I’m currently trapped on the six-hour flight out west to join the rest of the Identity crowd at this year’s Internet Identity Workshop, so I thought I’d use the time to write my final post on the history of iCards. Fittingly, the subject of this post is the father (grandfather?) of iCards, Microsoft’s own Identity Architect in residence, Kim Cameron.
Many people know (of) Kim from his Seven Laws of Identity, but Kim’s story (like most of the participants in the community) starts much earlier. Kim began his career in academia teaching Sociology (he had concentrated in both Sociology and Math/Physics), an occupation that he loved (teaching), but a subject that he soon became disillusioned with (as he said, “There was never any way to prove who was right”). Like any disillusioned sociology professor, he did the natural thing and started a Reggae band (no, I’m NOT making this up), called the Limbo Springs and proceeded to tour the East coast of Canada and the US for the next 7 years.
Having come off his 1981 sold-out stadium tour promoting the multi-platinum “MetaLimbo” (okay, THAT I made up, but JUST that), he returned to Canada to teach Assembly at George Brown University, Canada’s largest community college (as he explains, technology was always his fall-back when he needed money—sounds familiar!). It wasn’t long, however, until he realized that teaching technology wasn’t what he wanted to do long-term, so he and the head of the IT department decided to start a technology business. As he explains, they were dead-broke at the time (as btw it seems everyone in this space is broke at some time or another—I, myself, like to go broke about once every four years), so they did what any broke technologist would do and started consulting.
Kim and his partner were obviously quite good at what they did because they built this nascent technology company into a 40 person strong outfit by 1992, which was when Kim first encountered the problem of Identity (How many of YOU can say THAT?!). The issue of Identity arose when he was trying to build an email directory for Sprint’s 60,000 employees. The problem was that those 60,000 employees had 150,000 email addresses (it was common to have an email for every ISP at the time). The question was, how do you find a way to associate each of those email addresses with the correct person in the directory?
If you know anything about Kim or his company, you will recognize this was his first foray into the technology that would put Zoomit on the map (and eventually in Redmond as part of Microsoft)—the metadirectory. Metadirectory technology arose out of the need to simplify the management of people and software in the enterprise. Anytime someone joins a company, they have to be given permission to use any of a number of pieces of software and other digital assets. The larger the corporation and the more wired it is, the larger this problem becomes. How can an administrator setup 25 accounts for every person for a company that hires 10,000 employees a year? Better yet, how can an administrator ensure that access has been properly removed for a company that fires that many people in a year?
To solve this problem, Kim and the Zoomit team came up with the concept of a “metatdirectory”. Metadirectory software essentially tries to find correlation handles (like a name or email) across the many heterogeneous software environments in an enterprise, so network admins can determine who has access to what. Once this is done, it then takes the heterogeneous claims and transforms them into a kind of claim the metadirectory can understand. The network admin can then use the metadirectory to assign and remove access from a single place.
Zoomit released their commercial metadirectory software (called “Via) in 1996 and proceeded to clean the clock of larger competitors like IBM for the next few years until Microsoft acquired the company in the summer of 1999. Now anyone who is currently involved in the modern identity movement and the issues of “data portability” that surround it has to be feeling a sense of deja vu because these are EXACTLY the same problems that we are now trying to solve on the internet—only THIS time we are trying to take control of our OWN claims that are spread across innumerable heterogeneous systems that have no way to communicate with each other. Kim’s been working on this problem for SIXTEEN years—take note!
When I asked Kim what his single biggest realization about Identity in the 16 years since he started working on it was, he was slow to answer, but definitive when he did—privacy. You see, Kim is a philosopher as well as a technologist. He sees information technology (and the internet in particular) as a social extension of the human mind. He also understands that the decisions we make as technologists have unintended as well as intended consequences. Now creating technology that enables a network administrator to understand who we are across all of a company’s systems is one thing, but creating technology that allows someone to understand who we are across the internet, particularly as more and more of who we are as humans is stored there, and particularly if that someone isn’t US or someone we WANT to have that complete view, is an entirely other problem.
Kim has consistently been one the strongest advocates for obscuring ANY correlation handles that would allow ANY Identity Provider or Relying Party to have a more complete view of us than we explicitly give them. Some have criticized his concerns as overly cautious in a world where “privacy is dead”. When you think of your virtual self as an extension of your personal self though, and you realize that the line between the two is becoming increasingly obscured, you realize that if we lose privacy on the internet, we, in a very real sense, lose something that is essentially human. I’m not talking about the ability to hide our pasts or to pretend to be something we’re not (though we certainly will lose that). What we lose is that private space that makes each of us unique. It’s the space where we create. It’s the space that continues to ensure that we don’t all collapse into one.
Well on that rather heady note, I’ll end this look into the history of iCards. I for one, however, am glad that as we explore this space and redefine what it is to be a person, that we have someone like Kim deeply involved. I want to move forward as much as anyone, but I also understand that we are touching on what it means to be a person in the 21st century, and when dealing with the core of humanity, we ought be most careful about any unintended consequences we may produce. Next up, the “original” identity metasystem, the Liberty Project, and the lightweight alternative that is taking the internet by storm, OpenID.