Via @ggebel on Twitter, I got a pointer to Mike Jones’ thoughtful retrospective on Cardspace here. I have to say, I always had mixed feelings about Cardspace. As someone who had been involved – from inside Sun Microsystems – in the evolution of the Liberty Alliance, SAML and Federation (as a counterpoint to mediated centralised architectures like Passport), Cardspace often struck me as a ‘reaction against a reaction’, and primarily an attempt to regain the marketing high ground. On that basis I was inclined to write it off as a well-resourced solution looking for a problem.
There was a lot on the plus side, though. I have huge respect for Kim Cameron for many reasons. First, he was the person who single-handedly did most to involve Microsoft in the industry discussion about how technology can represent identity. He broke down a lot of barriers, and while I didn’t necessarily agree with the formulation of the “laws” of identity, I can’t deny that they moved the debate forward. Second, I also had a very high regard for Kim’s willingness to listen intelligently to comment and criticism of the Infocard concept, and to adapt it accordingly – even if that adaptation couldn’t always survive the subsequent product management cycle.
I also had direct experience of the professionalism and technical capabilities of Microsoft’s development staff in the UK, as – in response to customer demand – they undertook joint work to implement the Liberty Alliance’s Identity Federation Framework (ID-FF), a protocol which, in some respects, was a direct competitor for their own WS-Fed specification.
But it’s also clear that neither Kim’s vision and understanding nor the field development staff’s abilities were enough to get Cardspace as far as a 2.0 release. So where do we stand? Well, I have two comments, one retrospective and one anticipatory.
Looking back, 20:20 hindsight affords us the usual unique perspective. There are doubtless customers whose future returns on investment in Cardspace now look limited. There are also customers who will now be saying that they made the right call in deciding to wait and see… though I appreciate that there’s an implicit ‘chicken and egg’ dilemma there.
Looking forward, what are we to make of the transfer of marketing focus from Cardspace to U-Prove? Microsoft itself says that one of the issues with Cardspace was that the client software was released before there was an ecosystem of services for it to interact with. Mike Jones also says there was too big a conceptual breach between what the technology did, and users’ understanding of what they were trying to achieve.
I don’t see U-Prove overcoming either of those obstacles as things stand today. In fact, U-Prove is conceptually far harder to grasp than Cardspace, and I think there’s a greater gap between what the technology can do and what users perceive as the privacy problems they need to fix. If Microsoft couldn’t make Cardspace work as a user-facing technology, I have serious doubts as to whether a U-Prove solution can fare better.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.