I was at Internet Identity Workshop 2006 last week, and because it is a conference focused solely on the subject of identity, it served as a good opportunity to take stock of the situation. To be sure, a lot of progress has been made in the last year; if I have my facts right, YADIS – the lightweight discovery protocol for specifying capabilities for URLs – was conceived at last years IIW and has made it all the way to a 1.0 specification this spring. The ecosystem has come a long way towards the issue of identity in the past year too.
At Esther Dyson’s PCForum in Carlsbad, CA last month, the theme for the conference was “Erosion of Power: Users in Charge”. As with all forward-looking conferences there’s always an element of wishful thinking and projection in the conference themes. From the myriad conversations I’ve had at PCForum, IIW2006, and everywhere else in the past few months however, the idea of universal identity – names, attributes and policies managed by the users themselves instead of as part of someone else’s application – has clearly emerged from ubergeek fascination to an industry opportunity to improve both user experiences and application quality for the Internet services.
What’s the Big Idea, Again?
The rationale behind universal identity is that traditional web applications – “walled gardens” that implement a robust user profile system – are:
- complex to build
- a headache for users to register for and use
- “one-off” implementations that are generally unable to interoperate with other applications
As a result, Internet applications either need to be sufficiently large and commercially robust to support the implementation of a user profile system, or the application needs to avoid user identity altogether. So we end up with a relatively small number of big applications like Amazon.com that implement a full user management system on one end, and a lot of “anonymous” applications like del.icio.us on the other end of the spectrum. There are applications in the “middle class” – applications which incorporate user identity in a lightweight way, but these applications end up investing an inordinate amount of resources into user profiles, at the expense of focusing on the value the application is supposed to provide.
Universal identity affords the application developer a “plugin API” for managing users in an Internet application. Given a set of open, free identity standards and protocols, and the available infrastructure to support them, applications can integrate user identity and profile information in a way that is:
- much simpler to build than building it yourself
- familiar and easy for users when registering with the application
- interoperable with other applications – for free
Applications can harness the open APIs for universal identity, and quickly add the features and functionality needed to support user preferences and policy. In addition to incorporating user management into the application in a “component” fashion that eliminates the need to write it from scratch, the open APIs enable all enabled users in the ecosystem to quickly and easily register for the application. Over time, these APIs will provide an easy “on-ramp” for millions of equipped users who have IDs ready for use with applications that support the APIs.
Making It Happen
While the value proposition for universal identity has been largely accepted in the ecosystem now, there are significant obstacles to overcome. It’s a classic “double threshold” problem. On one hand if there aren’t sufficient applications that support universal identity, users won’t be motivated to sign up and configure their identities. On the other hand, if there aren’t enough enabled users in the system, application developers will have a hard time seeing the benefit of integrating with universal identity APIs, no matter how convenient they may be,
At VeriSign, we concentrate on delivering services that represent “intelligent infrastructure”. In this space, we believe that one of the ways to help the ecosystem break out of the double threshold problem is to offer services and enabling infrastructure that will help bootstrap both the application and user community. In talking with partners, customers, and stakeholders in the identity community, we’ve identified three resources that are needed to jumpstart the ecosystem for universal identity:
- An open, lightweight, comprehensive API for integrating with universal identity applications and service providers
- Available libraries and tools that implement the API in popular web development languages and frameworks
- An identity service that can serve as a solid, secure home base for users who want to create and manage their own online identities and profiles.
VeriSign has been working on all three of these items, and I’ll be announcing and discussing details of our efforts here in the coming days and weeks.
At conferences like IIW2006 and in forums, lists and discussions on this topic, the idea of the “Identity Big Bang” has emerged as a reference to the idea that once universal identity does reach critical mass, it will quickly begin to realize network efficiencies, according to Metcalf’s Law. Each new enabled user and application adds value to the ecosystem geometrically, as opposed to linearly. In a relatively short time, we might expect to see very broad adoption and integration with universal identity systems – a “big bang” that will unleash a whole new generation of applications, enabled and empowered by an common pool of users. For users, this “big bang” represents an important change in the balance of power between user and application. If universal identity becomes pervasive, users will be in control in a way they previously haven’t been; users will be empowered as “sellers” of their participation, which may include providing applications with basic personal information, demographic attributes, click stream and attention stream data, and tagging/reputation metadata.
Once a common practice and platform for universal identity is in place, applications that incorporate it won’t just benefit from easy registration. Applications that build on top of universal identity can be easily integrated as well: tagging, reputation, payment, professional qualification, social linking and a variety of other features can be overlaid on top of your application with minimal effort.
Will that produce a “big bang” – an explosion of innovation in internet applications? It’s easy to identify an element of hype in this phrasing – even on the Internet, the ecosystem doesn’t change overnight. However, although there’s a lot of hard work ahead for the providers in this space to get universal identity catalyzed, there’s good reason to see that it can and will introduce important new types of applications, transactions and online relationships.