Those of us in OSIS have half-joked about the I4 Interop event being the end of the beginning — but yesterday, the announcement of Geneva ushered in a new beginning. It is still a long road ahead, but mark my words, the momentum changes here.
I was recently asked in a rather public forum whether people are really using Information Cards. The answer was a reluctant no.  There are a few pools of use that are extraordinary, the largest being in Europe. There are many very interested parties. There is development happening all over, but not released yet. I am ok with this however, because the truth is, this technology will break out when it is not just cool, but also the obvious choice for the job.
In the past, this technology has been evangelized as the end of passwords, which is, in my mind, a mischaracterization. It is not the end of the password. It is the end of the login form.  It is the end of that uncertain little piece of html out there that may or may not be well written, or well protected, and may not actually even be the place you trust.  That may sound like a small little piece of the pie – but when you combine that little piece with the power of the underlying protocols, and the massive usability problem that confronts us now in the security space, what we get is a lot closer to the complete picture.
Why is this complete picture necessary? Ah, well this is the thing, isn’t it? People keep asking me, why would we ever NEED information cards? We’re already busy, we don’t want to add something we have to work hard to understand to our Enterprises or to our products, and we’re getting by JUST FINE thank you very much…
Microsoft answered that question yesterday too, with Azure.  As I’ve said before, your provisioning problems can be ignored when removal of network access can act as a master switch for all the nonexistent process in the Enterprise.   Once your Enterprise starts pushing critical business functions outside of the Enterprise, there is no choice but to evolve your Enterprise towards claims-based Identity, federation, SAML, information cards, and this whole next generation of accountability.  In order for Azure to exist, MS had to find a way to push credentials out into the cloud as well — and here we are.
This is the vision. And the opportunity, long awaited.  For those of you who might think that this sounds like a great Microsoft conspiracy here, remember the protocols that this identity layer rests upon are OPEN, and although MS was involved, so were a huge number of other people and companies. Anyone can play. Instead of simply engineering an Identity layer for themselves, Microsoft has instead worked within the community to enable something much greater. I have been lucky enough to see just how much work, time, money, and care has been put into making sure that there are tools, products, and services out there that give people choice in the Identity Infrastructure they use to interact with services such as Azure.
I tip my hat to all you folks on the federated identity team at Microsoft — past and present members.  You have walked and will continue to walk a tough line, but I hope that now, at least the story gets easier. Thank you.
Pingback: des on Federated Identity … less is more » Blog Archive » “Geneva” SAML Interop … With a Lot of Help from Our Friends