Here’s the weird thing about this identity gig: There’s no enemy. So who can we blame for our failures?
Over the years, for each of the things I’ve cared about, usually there’s been an Adversary, a big strong scary one. I’ve championed Unix against VMS, the Internet against the OSI stack, Linux against Windows, descriptive markup against Adobe, REST against WS-*, agile against waterfall, dynamic typing against the statically-typed incumbents, Android against locked-down app ecosystems, and so on.
But, in the world of Identity, who’s the bad guy? I mean, seriously, is there anyone who thinks the current username/password miasma is worth defending? Or who doesn’t think privacy and security are big deals?
There are still big operators out there whose actions give me severe heartburn: Apple, Oracle, and more. But are they identity bad guys? I don’t think so.
I suppose you could point a finger at Facebook if you don’t like their privacy attitude (and I don’t); but as far as I know, they’re not getting in the way of anyone trying to improve the big picture.
If there’s no enemy, we ought to be waltzing to victory, right? We’re not; If you’re in the Internet tribe and want to know who to blame, go look in the nearest mirror. So far, we’ve failed to ship things that combine being secure & private with being easy enough to deploy and use. That’s all.