It’s been several years since I first came across Kim Cameron’s Laws of Identity.  I think it’s about time I reviewed where the web identity revolution has got to.

Not far, it must be said.  Cardspace is dead, and to be honest, I’m not surprised.  Microsoft never really got fully behind it (I’m not aware that they ever bothered implementing support within Windows Live, for example), and Cardspace had a couple of design flaws that to me undid it’s usefulness.  Two spring to mind.

First, the very rigid fields.  Every card had separate fields for first and second names.  If I wanted a self-issued ‘Fraggle’ card, I couldn’t do it as, invariably, sites wanted both fields filled out, which isn’t meaningful when you’re using a pseudonym.

Second, optional info was an all or nothing deal.  If a site requested age and email info as optional, and I was happy to give out my email, but not my age, then I was out of luck.  You either gave both, or you gave neither.

What’s ironic about Microsoft’s abandonment of Cardspace is that while they have failed yet again to provide a ubiquitous online identity solution, their first attempt, Passport, has come back from the dead.  You’ve probably used it already, and you know it as Facebook Connect.  I’m sure there’ll be many theories about why Facebook Connect has succeeded where Passport miserably failed (I put it down to Facebook actually being vaguely useful), but it’s important to note that there is no essential difference between Facebook Connect and Passport.  One login to rule them all with all the info in one silo.  Once Facebook and Google get together, they’ll know pretty much everything about everybody.

So what *do* we have?  Well, we have OAuth, which ironically Facebook Connect leverages, which looks like it will take over the backend, but other than OpenID, I’m not seeing much by way of a frontend, and OpenID support is quite patchy.

Things really need to step up, though.  The Personal Cloud is coming, and it’s not gonna work if we can’t trust and secure it…