NetMesh is proud to co-sponsor the first OpenID bounty awards. Five-thousand dollars each were awarded last week at the O’Reilly Open Source Conference to open-source projects:

• Drupal
• Plone
• dotnetnuke

Congratulations, winners!

The reason Joseph Smarr came to all these identity meetings in recent months was revealed yesterday: Plaxo now does OpenID. This is great news.

It’s particularly gratifying for me: Plaxo was one of the very first companies I pitched LID 1.0 (Light-Weight Identity) to, the first URL-based identity scheme, at the end of 2004 — half year before there was an OpenID and all that happened since.

Congratulations, Plaxo! Keep it coming, there are a lot more things you can use OpenID for your particular business. (Those slides I showed you back then still have a bunch of ideas in them that would be a killer app for an on-line address book company like you are)

Something must have happened to cause James McGovern to write this; an over-zealous vendor perhaps … Listen to this:

…the grand exalted CIO Guru stands on his/her pedestal and pontificates to the masses that identity management is the greatest thing since sliced bread, will ease the burden of compliance and that all applications will expose their inner workings to the big brother tool while their other non-technical process-weenie friends in other enterprises have done the me tooo thing.

These same CIOs … have been savage in hiring large consulting firms which backed up the school bus and have created “strategies” which are no more than very expensive PowerPoint cartoons that enable buy-in to folks who haven’t thought about why this approach may be hyper-inflated. It seems as if most of the enterprise architects are asleep at the wheel or practicing drunk driving in that they have allowed identity management to become a multiple year effort where pretty much everywhere else they have learned that long-term projects are doomed to mediocrity at best.

Would love to disagree, but I don’t think I can. There’s lots of this going around… not everybody and everything, though (but I don’t think that’s what he’s saying)

Maybe "points out" isn’t the right word, but James is challenging Pat Patterson, Kim Cameron, Dick Hardt and myself to provide feedback on Oracle’s CARML (links to PDF) specification. Can’t not take this bait, can I?

My first impression is that the goals behind it are very laudable: as the Oracle web page on the Identity Governance Framework (IGF) states:

CARML API enables developers to write applications that use identity-related data in a way that conforms to the policies guarding the use of that data.

What I’m not so sure about is that actual (draft) spec lives up to that promise. There seems to be a lot of repetition in terms of how to express identity attributes (the basic concept, of a set of name-value pairs, that I have disagreed with in the past but unfortunately seems to be the self-inflicted state of the art, here and elsewhere in identity land); I see no reason why CARML can’t reuse a lot of other definitions that accomplish that same feature.

And the stuff that’s new is relatively thin. For example, LegalUseRef (on an attribute-level, rather than all-or-nothing level), is just an informal link "for documentation purposes only". Same for QualityStatement.

Having said that, the version of the spec I have looked at it only Draft 3. Let’s see where this goes …