Microsoft announces OpenID support in CardSpace
Two of the most prominent identity technologies come together to deliver a "phish-proof internet".
Speaking at the RSA Conference in San Francisco, Microsoft co-founder Bill Gates outlined the company's refreshed identity strategy - including support in Windows CardSpace for the OpenID 2.0 identity standard. As part of an interoperability agreement OpenID will also be extended to handle phishing-resistant credentials, adding a new layer of trust to ecommerce sites.
Originally designed by Brad Fitzpatrick, chief architect at blogging platform developer Six Apart for use in cross-blog authentication, OpenID has rapidly become a key digital identity technology, allowing identity assertions to be shared across multiple systems. While other identity systems work well in closed enterprise networks, OpenID has been designed from the ground up for handling identity on the public internet. Microsoft's collaboration with the OpenID project will add support for strong credentials. As many sites and services already use OpenID, this approach will open up much more of the web to Microsoft's fledgling CardSpace.
Key open source developers have welcomed the news; Fitzpatrick described Microsoft's involvement in the project as "great". OpenID can already use Kerberos, voiceprints, and Jabber JID as authentication components, and he sees CardSpace as another authentication technology. CardSpace authentication will bring OpenID support for the WS-Trust web service standard, and Microsoft will be supporting OpenID in future identity server products.
Microsoft's Chief Architect of Identity Kim Cameron calls OpenID "a really great technology for doing public identities - the simplicity is stunning" and suggests that "It's one of the things that will really drive us towards the identity Big Bang. And the whole world will benefit."
Sxip Identity's Dick Hardt agrees that this is a major endorsement of OpenID, and Sxip will be working with Microsoft to add CardSpace Information Card support to their existing OpenID products. These include an open source distributed identity plug-in for any web site, and a range of identity appliances that provide identity management and integration tools for businesses. Other partners include JanRain, which supplies the code many web sites use to work with OpenID, and Verisign.
Kim Cameron has described the solution to the problem of identity as a metasystem, where different technologies cooperate to share assertions and authentications. OpenID is part of this identity metasystem, and has already converged with technologies like Yadis, XRI and Sxip. Its strength lies in its wide adoption by so many different platforms and technologies There have been concerns about Microsoft's involvement with the OpenID specification, but Cameron and the OpenID are both convinced that Microsoft will not exert undue influence.
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download