It is the life cycle that matters

Phil Hunt of Oracle makes a very good point about OpenID, Information Cards, and Passwords:

It all sounds wonderful. But Kim skips over the problem of how did he get that card? How was he originally authenticated when the card was issued?

Is the information card periodically refreshed or re-authenticated? If it lasts forever, what happens if the information is lost or copied? What happens if someone else is using his workstation? What happens when the Kim switches workstations? For example, Kim decides to check his CNNPolitics profile from a friend’s house? He’ll likely have obtain a new card. I suspect that will involve some form of authentication with his managed card provider. It is clear, while InfoCards may reduce the need for authentication and passwords it does not eliminate them.

Like Phil, I am also a big fan of Information Cards. OpenID, not so much. I would like to see something reduce the reliance on passwords regardless which technology ultimately gets adopted. But currently I don’t see either technology reducing the use of passwords for authentication for anything other than throw away use, like authentication to leave a comment on a blog.

The way provider support the entire life-cycle of the identity seems to always involve passwords at some point, regardless of support for OpenID, Information Cards, or even for that matter, SAML.


One response to “It is the life cycle that matters

  1. Stay tuned as MS has an answer for the challenge you referenced…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s