Craig is CTO, Advanced Strategies and Policy for Microsoft. He’s going to build the case for digital identity as central to the progress of the computer industry and the progress of computing itself.

He says MSFT got interested in “trusted computing” because they realized that if people no longer trusted their computers, they’d stop using computers. (Oddly, the notion that content owners could have access to what’s on my computer makes me much less trustful.)

The “core tenets” of trustworthy computing, he says, are security, privacy, reliability and business integrity (i.e., the relationship of the vendor to the consumer).

Digital identity is a “building block” of trustworthy computing. It involves all four tenets. To get people to accept it — and “MS identity technologies are opt-in by philosophy” — they will have to be educated about the benefits.

[“Opt-in” is a relative term. If in the future I need to use Microsoft Palladium to download Hollywood content, it is opt-in only if I’m willing to opt out of the entertainment mainstream.]

A MSFT product manager is about to give us a demo of a future feature of Passport that will tell you how secure the password you just created is. (Presumably, if you try to use your user name as a password or the words “password” or “god,” the thing reaches out and physically slaps you.)

Now we’re seeing a demo of how MSN8 enables parents to set up controls for what their children can do online. E.g., the parent can specify the subject areas of pages the child can see; it looked like a list of about 50 topics. Of course, filtering by topic is notoriously and conceptually unreliable. So, MSN lets the kid send an email to her parents asking for permission. (The MSFT guy calls it a “feedback loop.”)

Craig is back. The demo was, in short, a waste of time.

He’s now working on showing how deep and complex the issue of digital IDs is. IDs are needed not only for humans but also the identity of the machine and the software.

Digital Identity has many layers, he says:

a. Identity: collections of attributes, some provided by user, some inferred
b. Authorization: This user can perform certain activities
c. Personally identifical information: True name
d. Pseudonymity: Aliases, screen names, etc.

As computers more deeply networked, DigitalID becomes even more necessary for the computers are more intimate with one another.

Good job of complexifying the issue. (I’m not being snarky. It’s good to see how deep the waters are.)

Craig is announcing the “Passport Shared Source Release,” releasing the code that enables other companies to integrate with Passport. Big deal. As fellow blogger Frank Paynter, sitting next to me, just whispered, Craig referred to this as “enhancing the ecosystem,” which makes sense if you assume that Microsoft is the ecosystem.

Craig is wrapping up by talking about “future scenarios,” that is, places where the digital ID tentacles need to reach. It’s a pretty grainy list: Secure extranets and e-government, sure, but “DRM of corporate and personal documents” is ominous in its implications. Of course, this is no surprise. There is an inexorable logic to DRM: MP3s today, your email tomorrow. Of course, the obstacle to DRM of individual documents isn’t the lack of digital IDs but the difficulty (impossibility?) of designing a user interface that doesn’t feel like your office has been taken over by kafka-esque, form-wielding bureaucrats. Indeed, Craig is concluding that we will indeed see an increase in regulation over more and more of our lives, and we will have to work hard to come to the right balance.

And, he points out, this is a trans-national issue because of the nature of government.

Craig is obviously thoughtful, smart and reasonable. And it is reasonable for operating system companies to be involved in digital ID issues. That they should be locus of these efforts still strikes me as inappropriate as allowing providers of media pipes to control the content that flows through them.

[Phil Windley, CIO of Utah, has also blogged Mundie’s speech.]

Categories: Uncategorized dw