At the Berkman Identity Mashup two weeks ago, at an open space session proposed by Paul Trevithick (“Professor Higgins” ;-), the Identity Gang reached consensus on a fundamental metaphor for interoperable identity systems: the i-card.

This consensus was rooted on the fact that, at least in English, the noun “card” (in the general context of communications) is widely understood to mean “a container of information”, or even more specifically, a “container used for purposes of sharing or exchanging information”. This differentiates it, for example, from the term “page”, whose connotation is more of a fixed set of information available for viewing, such as “a page in a book” or “a web page”.

Why the “i”? As Doc Searls put it in the discussion, “A metaphor describes how something is like something else, but not exactly the same as something else.” So the “i” in “i-card” serves the same purpose as the “e” in “e-mail”: it’s a way of suggesting that an i-card is a metaphor to a physical card, such as an ID card, business card, or credit card, but not an exact duplicate. Dale Olds of Novell pointed out that this is just like the graphic folder metaphor used by most file systems: it is similar to a physical file folder, but not the exact equivalent.

When it comes to cards, “i” word better than “e” for all the same reasons it does for “i-name” and “i-broker”, namely that it connotates and abbreviates:

• identity—the assertion of equivalence to something that exists elsewhere (in meatspace or headspace)
• information—what is exchanged using the card.
• internet—the medium of exchange in the broadest sense.
• intelligent—in a digital format, the card can be “smarter” than paper.
• I—the English word for “first person singular”, which in a strict identity graph context can be though of as “the implicit starting node for any relationship”.

This consensus has been badly needed because the Identity Gang (as a loose proxy for the Internet identity community as a whole) has been struggling to settle on a common metaphor for how to describe the set of information that is exchanged in the context of establishing a identity relationship.

The primary need for such a metaphor, as everyone at the session agreed, is to enable consistent user experience—something that is all but impossible without a simple, universal conceptual model users can grasp. The importance of his factor is captured in Kim Cameron’s 6th Law of Identity. Kim has often explained that Microsoft originally chose the card metaphor because it was such a clear analogy to the familiar experience of showing a physical identification card such a driver’s license or credit card. (Microsoft was not the first—Novell’s DigitalMe initiative featured “meCards” all the way back in 1999, and undoubtably there were others before that.)

A related lingering problem was also solved a few weeks ago when Microsoft choose the name “Cardspace” for its implementation of the WS-Trust-based authentication and attribute exchange infrastructure that has been code-named “InfoCard” for the past few years. Suddenly the pieces all line up: i-card as the generic term for “a container of information exchanged for the purpose of identifying or describing the parties to a relationship”, and Microsoft Cardspace as the trademarked name for Microsoft’s specific implementation of i-cards using a specific protocol (WS-Trust) on a specific platform (Windows).

As big a problem as this solves for consistent user experience, I have a different reason for believing it is a profound step in the evolution of interoperable Internet identity. For me it solved of a longstanding identity conundrum I liken to the longstanding debate in physics, “Is light a particle or a wave?” In the end the answer was mu (“unask the question”), because it turned out light could be treated as either a particle or a wave. Both were valid models and the one to use depended on the problem being solved.

Translated to identityspace, the analogous question has been: “Is identity an address or a card”? Or to use the new terminology, “Does one establish an identity using an i-name or an i-card?” At long last this question can be answered exactly the same way the physicists did: mu! Both are valid models and the one to use depends on the problem being solved.

In a session about i-brokers at the Berkman conference, I described the difference between “address-based identity” and “card-based identity” this way:

• Address-based identity can have the property of being “resolvable”, i.e., a digital address can serve not only to identity a digital subject, but when needed, as a way of enabling further discovery about or communication with the subject. Address-based identity is required, for example, when two parties need to establish a bi-directional messaging relationship (email, phone, IM).
• Card-based identity has the property of being descriptive, i.e., of being able to represent attributes, claims, or other metadata and data associated with a digital subject. Card-based identity is required, for example, when a relationship is predicated on one or both parties having certain attributes.

From these descriptions, two conclusions immediately fall out:

1. These two forms of identity are not mutually exclusive, i.e., an address-based identity can be used to discover/request a card-based identity, and a card-based identity can contain one or more address-based identities.
2. Neither form inherently implies or requires the other, i.e., an address-based identity does not mean that a card-based identity is available (or, if available, that a contact has access to it). Nor does a card-based identity mean that an address-based identity is available (or if available, that a contact has access to it).

Whatsmore, both address-based identity and card-based identity can be further classified in some very helpful ways:

• Address-based identities can be broken into resolvable and non-resolvable. While an address-based identity is always unique in the address space in which it is assigned, that doesn’t necessarily mean it can be resolved, i.e., dereferenced via a mechanism or protocol that provides further discover or communications with a digital subject. An email address is a good example of the former; a browser cookie a good example of the latter.
• Card-based identities can be broken into addressable and non-addressable. This means that some card-based identities may contain an address-based identity and some may not. A business card is the classic example of an addressible card-based identity; in fact the primary purpose of most business cards is to share address-based identities. On the other hand a coffee-shop loyalty card is a good example of a non-addressable card-based identity: while it describes identity-related attributes of its owner (how many cups of coffee they have purchased), it may not contain any address-based identity whatsoever (not even your real-world name).

With these distinctions made clear, we can now propose an “Eighth Law of Identity”:

An interoperable identity metasystem must support both address-based identities (resolvable and non-resolvable) and card-based identities (addressable and non-addressable).

In other words, i-names and i-cards will not only co-exist, but they are highly complementary. For example, i-names can be used to request i-cards and i-cards can be used to share i-names. And both can be more user-centric and privacy-protecting than anything we have in the physical world, or even anything else that we have developed in cyberspace to date.

And i-brokers, for their part, can provide both address-based identities and address-based identity services and card-based identities and card-based identity services—and all of them can live happily ever after together.

And the clouds part and the sun comes shining through just like it did through the leaves of the elm trees where we sat outside the MIT Media Lab for the i-card open space session. Sometimes it takes the light of many minds shining on a subject to make it clear to all of us.