from Dale Olds, Novell Distinguished Engineer and Bandit Project Leader
Network World's Dave Kearns, Microsoft's Kim Cameron and other identity experts have recently commented on Burton Group Analyst Bob Blakley's notion of an Identity Oracle — a service that answers questions about identity information, without revealing the information itself. Such a service would be similar to the service provided by the ancient greek oracles.
I first heard of it in Bob's talk at the Burton Catalyst conference in June 2006. It was a classic Bob talk with lots of interesting concepts and memorable phrases. For example he strongly contrasted the identity meta-system with his idea of a meta-identity system. It's something to contemplate sometime. Maybe. Maybe late at night when you can't sleep. Or early in the morning. After coffee. Actually the idea is significant, even though the contentious prefix "meta" is used. Central to the talk was the concept of an Identity Oracle.
I will stress — as do Bob and Dave — that the Identity Oracle is not a technology, it's a business. Its business model relies on a particular structure of where identity data is stored, how answers to questions about that data are answered, who pays, and who gets paid for giving answers and properly managing the identity data. The business model is concerned about issues of liability, structuring transactions to increase efficiency, and reducing risk to consumers. Nevertheless, this business model requires that technology be available that can implement it. In that respect, I also agree with Kim.
Much of the open standards and identity system infrastructure to support such a business model are available now. For example, Novell and the Bandit Project recently kicked of a campaign to increase awareness of information card technology. The Bandit Cards site holds identity information that the user has entered. It releases that information to consuming services under the control of the user's identity selector. The actual identity data is retrieved via the Eclipse Higgins Project Security Token Service deployed in the Cards site. It is an illustration of all basic system components needed to implement the Identity Oracle business model — and they're open source and available now.
In fact, it is interesting that the concept of an Identity Oracle has so visibly resurfaced. Why now? It could be because the number of systems that support the necessary protocol flows and identity data management capabilities are greatly increasing — and they are being deployed. It's an exciting thought. Many very significant instances of theft or loss of identity information repositories have been reported in the past few years. Systems such as the information cards used by Bandit and Microsoft Cardspace enable a fundamental refactoring of how identity data is managed. A refactoring that supports new business models such as the Identity Oracle.