Kim Cameron, formerly chief identity architect at Microsoft, has confirmed that he has left the company.
In an interview at the European Identity Conference in Munich he discusses the state of play in identity management, but does not explain what interests me most: why he left. He was respected across the industry and to my mind was a tremendous asset to Microsoft; his presence went a long way to undoing the damage of Hailstorm, an abandoned project from 2001 which sought to place Microsoft at the centre of digital life and failed largely because of industry mistrust. He formulated laws of identity which express good identity practice, things like minimal disclosure, justifiable parties, and user control and consent.
Identity is a complex and to most people an unexciting topic; yet it has never been more important. It is a central issue around Google’s recently announced Chromebook, for example; yet we tend to be distracted by other issues, like hardware features or software quality, and to miss the identity implications. Vendors are careful never to spell these out, so we need individuals like Cameron who get it.
“Cloud is identity management,” he says in the interview.
Cameron stands by his laws of identity, which is says are still “essentially correct”. However, events like the recent Sony data loss show how little the wider industry respects them.
So what happened at Microsoft? Although he puts a brave face on it, I am sure he must have been disappointed by the failure of Cardspace, a user interface and infrastructure for identity management that was recently abandoned. It was not successful, he says, because “it was not adopted by the large players,” but what he does not say is that Microsoft itself could have done much more to support it.
That may have been a point of tension; or maybe there were other disagreements. Cameron does not talk down his former company though. “There are a lot of people there who share the ideas that I was expressing, and my hope is that those ideas will continue to be put in practice,” he says, though the carefully chosen words leave space for the possibility that another well-represented internal group do not share them. He adds though that products like SharePoint do have his ideas about claims-based identity management baked into them.
Leaving aside Microsoft, Cameron makes what seems to me an important point about advocacy. “We’re at the beginning of a tremendously complex and deep technological change,” he says, and is worried by the fact that with vendors chasing immediate advantage there may be “no advocates for user-centric, user in control experience.”
Fortunately for us, Cameron is not bowing out altogether. “How can I stop? It is so interesting,” he says.