Monday, April 07, 2008
Enterprise Scenarios for CardSpace
Figured I would dissect his most thoughtful posting:
- Hey! CardSpace is not just a consumer technology. If you think it is, you're missing the point. It is a bit frustrating to hear even some of my Microsoft colleagues refer to CardSpace as though it belongs on the shelf somewhere between Zune and Halo3.
- To see why, take a look at the scenario I bumped into recently in the insurance industry. As anyone who has purchased insurance knows, many products are sold and sometimes managed by independent insurance agents. For these products, the industry is not simply a collection of large, competing carriers; it's an ecosystem of inter-dependent organizations.
- It's often highly impractical to manage the identities of these non-employees as though they were internal members of your own organization. Yet at the same time, providing direct access to internal resources or applications can really streamline core business processes-if this access is secure.
- In short, organizations must demonstrate their willingness to consume identity tokens from external identity providers. But they will hardly be willing to invest in the technology to consume tokens if there are no providers. The chicken and egg problem rears its ugly head once again.
Another thought says that these types of relationships won't happen quickly due to regulatory considerations. Imagine a regulated industry vertical that is on the radar of the likes of Elliot Spitzer. Do you know how difficult it would be for multiple carriers to talk with each other regarding technology without some lawyer somewhere getting it twisted and thinking about collusion?
One potential answer to collusion is that software vendors such as Microsoft, Oracle, Ping Identity, Sun and others could stop sending their order taking sales folks and start figuring out what role they need to play in terms of community formation. I would love to see Patrick Harding share his thoughts on this topic as he has the perfect background in order to make this happen.
The funny thing about Microsoft is that they should at some level consider their own use cases. For example, I know that Microsoft outsources its benefits administration, wouldn't CardSpace make it more secure for their own employees? I would be curious to learn the actual implementation details of how this works today within Microsoft. I wonder if they are leveraging ADFS, OpenID or some other technology?
Links to this post: