May 16, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Neil Macehiter and Neil Ward-Dutton
Software Infrastructure for Business Value
 Neil Macehiter and Neil Ward-Dutton of Macehiter Ward-Dutton offer their perspective on key software infrastructure issues, IT-business alignment and related things.

« Rethinking IT projects? Think service, not product, focus | Main | Oracle proposes to buy BEA »

September 28, 2007
Has CardSpace become Passport?

Ben Laurie of The Bunker Secure Hosting has a provocative post about the two emerging (and that's important) leaders in user-centric identity: OpenID and CardSpace. He quite rightly points out that at present OpenID's:

popularity is entirely on the provider side. There are no consumers of note.

and that CardSpace:

appears to live in its own little world, supported only by Microsoft products

I think this is to be expected given that we are still in the early stages of both.

Where I find myself disagreeing with Ben, however, is with his conclusion about CardSpace:

So why does this make Cardspace like Passport? Well, the fear with Passport was that Microsoft would control all your identity. The end result was that Microsoft was the only serious consumer of Passport. When Cardspace is deployed such that all providers and consumers of identity are really the same entity, then all its alleged privacy advantages evaporate. As I have pointed out many times before, when consumers and providers collude, nothing is secret in Cardspace (and all other standard signature-based schemes). So, there?s no practical difference between Cardspace and Passport right now.

Ben's right about the implications for privacy when the those consuming identity information collude with those providing it but that's not an issue peculiar to CardSpace.

Even Microsoft would (and indeed does) agree that Passport was a failure due to the company's control of identity data, I think Ben doesn't tell the whole story. It wasn't just down to control of an individual's identity data. It was also due to the fact that Passport and Hailstorm were designed from the outset to wrest control of identity data from Microsoft's business partners and customers. The same can not be said of CardSpace and that's why I believe there is a difference between CardSpace and Passport. There are already examples, Otto in Germany springs to mind, of organisations other than Microsoft using CardSpace and, as I said, it's still early days.

Posted by nmacehiter in Identity Management |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2358

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
Categories
Recent Posts
Archives
Blogroll
Disclaimer:The opinions expressed in this blog are solely representative of the blog's authors, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
PepsiAmericas: Realizing Real-Time Communication
a refreshing approach to ESB and data integration
Date: May 28, 2008
Time: 13:00 PM ET
(17:00 GMT)
REGISTER TODAY!
Accelerate Agility and Lower Costs by Virtualizing and Governing Your SOA
Date: May 29, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map