Last week saw the publication of a survey, well as I warned a week or so back, it is the time of year for surveys, but this one was first of all on any interesting topic and second was by a German company thus giving us a European perspective rather than the usual USA perspectives. Kupplinger Cole published their report in German but a few moments with Babel Fish gets a perfectly workable translation into English, or indeed any other major language.

Last week saw the publication of a survey, well as I warned a week or so back, it is the time of year for surveys, but this one was first of all on any interesting topic and second was by a German company thus giving us a European perspective rather than the usual USA perspectives. Kupplinger Cole published their report in German but a few moments with Babel Fish gets a perfectly workable translation into English, or indeed any other major language.
The trends they identify in order are;

  1. Open ID, Infocards, CardSpace – in fact the whole concept of Identity 2.0
  2. Governance, Risk management, Compliance – all forms of “cover” (which seems dangerously wide)
  3. Modularity and openness instead of monolithic Suites
  4. SOA and Identity Application Management grow together
  5. Authenticating and authorizing in the context of the user (which can spectacularly go wrong by allowing a ‘trojan’ to be placed between the two ends of the transaction)
  6. Privacy and data security
  7. More players and products in the market
  8. Finally online Banking becomes safe
  9. Information and identities are linked
  10. Federation matures – even if only slowly

I check the list with a colleague whose area of expertise this is, and he was surprised to see that Distributed Denial of Service, DDOS, were not specifically mentioned as the criminal elements seem to have taken this on board big time. However we decided that taken together what this list does show is that back office applications are giving way to front office services and this is causing a huge change in the Identity Management market both in terms of how identity is linked to users and activities, and in the number of players and solutions entering into what is effectively a new and booming market. And yes of course it must be a called a ‘2.0’ market and some sort, but ‘Identity 2.0’ does seem a bit of a confusing tag. Maybe this is a little unfair as it’s arguable that the mass shift of users into so called Web 2.0 activities has caused the need for the new approach to identity management, however the once active site on the topic has had no new posts since the 7th Feb 2008!
It’s much better to get off the hype and focus on OpenID, which is after all the ‘standard’, unfortunately if you do some checking it’s not that easy to figure out exactly what the position is, and what actions to take. Well they do say that the nice thing with standards is that there are so many to choose from but this is not really helpful to someone trying to figure out how to approach the topic. It may well be a defence to say that the approach is common on all these sites but this is hardly going to help when as far as I can tell it seems that a common ID couldn’t be used across them all.
A round up starting with http://www.openideurope.eu/ is at first glance encouraging as it shows that other than the usual suspects from the IT vendor’s side the most active participants are governments! This is indeed a pleasant surprise, and it does seem that quite a few governments have got their acts together to understand that protecting their citizens identity and safety on the Web is every bit as important as protecting their physical safety in real life so maybe this will at last standardise this crucial area. Nope, not so fast, the industry vendors have their own and separate web site at http://openid.net/foundation/ in their defence they do say that they will follow what their customers require.
A fourth site also based on using the basic url ‘OpenID’ is at http://www.openid.org/start.aspx but this time with the suffix .org to join the others using .net and of course there is a fifth using the OpenID.com suffix www.openid.com. Sorry but I think this is exactly what is holding us back, time and time again the lesson has been that markets accelerate and grow to everyone’s benefit when users feel comfortable that what to buy is clear and standards, defacto or otherwise, are in place. So sorting out a common Identity may be on the top of the list, but I don’t think many users are still going to find it all too unclear to do more than test a small area of their business. Worse they may join the large financial institute I heard about last week where they had more than one hundred identity federations, that’s not solving the problem, its making it worse.