Federation is about trust
A conversation today set me thinking (yet again) about why things are not getting better. Once again, I must ask why is it that the identity management situation does not seem to be improving much? In particular, surprisingly little seems to be happening in federated identity. Not because the standards needed to do it don't exist, or exist but don't work, but because they don't overcome the trust barrier. Why should a company trust another company's credentials? Or, at least, why should a company trust another company's credentials unless the both belong to a "gang"?
Don't get me wrong, I do want federation to be super, wildly successful but in the software business what's worse than taking a dependency on someone else's product? Trusting them to deliver on time.
Federation is very similar but as David Birch intimates, the trust just ain't there.
p.s. If I read a single "2008 is the year of federation" prediction I'll be happy to act as that person's kaishakunin on New Year's Day 2009.
identity management, federation