I expected to learn quite a bit at the Internet Identity Workshop (IIW) - the semi-annual ID geekfest in Mountain View, Calif., and I did indeed learn quite a bit. Some of it was even about identity services, applications and projects. And it appears the question now in identity circles is what comes next?
Because of the frequency of the events (semi-annual, augmented by “Identity Open Space” one-day or half-day sessions associated with other conferences and trade shows) as well as the somewhat narrow focus (“user centric identity”) it is quite possible to follow the progress of a thought or an idea from its genesis through to fruition. Normally, you’d need to be deeply involved in a project to follow it this closely.
Conference co-founder Phil Windley put it well in summing up the history of IIW:
* IIW2005: We met each other and found out what everybody was working on.
* IIW2006A: Proponents of multiple identity protocols start to how they can work together.
* IIW2006B: Small-scale interoperability and some consolidation.
* IIW2007A: Interoperability demonstrations of Information Cards and lightweight solutions converge on OpenID.
* IIW2007B: OpenID, CardSpace, and SAML, along with supporting technologies, projects, and consortia are being taken as given.
The question has become what to do now that the foundational technologies have been worked out.
OpenID, as we now understand it, didn’t exist in the fall of 2005 when the IIW was launched. And today it’s “taken as given.” In fact, Version 2.0 of the specification was “officially” promulgated during the event, in the sense that there was nothing left to add to it and that new features would go into a “Version 3.”
So what is the next “big thing” in the user centric identity world? From the buzz, from the discussions and from the presentations it appears that “reputation” and reputation systems will dominate the conversation over the next year. In fact, one piece of news was that OASIS would be launching a new Technical Committee chaired by IBM’s Tony Nadelin to develop a specification for “Open Reputation Management Systems” (ORMS). ORMS would be a way to exchange and value reputation scores and statistics. Reputation shows great promise in helping to mitigate risk, which could, in turn, lead to a coalescence of user-centric and enterprise-centric identity. After all, the big buzz in enterprise identity is around entitlement and risk management.
Read the complete article by Dave Kearns, Network World.