Digital Identity Redux
|Email weblog link|
There are no clear signs that Digital Identity is anything but hot air. As one person described it over beer, "everyone here is trying to find a bandwagon to get on". That said, everyone tried to get on the Internet bandwagon and there was a there there. Jon Udell said a deep thing (one of many) over beers: we're all hoping to see the Next Big Thing, but we may not see the Next Big Thing in our lifetime.
Digital identity is more than "single sign on". There are at least three levels that I can identify: enterprise, e-commerce, and security. Enterprise wants single-sign on and email unification, with b2b a lesser priority. E-commerce is Passport and Liberty--single sign on for web sites. Security is biometrics, terrorism, prisons, finding bad guys.
DRM ties into this through another division in audience: realists vs salesmen. Microsoft is the classic salesman: they claim "consumers won't trust computers with their digital identity data until the hardware can guarantee it won't be inappropriately share". This is, of course, bullshit. The average consumer, the realists tell us, will trade privacy (a business card) for a 25c rubber squeeze toy with a company brandname on it.
The three digital identity areas have quite different priorities. The big problem is that, like DRM, there's no *consumer* demand for this. There's no killer app at any level. The Passport idea of single sign on for e-commerce doesn't appear to be killer.
There's a lot of speculation about where that killer app might come from: spam protection is often suggested, but Esther Dyson argues forcefully that spam is not a privacy problem (mail from people who don't know you isn't a privacy problem, mail from people who know too much about you is). (My left-field suggestion is that porn might solve this (with anonymity, no less!) as it solved image, video, and Internet credit card processing).
There are really only two outcomes that I can see: someone comes up with a killer app (and so the technology embodied in that killer app wins), or the Government mandates it. Terrorism is, although it's a bad pun, the killer app for security based digital identity. There are smaller applications for biometrics (walk-up helpdesks, physical access control, UN refugee assistance management) but none of those are killer in the sense that we think.
The three leading lights appear to be:
- XNS--rumour has it that they've solved IP problems
- PingID--they sent hackers and appear to be most realistic clueful rubber-meets-the-road company here
- Microsoft--nobody bets against the big gorilla
So, to conclude, this could be one of those things that becomes real big (e.g., the web). Or it could be one of those things that fizzles (e.g., push). Or it could be one of those things that has substance but which is overpromised (e.g., web services). I don't know which it is.
Nat Torkington is conference planner for the Open Source Convention, OSCON Europe, and other O'Reilly conferences. He was project manager for Perl 6, is on the board of The Perl Foundation, and is a frequent speaker on open source topics. He cowrote the bestselling Perl Cookbook.
Return to weblogs.oreilly.com.