Starting with the Identity Openspace Conference (rumor stage) on Monday and continuing into the DIDW conference where it became public, the talk in the halls has been about Microsoft's Open Specification Promise announcement.
Many have blogged about the announcement. Lots of praise is afloat for Microsoft, for the people in the identity and web services world who helped push them in the "right" direction (assuming that it is physically possible to push Microsoft to do anything) and, of course, many questions as to what it actually means. Some notable comments include:
- Andy Updergrove's analysis - a fairly deep examination of the statement
- Eve Maler's first reaction and later update
- And, of course, Kim Cameron, who has numerous entries & quotes related to the announcement.
I think this is a great step forward and the parties responsible should be commended. This is the model that has been adopted by the majority of Liberty participants including AOL, Sun, Fidelity, RSA, etc., etc., so it's good to see Microsoft walking down the same path.
I do, however, have the same concerns about the missing components that were raised by Eve:
Onward: I missed seeing Mike Jones's response to Gerry yesterday, which answers one question: whether developers of actual CardSpace implementations are covered. The bad news is that the documentation that would fill in a large part (if not, perhaps, all) of what's needed for building compliant CardSpace implementations is clearly not covered. The good news is that they're working on it.
Finally: I just noticed that the list of covered specs doesn't include the SAML Token Profile of WS-Security. I realize that this wasn't one of those specs that Microsoft privately published first; its genesis was some work that the SAML technical committee did before tossing it over the wall to the WS-Security TC by mutual agreement. But nonetheless, it's an important spec (nay, standard!) that Microsoft clearly has some investment in, and their name is on it to boot. So why exclude it? Hopefully this is just an oversight that can be remedied soon along with the other outstanding issues.
I think that overrall this is a great show of faith on the part of Microsoft and they deserve the benefit of the doubt (which I hope they live up to!). If only they had made such a positive statement 5 years ago, I think the web services evolution would have been much more cooperative.