In search of better Identity Management

Last week I met up with Microsoft to catch up with their progress in developing a better, user-centric identity infrastructure.

Microsoft’s journey started with an ambitious but ill-fated venture called Hailstorm, which aimed to implement a secure, global identity system, but misjudged the marketplace. The post mortem prompted Kit Cameron, a Microsoft architect, to develop a set of principles called the Laws of Identity that attempted to set out key requirements of global identity systems. 

Now I’m not fully convinced that these laws are all necessary or sufficient to deliver effective identity management solutions. But they’re a step in the right direction and a huge improvement of early concepts such as Microsoft Passport. 

Of course it’s one thing to evangelise about principles, and another one to build products that meet them. How far is Microsoft from achieving this vision? 

Well they’ve certainly come a long way. Recent announcements about Windows CardSpace and their acquisition of Credentica, a product that enables user control over identity information demonstrate that the pieces of this jigsaw are coming together. Microsoft is clearly serious about making the concept of a privacy-enabling, interoperable, global identity system a reality.

The next question is whether it will catch on. Even the most perfect products can sometimes fail to catch the imagination of the marketplace. And technology alone cannot solve the identity problems of today’s business. We need a lot more work on collaborative architectures and processes. But I wish them well because they’ve clearly gone to enormous lengths to establish, debate and promote the principles behind the technology.