Ben Laurie blathering

The Identity Metasystem

I had coffee with Luke Razzell a couple of days ago, and we talked about what, if you were really going to design a metasystem, it would look like.

What we came up with was this (I haven’t checked with Luke so any stupidity here is all my own)…

  • A description of the various actors: the person/entitity/group whose identity is being managed, the relying party, issuers of signed statements and so forth.
  • A description of the conversations these actors need to have for various purposes: specifying what information is required, getting statements signed, presenting information, referring to third parties, etc.
  • A definition of the semantics of identity information: name, address, credit card number…

To turn a metasystem into a system, you would then define how the actors map onto entities in the system, conversations to protocol exchanges and semantics to syntax.

What a metasystem should not include is concrete protocols or syntax (WS-*, for example). It should be possible to map any (or at least many) identity systems onto “the” identity metasystem.

So, Infocard isn’t a metasystem by any reasonable standard, it is a system. It may or may not be true (the jury is still out on this in almost all cases) that you can take some existing other identity system and figure out how to express an isomorphic system in Infocard, but that doesn’t make it a metasystem, it just makes it flexible.

A true metasystem would describe existing systems without modification.


  1. Actually, Ben, I don’t believe Kim ever said that Infocard was a metasystem:
    “The Identity Metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations, and providers. Using this approach, customers will be able to continue to use their existing identity infrastructure investments, choose the identity technology that works best for them, and more easily migrate from old technologies to new technologies without sacrificing interoperability with others. This paper introduces the principles behind this approach in “The Laws of Identity”; it presents an open and interoperable architecture for building the metasystem, and it describes Microsoft’s plans to participate in the identity metasystem.” (


    Comment by Dave Kearns — 28 Jan 2006 @ 20:20

  2. Oh yeah? So what does this mean?

    “Microsoft has worked for the past several years with industry partners on a composable, end-to-end architecture for Web services. The set of specifications that make up this architecture have been named the WS-* Web Services architecture by the industry. This architecture supports the requirements of the identity metasystem.”

    Comment by Ben — 28 Jan 2006 @ 20:30

  3. Ben Laurie on what is and isn’t an “identity metasystem”

    Comment by Johannes Ernst — 28 Jan 2006 @ 22:05

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress