of digital identity—and most other core technologies—Microsoft has become irrelevant.
Making infrastructure—like the Identity Metasystem—is a tough thing to do and understand.
But mark my words, we WILL have a selector-based identity layer for the Internet in the future. All Internet devices will have a selector or a selector proxy for digital identity purposes.
I predict this inevitability by simply examining the choices:
- Use an alternative. This isn’t going to happen, there isn’t one.
- Invent a new alternative. This could happen, but it would be insanely difficult and probably end up almost the same anyway. It isn’t like these people haven’t thought through the issues.
- Use the Identity Metasystem. This is the best idea. It will probably not be called an Identity Metasystem or CardSpace, and certainly have less connection to Microsoft. But it will be the Identity Metasystem nonetheless. OpenID and OAuth could evolve to meet the challenge. They do not in their current state.
- Do nothing and hope things work out.
The work of Kim Cameron—and countless others involved with the Identity Metasystem—has changed our understanding of what is needed for digital identity forever. The genie is out of the bottle. There will be no going back to the ad-hoc identity system we are stuck with for now.
I just don’t know how long it will take.