Doc Searls has nicely framed the key questions involved with Microsoft’s proposed identity metasystem architecture. He closes with:
So, here’s the first big question: Does the metasystem require adoption of SOAP and the whole WS-* suite of protocols (or whatever those are) Ã¢â‚¬â€ that whole bulleted list above Ã¢â‚¬â€ or something much less than that? I’ve gathered from Kim that WS-Trust is an essential component. But what about the rest of the list? Seems to me that Kim conceives the Identity Metasystem as a wide-open and inclusive architecture in which all kinds of current (LID, Sxip, XRI-XDI) and future identity systems can participate. Is this possible if the required protocols aren’t really open or usable in a practical sense, as Julian contend? And, for that matter, is the WS-* suite a done deal, either? What, if anything, needs to be done there to make it (or parts of it) acceptable to those who inclined to dismiss it?
The second big question (especially for my constituency) is, What will it take to get open source developers, and the rest of the non-Microsoft world, to adopt and deploy stuff that works within the metasystem? Licensing is clearly an issue. What else?
These questions reflect the gut feeling I noted after Digital ID World, the questions are all turning from “what” (what will an interoperable identity metasystem look like?) to “how” (how can it be simple and open enough to be implemented everywhere like TCP/IP, DNS, SMTP, and HTTP?)
My 5+ years worth of work on what’s now XRI and XDI has made me hypersensitive to these latter questions. Time over time I have been hit over the head by developers with “Make it simpler! It has to be simpler! Wed won’t implement anything that isn’t simple!” It has taught me the wisdom Marshall Rose expressed twelve years ago in RFC 1425:
SMTP’s strength comes primarily from its simplicity. Experience with many protocols has shown that: protocols with few options tend towards ubiquity, whilst protocols with many options tend towards obscurity.
So that’s become our driving mantra in XRI and XDI: find the magic means to make it, as Einstein said, “As simple as possible but no simpler.” Because I do believe those developers are right: whatever becomes the interoperable identity protocol of the net, it’s going to have to follow in the mold of TCP/IP, DNS, SMTP, and HTTP.
I look forward to Kim’s insights about how he sees this simplicity being achieved with WS-Trust.