Personal identity

I've been talking about identity management a lot during the last couple weeks, in part because of discussions happening inside our department related to our normal work, but also with others throughout the company (of all stripes technical, executive and marketing).

The big problems our customers (nay, everyone's customers) seek solutions for are largely centered on client side issues at this point. Primarily, avoiding identity theft currently facilitated by viral spam, phishing, spyware and a host of other injection mechanisms. Very few are vocally interesting in aspects of the lightweight ID systems popping up for use in various forms of social software right now. That's not to dismiss that area, but the people there either don't care or can deal with that part of the IdM puzzle all but themselves (for now).

Inevitably, we get around to talking about InfoCard and I find it hard to describe, especially to people who use Windows. It's not a concept that comes naturally (and the idea of using a lot of passwords is really alien which as Kim Cameron has pointed out, is our collective failure and something InfoCard intends to address). If they have some Mac exposure, I can at least draw some parallels to KeyChain but even that misses the mark by a wide measure. The closest I've come is a quick demonstration of PasswordWallet™, an application I've used for several years to track passwords (and lot more it wasn't designed for) and handle close to automatic sign in for most web applications. Even there, it's missing a huge part of the picture like the virtual device to avoid keyboard loggers (and friends), the features aimed at web services and some sort of description of the browser and InfoCard interaction (where I resort to hand waving at this point). I actually used PasswordWallet today to show the process of generating a new password, something I think InfoCard is going to deal with (but I'm not completely sure about).

It's taken a while to get past my initial disappointment that the identity metasystem was really a client implementation, some new directory schemas (when do we get to see them?) and a bunch of WS-* gobblygook. Pragmatically, the problems that InfoCard is intended to deliver solutions for make me keenly interested in it's success.