I was lucky enough to spend some time yesterday afternoon with Kim Cameron, who runs identity management strategy at Microsoft. We talked about Project Geneva, a new claims based access platform which supercedes Active Directory Federation Services, adding support for SAML 2.0 and even the open source web authentication protocol OpenID.
Geneva is big news for OpenID. As David Recordon, one of the prime movers behind the standard said on Twitter yesterday:
Microsoft’s Live ID is adding support for OpenID. Goodbye proprietary identity technologies for the web! Good work MSFT
TechCrunch took the story forward, calling out de facto standardisation:
Login standard OpenID has gotten a huge boost today from Microsoft, as the company has announced that users will soon be able to login to any OpenID site using their Windows Live IDs. With over 400 million Windows Live accounts (many of which see frequent use on the Live’s Mail and Messenger services), the announcement is a massive win for OpenID. And Microsoft isn’t just supporting OpenID – the announcement goes as far as to call it the de facto login standard.
But that’s not what this post is supposed to be about. No i am talking about the fact later yesterday evening Kim hacked his way into a party at the standard using someone else’s token! It happened like this. i was talking to Mary Branscombe, Simon Bisson and John Udell when suddenly Mary jumped up with a big smile on her face. Kim, who has a kind of friendly bear look about him, had arrived. She ran over and then I noticed that a bouncer had his arm across Kim’s chest (“if your name’s not down you’re not coming in”). Kim had apparently wandered upstairs without getting his wristband first. Kim disappeared off downstairs, and I figured he might not even come back. A few minutes later though and there he was. I assumed he had found an organiser downstairs to give him a wristband… When he said that he actually had taken the wristband from someone leaving the party, and hooked it onto his wrist me and John practically pissed our pants laughing. As Jon explains:
If you don’t know who Kim is, what’s cosmically funny here is that he’s the architect for Microsoft’s identity system and one of the planet’s leading authorities on identity tokens and access control.
We stood around for a while, laughing and wondering if Kim would reappear or just call it a night. Then he emerged from the elevator, wearing a wristband which — wait for it — belonged to John Fontana.
Kim hacked his way into the party with a forged credential! You can’t make this stuff up!