Pamela is right. How will the market evolve if we can't even get the basics agreed upon. It's clearly a market adoption issue, but this is going to take quite some time. Pam suggests:
I believe we’ve hit a crossroads, my friends. Here’s what’s happening. We have a groundswell of support and interest in technologies that reduce the need for passwords in the Enterprise. Some of these technologies have been around awhile. Some of them are new. All of them want to integrate with YOU, the Enterprise Application. Action is necessary in the immediate future.
In talking to your fellow vendors, I can almost feel the panic - you can’t possibly support all of the new technologies coming out, you aren’t even supporting technologies that are years old — how do you choose?
My preference? Set up your application so that the customers can write their own identity front-end integrations. Allow your client base to directly underwrite & collaborate on support for the technologies that they need.Obviously, Oracle has been thinking about this problem too for some time. However, there is a strong feeling that the solution has to be standards based and available in an open way.
This in part was the motivation behind the IGF project at OpenLiberty. You see, the idea isn't just to support identity privacy and governance, but to create an application identity API (aka Attribute Services API) that allows applications to become decoupled these issues of having to support all the protocols and technologies out there. It lets the enterprise's decide how and when applications should access identity information and by what means.
p.s. I know, I know...the web site isn't that great yet. It still needs a lot of work and many improved explanations. It also goes without saying we need more than just a Java implementation. Any volunteers interested in building this community and addressing Pamela's challenge?