09.28.07
100% Open Source information cards, and how Ben might win an iPhone
I was rather surprised today to read a post by Ben Laurie where he writes that “there is no practical difference between Cardspace and Passport.” Please read the whole post to understand the context. It’s not long.
He contends that Cardspace is only supported on Microsoft systems, and that, since the identity provider and consumer are therefore the same entity, there is no privacy advantage. I think there are a number of huge and hugely invalid assumptions in that contention. A centralized service hosted by a single vendor is very different than a distributed service — even if the service components are implemented by a single vendor. But it is not true that information card systems are implemented only by Microsoft. In fact, no Microsoft code at all is needed to deploy a complete system.
Ben also makes some rather general statements about lack of support for OpenID and that it “has no consumers of note.” Hmmph. I use OpenID all the time and find it useful. I wonder what I need to do to be a consumer of note.
I’m all for bloggers getting to vent their opinions, and, in that respect, there’s a lot in the post to love. I’m also for pointing out reality, and I think pointing out real users and deployments is important. I expect that Ben is right that there are currently more enterprise deployments of SAML federations than information cards or OpenID. But I disagree that OpenID has no consumers of note, and I disagree that Microsoft controls all identity providers and consumers of information card systems.
For example, please consider this shamelessly self-serving, but complete, illustration:
Novell and the Bandit Project just launched a campaign to promote awareness of information card technologies. The campaign site consists of an identity provider which is running on OpenSUSE 10.2 and includes a Security Token Service from the Higgins project, as well as various authorization and auditing components from the Bandit project. The same domain also hosts sites running Joomla and Wordpress that receive information cards using plugins from the Pamela Project. There are links provided so that users can get an identity selector for Linux, Mac, and even Windows. Most of the identity selectors are open source and developed by the Higgins and Bandit projects. We do throw in a link to a Microsoft site for those who are running Windows and need to download Cardspace. We didn’t think that would be offensive.
Ben, please check it out. You might win an iPhone. You can use information cards to access the site, or even deploy your own identity provider or consumer using 100% open source software.
I've done a variety of things in my career, but always seem to
return to issues of identity and technology. Most of what's written
here will be about such things. I work for Novell, but this is my
personal blog. The views expressed on here are mine alone and do not
necessarily represent the position of my employer.
Mike Jones said,
September 28, 2007 at 5:16 pm
I’d like to be a consumer of note too. Please tell me how to sign up!
[This comment brought to you via Information Cards, Firefox, CardSpace, PamelaWare, WordPress, Windows, Linux, XML, HTTP, the Internet Protocol, and so much more...
]
Eric Norman said,
September 28, 2007 at 6:48 pm
I really think Ben means relying parties when he uses the phrase “consumers of note”. He’s British, so we might need to cut him some slack
:) 
As for Microsoft having control of user’s identity information, he might be talking about user’s perception instead of reality. E.g. CardSpace is a Microsoft product; ergo, CardSpace is Passport with icons. The folks best able to correct that misinterpretation would be Microsoft.
By the way, I did log on to make this comment using DIgitalMe. It sure took a horrendously long time, though. I’m not sure why that is; it’s never happened before. Maybe it’s just constipation in Utah.
Neil Macehiter said,
September 29, 2007 at 3:45 am
I also commented on this post here: http://www.mwdadvisors.com/blog/2007/09/rethinking-it-projects-think-service.html, primarily from the perspective of the Passport/Hailstorm versus Cardspace. I agree completely with your comments re Bandit/Higgins (not least because I logged into this site using DigitalMe on MacOS X
dave said,
September 29, 2007 at 8:54 am
I’ve got to agree with Eric, the “consumers of note” (sounds like a band, doesn’t it?) refers to RP’s not users. It’s RPs that “consume” identity data, not the entity being identified…
But Ben does get it wrong when he claims Microsoft as the IdP. It could be, of course, but it doesn’t necessarily have to be.
PS I tried to login with my OpenID(s) - they kept getting rejected with a redirect to an unkown page…
Links » More on Cardspace and Passport, or, A Day in the Life of an Open Source Developer said,
September 29, 2007 at 11:02 am
[...] Dale Olds is surprised. It seems mean to leave him in this state, though it seems somewhat ironic that an open source project should be choosing a thoroughly closed phone as a prize. So closed you can’t even install closed source add-ons. I’d rather have an N95, to be honest. [...]
IdentityBlog - Digital Identity, Privacy, and the Internet's Missing Identity Layer said,
October 4, 2007 at 2:09 am
[...] number of people gagged on this, including Dale Olds of Novell (who none the less retained his unflappable charm). Dale had just released his new DigitalMe [...]
Did you build a Windows CardSpace enabled Website or application? - Secure Place said,
October 4, 2007 at 4:25 am
[...] is a interesting discussion in the clouds. Based on Kim´s mind related to What if we fail, Dale Olds of Novell and Ben Laurie’s recent piece on CardSpace I decided to start the ultimate "Show me [...]
http://jorgenaaroe.pip.verisignlabs.com/ said,
October 9, 2007 at 5:41 am
The only thing you could argue about is why MS made the CardSpace client platform centric. To my knowledge there is no way to run MS CardSpace client on Win XP.