CNN published an article yesterday, "Will a standardized system for verifying Web identity ever catch on?"  I highly recommend this article, if only because it describes the web identity challenge in simple terms without resorting to the usual acronym soup and jargon that often dominates these discussions (present company included).

Articles like this appearing in mainstream sites such as CNN are evidence that the internet identity problem is real and not theoretical.  While discussions on internet identity generally focus on the problems it poses for end-users, the identity problem is equally concerning for any web property that provides identity or consumes identities.  The internet identity problem can lead to:

• Poor user experience (leading to customer defection/attrition)
• High management costs (for providers) and
• Increased risk.

While there seems to be universal agreement that internet identity is a problem, solutions have been slow to develop.  Fortunately, we have seen some progress over the last 18 months with the emergence of trust frameworks.  Simply put, trust frameworks are an entire ecosystem for managing identities.  A good analogy is the existing credit card processing networks.  Yes, these networks are closed, but there are clear definitions of roles and responsibilities among all members and most importantly, of the liability exposure for each involved party.  As a result, most consumers do not even think twice when pulling out the plastic to pay for groceries, gas or anything else.

We need the equivalent for the online world.  The emergence of trust frameworks such as Kantara, OIX and NSTIC are all very positive steps.  While the author of this article correctly points out some of the limitations and issues impeding progress of these initiatives, the existence of these initiatives is proof that there is considerable interest in finding a solution to this problem.  Multiple frameworks can and will co-exist as they offer different capabilities.  Some initial deployments in the US government have identified considerable cost savings from standardizing identity interactions in a trust framework.

And now for the shameless plug:  I will be speaking on this very topic at the RSA Conference in San Francisco on Wednesday February 29, 2012 at 9:30 PST in room 304.  If you are attending RSA, I invite you to join and learn more about trust frameworks, the benefits they provide and what individual organizations can do to best take advantage of these frameworks.  If you will not be attending RSA, please chime in on the comments section and let's take this discussion online.

Flickr ID image used under Creative Commons License courtesy of LarimdaME.