Doc’s posted some comments re: identity on the Linux Journal site.
If we create the protocols, APIs and other standards that let customers relate at full power with the companies they choose, consumer becomes an obsolete noun. The companies now in full charge of the identities they confer on each of us will no longer have full control, because now they will have to relate and not just distribute. But because we show up as customers rather than as consumers, the range of business possibilities is much larger. The trade-off is a good one for both sides.
But it won’t begin until we get those protocols and APIs, which won’t happen unless somebody decides to write them for everybody. Maybe that effort will come from the noncommercial world, as it did with HTTP and SMTP. Or maybe it will come from the altruistic side of the commercial world, as it did with SOAP and RSS.
Restating my earlier opinions and questions: search is a much higher priority than identity. Both ultimately need a deity which can openly federate down to the client level. What’s the business model for the deity?
With respect to protocols, SAML 1.0 has just been approved by its creators and it provides the basics for a deity to share authentication and authorization information with others. SAML builds on the usual suspects: XML, SOAP, etc. The commercial vendors are all adding support for it to their authentication/directory services.
Do we need an OSIF where the I stands for Infrastructure services (like search and identity)?