Microsoft InfoCard is frequently described as an "Identity Meta-System" (as opposed to, say, Microsoft Passport, which is/was a plain identity system and not a meta-system). This term seems to have beek picked up widely, but like some others (e.g. Doc Searls), the longer I think about it, the more I realize that I have a number of open questions about it ...

The first and most important: "meta" to what?

I think I've heard two answers to this question so far:

• It's "meta" because multiple identity providers (say, American Express, the government of Zamunda and the boy scouts) can all be identity providers, independent of each other, and all the provided identities are —technically at least— equivalent to each other.

  This contrasts with, say, Microsoft Passport, because within Passport, only Microsoft could be the identity provider, leaving American Express, Zamunda and the boy scouts unable to participate.

• It's "meta" because multiple identity technologies (say, SXIP, Identity Commons and LID) can all function within it: just like American Express, Zamunda and the boy scouts can be equal participants as identity providers, these projects could be equal participants as technology providers.

  This would contrast with, say, Liberty, because Liberty requires everybody to "talk Liberty" web services while InfoCard does not require that kind of thing ... oops, doesn't it?

This is where I'm having trouble. The first point — multiple identity providers can plug into the same framework on an equal footing — is quite straightforward, and it's not very hard to build such a system at all. In our very own LID, every owner of an identity is their own identity provider, so if we took the first point as the definition of an "identity meta-system", LID most clearly would be such an "identity meta-system". In fact, it would be the most "meta" of all identity meta-systems because it takes this idea to its logical extreme and makes everybody their own identity provider. So I figure if people say that InfoCard is a meta-system and LID is not, the core idea about the "identity meta-system" must somehow be about the second point.

But: my problem is that I don't see the "meta"-ness of InfoCard in this second respect. If Dick Hardt (of SXIP), for example, and we (with LID), both plugged into InfoCard, would InfoCard enable our respective technologies to interoperate so seamlessly that users think, for example, that they are using their LID to log into a website, but actually use SXIP because the website was SXIP-enabled?

I guess I must be missing something here ... (please help me along if you can ...) I do understand that if we built a LID-to-InfoCard "converter" and if Dick built a "SXIP-to-InfoCard" converter (assuming for a second that this would be straightforward), the user could use either their SXIP identity or their LID to log into an InfoCard-enabled website. But that does not sounds like a "meta-system" to me: that's plainly a one-to-one mapping from two existing identity systems into a third, which would be InfoCard. Of course there's nothing wrong with such mappings, we do them all the time, it's just that this would imply a peer relationship between InfoCard technologies and other identity technologies, rather than one of "meta" or "backplane".

Given this, I currently think this is where the parallels of InfoCard with TCP/IP fall down. TCP/IP is a meta-protocol because it requires underlying protocols, and without those, it would be nothing. For example, you can't run TCP/IP over Ethernet without running it on the Ethernet protocols. You can't run TCP/IP over dialup without the V.32 and V.90 and whatever modem protocols. Same for WiFi etc. TCP/IP provides a common abstraction so I can connect to a remote server, for example, using a chain of underlying protocols from WiFi (laptop to base station) via dial-up (base station to ISP, for example) to Ethernet (ISP to website). But without Ethernet, modem protocols, WiFi protocols etc., TCP/IP by itself can't connect anything to anything.

But InfoCard does not work that way: it's an identity system in its own right which can very well run without the equivalent of lower-level protocols. In fact, from what I see, it does not seem to have facilities at all that allow me to use other identity protocols within it, so that I could, for example, run part of my identity interaction with a website via REST, instead of WS-* (like I can run the first leg of the TCP/IP connection to a website over a modem if I so choose). But if InfoCard doesn't allow me that (or am I wrong on that point?), where's the "meta" part?

It's only Monday morning, and I'm already really puzzled ...