Many people (e.g. Doc Searls, Julian Bond, Dave Kearns) have pointed out to me that InfoCard isn't the Identity Metasystem and won't become it in the future either, since my post on Monday, and they are of course right. InfoCard, at the most, will be a component of such an Identity Metasystem, and there will be many others along the lines of Julian's ASCII chart.

However:

1. Even if it is wrong, lots of people are talking about InfoCard as "being", rather than "being part of" the identity metasystem. Just one example: in an article by ASPnews.com, Jim Wagner writes:

InfoCard is an identity meta-system that will initially incorporate everything from user names and passwords to smart cards to X.509 certificates, as well as new technologies created through the Liberty Alliance and other technology groups.

The remainder of the article is consistent with that interpretation, and you will find other articles that state it incorrectly as well. So if Microsoft indeed does not intend to position InfoCard as the identity metasystem, and I simply believe you guys who told me so, articles like the one I've quoted should call for some rapid spin doctoring to make sure the press, and everybody outside of identity circles doesn't expect something that simply won't be?

2. But even if we define the future identity metasystem as "whatever will have emerged once we have plugged all of our technologies into it and made it interoperable" (note: by definition, that would mean there will only be one identity metasystem, ever, at most. Competing with it would be a logical impossibility because by definition it would have to include everything else), it raises an entirely different set of questions:

• Who will define, and evolve, the core protocols at the heart of such interoperability? I didn't mean to say in my original post that the "Infocard code" will be the identity meta-system, but I did mean to imply that the interfaces selected and defined by Microsoft as part of the work on InfoCard seem to be intended to govern the identity metasystem, even if it turned out that InfoCard as a product only played a small role in the overall metasystem.

  Based on my understanding of InfoCard at this point, and while it uses and reuses many existing multi-vendor protocols (e.g. WS-*), there is also a substantial amount of conventions and "profiles" (e.g. ways of using, such as the interaction between browser and identity selector aka InfoCard) and data elements (e.g. how to actually exchange VCard-like information) that have been defined by Microsoft and are currently not part of any standards track anywhere.

• It is not a logical necessity that the identity metasystem will be built on the WS-* stack. Because taking the above to its logical conclusion, the InfoCard interfaces would thus only be a proposal for, rather than "define" the interfaces of the eventual identity metasystem.

  As we see from the many good arguments in an ongoing discussion now mostly between Julian Bond and Scott Cantor (can't find a home page for him), there are many good questions that one can raise whether the identity metasystem should be built on WS-* at all, or even on XML. For example, as I think we demonstrated with LID, there's a lot of neat stuff one can do using a REST model, and I agree with Phil Windley that it might be worth exploring REST for the identity metasystem as well.

So how are we all going to build the identity metasystem given this? There seem to be lots of open questions ... But today's good news for me is that we have resolved at least one: InfoCard isn't the identity metasystem!