Security/identity / XML · 2007-07-02

Trends and transients in web services and identity

In a few weeks’ time I’ll be at the XML Summer School, teaching and learning and, um, drinking. One of my assignments there, as Lauren explains, is to spend five minutes opining on technology themes as “trends and transients”. My approach last year was to cover somewhat more ground under the general heading Tr*:

  • Tropes (technology metaphors that have perhaps become dull with overuse) — I listed “architectures” and “messages” in 2006.
  • Trends (things worth knowing for the long haul) — I offered “identity layer”, “mashups and SPLJ”, and “privacy” last year.
  • Transients (shiny new things that are unlikely to stick around) — in 2006 I listed the “SOAP vs. REST” controversy and the naming of things as “2.0”.
  • Transparents (important things people keep looking through instead of at) — last year I highlighted “policy”.

One theme I’m thinking of including this year is account linking — that is, federating or associating multiple identities together. While I was on vacation last week, blissfully keeping away from Planets Identity and XMLhack (though I appreciated them all the more on my return!), I gather that there was a blogospheric dustup about the notion of an “identity layer” and whether it’s good, bad, or indifferent — Kermit Snelson summarizes and deconstructs the discussion nicely here. (I would also point to Interop of Twitter and Pownce by Marc Canter and Network Effects Mean Walled Gardens Are Here to Stay by Dare Obasanjo.)

What I meant when I talked about an identity layer Trend last year was a single shared means for exchanging identity information and distributing identity tasks in a secure, privacy-sensitive fashion, not a means for ensuring that everyone has One True Identity. I just don’t see the latter happening any time soon or even being a good idea. On the other hand, the task of federating identities just reflects the reality that (1) people will continue to have digital identities in different “identifier namespaces” and (2) people want a unified experience across them. (Heck, even OpenID-consuming websites doing any kind of persistent user personalization have to federate the distributed OpenID account with a local app account.) Users’ desires for linking multiple distributed identities will eventually trump “account jealousy” on the part of identity providers, and providers will have to get a lot better at doing the linking — sometimes in challenging circumstances that demand new sensitivities to privacy. I smell Trend…

What would your Tr* 2007 answers for web services and identity be?