Microsoft embraces OpenID
Once upon a time there were three knights who as is fitting an dproper for knights decided to fight a dragon that was doing the stomping, terrorizing and eating of young maidens that is fitting and proper for dragons to do.
The road to the dragon was long and on the way the knights argued amongst themselves as to who would be the one to slay the dragon. One said that he would to the deed because he was the largest, another said he would do the deed because he was the smallest nimblest, the third said that he would be the one as he had been in the dragon killing game for many years and knew a thing or two.
So anyway to cut to the chase when they arrive at the cave and see that the dragon is a really really big one the large knight and the small knight realize that it is going to be a pretty big task even if all three of them work together.
Which is a long way of saying that Bill Gates just announced that Microsoft CardSpace will be supporting OpenID.
This makes a great deal of sense, none of the Identity 2.0 schemes has the full story. All the schemes already recognize the fact that SAML is the only standards based authentication technology neutral format for issuing third party accredited attribute assertions.
CardSpace has a compelling user interface which as Mike Jones of Microsoft just reminded me provides an initial experience that is not under the control of the relying party. If we are to defeat phishing type attacks we have to move to this type of interface built deep into the core of the operating system.
OpenID 2.0 has netroots reach, the ability to engage the blogs and the ability to support the legacy infrastructure. It is also potentially a compelling brand.
In ten years time I expect that elements of all three infrastructures will be in ubiqitous use. I don't think we will ever get to the point where the authentication requirements for banks and blogs are equal but there is no reason why a single technology platform cannot meet both sets of requirements.
