IIW Thoughts and Thanks

It as a great time at IIW last week. In the immortal words of Inigo Montoya: Let me explain… No. It is too much. Let me sum up.

1. The Higgins/Cardspace/Bandit demo worked.

It worked repeatedly in the speed geeking session on Tuesday, for impromptu performances, and in the “OSIS in Action” session on Wednesday. It was given by Mary Ruddy and me. In retrospect, my favorite part was getting a text message from Pat Felsted (demo coordinator and fellow Bandit) at exactly 2 minutes before the speed geeking demo session started that said something like “try it, it should work now”.

Thanks to everyone whose help and code was used, and to the bandits and rodents who set up the demo, especially because it involved collaboration with multiple companies, as well as wrestling code, machines, and corporate policy.

2. Some ad hoc identity project interaction occurred as well, and worked.

I couldn’t actually see it because the demos were shown simultaneously, but I have heard that Chuck showed his selector working with infocards generated from our Higgins IdP/STS site and used those and other cards with our relying party site.

3. I saw more of a focus on working systems and usability.

The focus of IIW seemed to have shifted — at least in my perception. Rather than just theory and concepts of Internet Identity, it was more about what currently works and what is proving to be most useful in practice. I found much more interest and discussion in capabilities and user experience above the basic interactions of Internet identity systems.

For example, the demo that Mary and I showed granted access to a mediawiki based on claims from an infocard that were fed to a Bandit authorization component configured with XACML. It also included pages that showed that all accesses of the Identity Provider, Security Token Server, and Relying Party were being audited via an open source framework. I got more requests for indepth information about those two components than I did for the basic open source infocard components.

Also, evolutionary adoption and consistent user experience at service sites (e.g. relying parties) got a lot of interest — at least the topic was interesting to me. In particular, a conversation with Pamela Dingle and a session by Joseph Smarr pointed this out. Maybe I just wasn’t listening, but at past IIWs I have not seen much emphasis on a consistent experience for users at service sites. Common issues for sites such as our demo MediaWiki are: 1) login with legacy username/password login vs. using a new internet identity, 2) claiming ownership of an existing account, 3) account merging, 4) removing old account information, etc. Perhaps I was just not sensitive to these issues until we put together the demo, but they will be very commonly needed capabilities. It would be much more effective if the community could promote common user experiences in those areas. I know that, since last week, the OpenID folks have been working on this for a login dialog box. That’s a start.

Overall, the informality combined with the intense passion of the event was very enjoyable. It even surprised me with some deeply meaningful moments. And it started productive conversations that I hope will continue for a long time.