Well, since the Federation Gateway uses standard protocols and follows the claims-based model, if you write your application using a framework like “Geneva”, you can just plug it into the architecture and benefit from secure, SSO access by vast numbers of users – ALL the same users we do. The options open to us are open to you.
This underlines my conviction that Microsoft has really stepped up to the plate in terms of federation. We haven’t simply made it easier for you to federate with US in order to consume OUR services. We are trying to make you as successful as we can in this amazing new era of identity. The walled garden is down. We want to move forward with developers in a world not constrained by zero sum thinking.
In theory, this stuff is really good. You have a certifying authority that does fancy crypto to promise that the claim you’re making is good — “I am the owner of this bank account” or “I am an authorized user of this web site” or “I am the person behind the blogging pseudonym ABCDEF” — and that’s all anyone on the other end of the connection needs. They don’t need user id’s and passwords, they don’t need to know your real name and address, they don’t need a whole lot of other stuff that is dangerous to send over a hackable connection between two hackable machines. (And it works the other way too: “No, really, I am your bank’s web site, not some phishing page set up with an ingenious URL and graphical resemblance.”)
OK, yeah, there are issues. There are always issues.
But it’s even good that Microsoft is working on this kind of stuff, because they have the clout to get lots of people to adopt it. (Used to be called “zero-knowledge proofs”, but I guess that’s too fancy a name.) Even better, it may mean that I and hundreds of millions of other people will be able to get stuff from Microsoft (say by offering a certified claim to be a rightful user of a copy of their OS or application) without having to sign over piles of personal information that we unaccountably don’t want Microsoft to have on eternal file.
On the other hand, the first iteration of this works only with Windows — with a mostly transparent version built into Vista — and even the blog where they publish all this stuff and invite discussions is designed to work well only with Windows and IE (maybe Windows and firefox on a good day). If I worked hard enough I could probably figure out how to register and post a comment from FF on a Mac, but it’s not at the top of my list of things I have to do right now.
Oh, and the other thing that pisses me off about identity blog? It auto-reloads every 30 minutes, just in case something earth-shattering has been posted. That means a huge waste of bandwidth for anyone who tends to leave a bunch of tabs open to useful content. They’re essentially screaming: “Don’t keep our site available for ready reference!”