MixedContent

Today I am headed off to the Identity Open Space, happening in Vancouver BC (Got to love those hometown events). My colleague Boris Mann was planning to go, but got called away to Germany for one of our large clients, so I am attending in his stead.

Identity is not an area that I have a lot of experience in, but I’ve been doing some reading to try and brush up, and I feel like someone peering down a rabbit hole. Pretty fascinating.

I like the simplicity of address based schemes (OpenID, LID, SXIP), but they seem like they might be vulnerable to phishing attacks. Despite this, SXIP seems quite interesting, and I like how the system supports the storing of SAML tokens. The WS-* metasystem also seems quite robust, and in particular, InfoCard sounds impressive (although as a newbie, I have no practical experience with any of these).

Recently Lucas Gonze posted some thoughts about his experiments with URL based schemes. As someone involved in many cool music projects, I was wondering what he thought of the relationship between DRM and Identity. While I still maintain that DRM in general makes no sense, DRM tied to a user (rather then devices) makes slightly more sense. Back in 2002, Brian says:

“The point is, information producers over time will tend to want stronger controls over exactly who and how information consumers can use the information. Customer-empowered identity. Big studio DRM. It’s all the same problem pattern from a software perspective, and one which (I believe) can never be satisfactorily solved with software alone. We’re all going to want teeth on our side.”

In any event, looking forward to learning about (and getting schooled) in a new topic!