|
About Dave Kearns follow me on Twitter IdM Journal Wired Windows Dave Kearns' Fusion newsletters on:
|
Monday, June 20, 2005
Identity metamagicJohannes Ernst worries about Microsoft's use of the phrase "identity metasystem" as a descriptor for the InfoCard project.He's quite right to worry about it. The Microsoft document describes this as: Given that universal adoption of a single digital identity system or technology is unlikely ever to occur, a successful and widely employed identity solution for the Internet requires a different approach—one with the capability to connect existing and future identity systems into an identity metasystem. This metasystem, or system of systems, would leverage the strengths of its constituent identity systems, provide interoperability between them, and enable creation of a consistent and straightforward user interface to them all. The definitive reference on "meta," though, is Douglas R. Hofstadter's Godel, Escher, Bach: An Eternal Golden Braid. This seminal work (published in 1979) correctly treats "meta" as meaning "about" rather than "containing." Thus if we have a system b the metasystem B would be a system to talk about system b but would not (necessarily) include system b within itself. In his book, Hofstadter does then go on to create self-referential systems which can do things as well as talk about how they do things, but that's beyond what we need in this discussion. The Microsoft language appears to be derived from one viewpoint of a metadirectory, such as Microsoft Identity Integration Server. Since the metadirectory engine is used to tie together different identity repositories, someone - in writing the Microsoft paper - thought to use "meta" to describe a container. But in the sense that Microsoft uses "meta directory" (inherited, along with the foundations of MIIS, from ZOOMIT Technology), the "metadirectory" consists of descriptions (i.e., "talking about") other identity silos and containers. A identity metasystem, then, is not a superset of identity systems, but a self-referential description of identity systems. It appears Microsoft marketing had too much to do with this paper and tried to tie it to the MIIS product much to the consternation and befuddlement of people who do understand identity systems. Comments:
The "claims transformers", that is the STS engines exist to do away with the need for any single point to speak to either endpoint of a transaction. Think of this as analogous to the way a packet traverses the internet or (even better) the way a UUCP packet used to get from point A to point B with transformations occuring all along the way. Transformation engines are used in Identity transactions all the time - think provisioning and synchronization.
Post a Comment
It also helps if you consider that what Microsoft is preaching is A system, not the system.
© 2003-2006 The Virtual Quill, All Rights Reserved
Home
|
|
![[Powered by Blogger]](http://buttons.blogger.com/bloggerbutton1.gif){kind=small}