From identity infrastructure to identity applications

I had a very interesting call with a guy responsible for a whole lot of identity stuff at a company we all would recognize on friday of last week. The "interesting" part began in him initiating the call (normally, I do such things). Come to find out that he was doing so because he was in search of "the next big thing" in identity (or what's on the horizon), and wanted to get my take on it.

In the course of talking through the topics we covered things that have been implemented (like simplified sign on, provisioning, some compliance stuff), things that are being implemented (risk-based authentication and improvements to his past projects), and things that he's still trying to figure out the "why" of (federation, entitlement management). And then we moved on to "the future" by talking about things like OpenID and the "user-centric" identity technologies.

Without revealing too much of our "off the record" conversation, let me say that I left that call with the same frustration I've begun to express here as of late: we're *still* building identity infrastructure and have not yet moved to identity applications.

Now, to be clear, I have *no* idea what I mean when I say "identity applications" (so my frustration is as much with myself as others in the world of identity). But I do know this: When I got into the identity game back in 2002, Andre Durand (CEO of Ping Identity and - full disclosure - a very close friend of mine) and I spoke at length about how we needed to spend a few years building out identity infrastructure on the web, so that we could move on to the really explosive and interesting stuff -- namely, all of the applications that identity infrastructure would enable.

And yet, identity seems to be still in the building phase. Is this a failure on the part of the identity community? I don't know. I know that identity companies are driven by making profits, and, as I'm sure readers of this blog (and the gentleman I had the call with) know, you don't buy identity solutions that won't solve an immediate problem. But I'm still left with this gnawing feeling that some of the "big dreamers" in identity have disappeared.

I can point to interesting things at OpenID and in the user-centric circles, and the tremendous progress that things like CardSpace have made (thanks Microsoft guys!), but I'm still left with technologies focused on signing in to websites.

Maybe I'm just asking too much. Or being curmudgeonly. Or, maybe, I'm horribly misinformed about the exciting goings-on in identity.

Then again, maybe the identity community needs to start "dreaming" a little bigger. Maybe we've all gotten just a touch too focused on pounding the nail in front of our faces, and lost sight of the fact that we're building a house.

I'd love to hear your thoughts.

--Eric Norlin

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I