With Bill Gates' keynote announcement today that Microsoft will support OpenID, integrated with CardSpace and a number of other Microsoft products, it is no exaggeration to say that the user-centric digital identity movement has reached its most important milestone so far.

The need for better digital identity management on the open Internet has been undisputed for some time: many kinds of cyber-attacks (like phishing) are rising rapidly, e-mail spam with falsified return addresses is already drowning out legitimate e-mail by volume, and the number of usernames and passwords that a typical user has to remember is going from the dozens to the hundreds. Many promising new products, such as mash-ups of access-controlled data, are only feasible once this problem is solved. A broadly-deployed solution for this problem is overdue.

So far, there have been three major digital identity initiatives:

• The Liberty Alliance, originally created as a counterpoint to Microsoft's Passport, and now largely focused on identity interoperability between enterprises.
• The information cards effort, spearheaded by Microsoft with CardSpace and the open-source community with the Higgins project.
• URL-based identity (OpenID), with implementations from many vendors and open-source projects.

Historically, these initiatives have evolved independently of each other. However, in spite of the competition that clearly has gone on between them, it has been fairly clear to everybody (except the most die-hard proponents of the not-invented-here paradigm) that digital identity on the public internet only has a meaningful future if the plumbing — such as how many protocols are under the hood, and how they integrate — is hidden from the user.

In response, many interoperability initiatives were started: Project Higgins develops open-source code to talk any identity protocol from the same application programming interface and with the same card-based user interface. OSIS, a project that we helped put together, brings together most large software vendors and open-source projects to harmonize their work towards the same objective. OpenID itself is a convergence project of several other initiatives. The Identity Commons was put together as the overall umbrella organization, and so forth.

But Microsoft's announcement today is the first truly significant product commitment for convergence, acknowledging that the identity layer will not only consist of WS-Trust (Microsoft's preferred identity protocol so far), but also include OpenID, which is probably the fastest-growing identity technology on the open internet. There have been other announcements, most notably IBM and Novell's backing of multi-protocol Higgins, but they are eclipsed by today's announcement, because of the relative position of Microsoft in the market, and its distribution channel.

So now that we have reached this milestone, what's next? I think it is safe to make the following predictions:

• We will see a cacophony of vendor announcements that they also support the user-centric identity layer, using both cards and URLs as paradigms.
• The explosion in innovation around user-centric identity that we have seen already will further accelerate, creating many new businesses.
• Businesses will move the user-centric digital identity discussion from "let our engineers figure out how the technology works" to "we need a strategic plan for how we avoid disruption of our business and take advantage of this instead".

Make no mistake: user-centric identity is highly disruptive, for almost everybody doing business on-line. Not only will users start refusing to use their username and password at your site and demand that you accept their own preferred means of authentication, user-centric identity will further accelerate the mass movement of control from vendors to users, all the way to ideas such as Vendor Relationship Management that today sound whacky, but may not for long.

Many companies will choose to ignore user-centric identity for some time; they do this at their own peril. Others will take the short-sighted approach that simply by not participating in user-centric identity, their users will have no choice but to interact with them the traditional way. (Wake up! The times of "as long as it's black" are irrevocably over.) And the leading companies in their markets will use these technology for strategic advantage, supported by technology providers such as NetMesh whose goal it is to given them the tools to be successful in this new world. There is an unprecedented opportunity here to serve customers better, in a way that customers prefer and that leverages not only the company's own assets but the the customer's entire social network and the concurrent innovations by the user-centric identity ecosystem that's growing every day.

We're s for an interesting ride ... and Microsoft just caused the ride to switch gears.