Subject: Re: An Open Source version of Hailstorm and Passport
From: Ben Tilly <btilly@gmail.com>
Date: Sat, 2 Apr 2005 21:58:35 -0500

On Apr 2, 2005 12:14 PM, Ralph Corderoy <ralph@inputplus.co.uk> wrote:
> 
> Hi Ben,
> 
> > > I have always been suprised about the (apparently) few attention
> > > that identity management has attracted on the Internet.
> >
> > Those who have looked at it have found it a harder problem than they
> > expected.
> 
> How's Plan 9's `factotum and secstore' weigh up?
> 
>     http://maht.dotgeek.org/plan9/factotum.html

It doesn't.

The technical problems are trivial.  The real problems are elsewhere.

So you have an identity management product.  How do you get
people to sign up?  How do you get businesses to sign up?  How do
you generate trust in your solution?  Exactly what information do you
share with businesses, and what information don't you share?  When
you go international and EU regulators point out that they have
privacy laws, how do you comply with them and demonstrate that
you comply with them?  How much research does it take to sort
these issues out?

Owning "identity" is something that a lot of companies want to do.  If
for no other reason than the level of lock in you generate.  (Which
business reason causes wise customers to be dubious of you...)
Nobody has succeeded in doing this, and there are good reasons
why not.

Cheers,
Ben