Microsoft announced last Tuesday that CardSpace 2.0 beta would not be releasing at the same time as ADFS 2.0. That fact may not have immediate significance to you, but it certainly does to me. Microsoft, you’ve blown it.
On one hand, I’m immensely relieved. A premature release of CardSpace 2.0 would have removed personal card support from the desktop, meaning that CardSpace would have been relegated to nothing more than Home Realm discovery.
On the other hand… We won’t know for sure until ADFS 2.0 ships, but from what I and other people have seen from the beta and release candidate versions, Microsoft has broken backward compatibility with CardSpace 1.0. This means that unless Microsoft has taken recent steps to regress their information card issuance code, ADFS 2.0 will ship in information card limbo.
I am trying not to care and failing miserably. Let’s face it, Microsoft can release their software in whatever shape they see fit. If they want to, they can release an initial version of a client with no server, and then release a version of the server *years* later that can’t work with the initial client, and can’t be deployed with the later client because that later client “isn’t done yet”. I’m sure that the collateral damage is the least of their problems, and I actually know and understand better than most what internal and external pressures may have been brought to bear. Resources are precious, and both FIM and ADFS have slipped themselves, so somebody had to draw a line.
But see, people were waiting. Big companies, waiting to run information card pilots. Governments, excited to use ADFS 2.0 to implement higher-assurance consumer identity projects. There weren’t a huge number of interested parties, but dammit, they were BIG interested parties. Those interested parties need a sustainable closed circle — a production server and a production client. Not a production server that can only work with a client that “isn’t done yet”.
In the meantime, there is a very hardy little information card community that can at least now stop the horrible waiting and wondering game with respect to ADFS 2.0 and CardSpace 2.0. The choice for the immediate future is becoming clear: CardSpace 1.0 remains the defacto standard for information cards. The rest is moot. Regardless of the hole that Microsoft may have dug for itself, the quality and uniqueness of the interactions that the IMI spec makes possible are undeniable, and I hope inevitable in some variant. I continue to believe that this protocol represents our best hope to regain rational control over our own digital relationships.
It is entirely possible that companies like Azigo and Avoco Secure will see the silver lining here and do the extra work to shim up the ADFS server to work again with the rest of our ecosystem. We’re not out for the count, and at least now we finally know what the biggest player in our space plans, even if it is a big fat WTF…