I have been out of the mainstream of the identity discussions for the last four years while I worked on issues of securing XML messaging and service oriented architectures. So the Internet Identity Workshop appeared with perfect timing in the second week of my new job – thanks for the invitation Phil.
There are certainly a lot of new endeavors that have started up and I enjoyed the content at IIW and the interaction with some very bright people. However, I was more than a little disappointed at the number of people who do not understand the underlying issues that make identity systems hard to construct. There was a lot of enthusiasm for OpenID and allied mechanisms and I am certainly in favor of the privacy and identity motivations behind Identity 2.0.
Unfortunately sessions dealing with “establishing trusted identity providers” or “how to trust an identity provider” kept dropping into discussions about low level mechanisms. Honestly, all the black lists and white lists or alternative schemes will not address fundamental questions like “How do you create a trusted identity authority?”, or “How do you determine if an identity provider is trustworthy for my intended identity use?”.
Still, that is about what you might expecdt for the maturity level of a new endeavor; there is lots of work on the technology and protocol level, but that has never really been the hard part – here’s to hoping that the issues that will make or break these efforts will make some progress here soon.