From LID Wiki

A Brief History of Light-Weight Identity

When we at NetMesh first started to publish about the promise of light-weight, URL-based identities early in 2005, the idea was definitely controversial. Up to this point, identity had been largely confined to large, expensive corporate implementations that put either the technology vendor or the sponsoring corporation in control, but never the individual whose identity it is, after all.

The idea that individuals could pick URLs of their choosing, and declare them to be their identity, without depending on any kind of permission or endorsement from anybody, was largely unheard of, but quickly gained a following. At first, we did not know whether others would see the same potential for URL-based identity as we did, and so we proceeded carefully: we designed an initial set of capabilities that seemed useful for URL-based identity (single-sign-on, basic profile queries), put together some proof-of-concept Perl code, made it available for download, blogged about it, and watched what was going to happen.

What did happen was that the vast majority of the people who commented, mostly in the blogosphere, said very positive things, often taking some of our code, modifying it, integrating it, and asking for new features. The public backlash that had accompanied so many identity technologies before (remember the reaction to Microsoft Passport?) did not occur; instead, early adopters really liked the idea. After a few months, it was clear that there was a “there” there for URL-based identity, in particular on the open web, where the centralizing assumptions and the expense in software and manpower of many previous identity technologies clearly did not work.

When, a few months later, Brad Fitzpatrick at Six Apart / LiveJournal needed a decentralized mechanism that would enable users to prove their identity when commenting on others' blogs, he picked the same idea: URLs are a good way to identify people, and bloggers already have a URL (their blog's) that is quite ideal for the purpose. With some browser redirects and a bit of cryptography, a user could prove to websites that they own a particular URL, and thus avoid having to sign up for one new account at each blog. And when reading comments on a blog post, it would be easy for the reader to follow to the blogs of the commenters, because their user name would be their own, clickable identity/blog URL.

In summer 2005, Brad Fitzpatrick and David Recordon (then both at Six Apart, David is now with Verisign) and Johannes Ernst and Joaquin Miller (both of NetMesh) decided that in order to further grow the acceptance of URL-based identities, we should make our respective technologies interoperable. We also found ourselves in agreement that the majority of identity-related innovation in the market was still to occur. Thus it was essential not only to integrate our existing technologies, but to do that in a manner that allowed 3rd parties to innovate as well and “plug into” a common framework. By doing so, not only could we all benefit from each other's ideas instead of having to re-invent, say, single-sign-on every time someone had an idea related to identity, but we could also avoid further market fragmentation by avoiding unnecessary, incompatible implementations of the same idea. The latter unfortunately had been quite common over the years before.

The initial result of this collaboration between Six Apart and NetMesh was announced in October 2005, and came to be known as the Yadis specification. Somewhat to our surprise, the XRI/XDI community – a well-established identity technology community sharing many of the same goals – immediately recognized the value of Yadis, and decided to join us in our effort. Over a period of several months, the Yadis specification was finalized in an open process, driven by many open-source principles, an active mailing list and the Yadis wiki. It successfully brought together ideas from Six Apart's and NetMesh's previous work, XRI/XDI's previous work, and the contributions of countless individuals and organizations.

This specification was released as Yadis 1.0 in February 2006. Since then, Yadis implementations from a variety of organizations and developers have appeared in a multitude of programming environments and platforms. At the time of this writing, the first independent innovations on top of the Yadis framework have also started to appear, proving the power and flexibility of the Yadis framework in practice. In a very brief time, Yadis has made it onto the short list of technology evaluators in many organizations.

At NetMesh, we are of course very pleased to have had a role in the emergence of light-weight identity, and continue to push the envelope in expanding the community as well as the range of software supporting it. While the notion of making identity simple is necessarily a disruptive force for the business models of some companies that need complexity to meet their own business goals, light-weight identity has clearly become an essential part of all discussions of digital identity today and is making steady inroads.

Going forward, there is now general agreement on the next major challenge of the digital identity marketplace: today's prevalent, and unnecessary, protocol and standards fragmentation makes adoption by users with a business case (as opposed to advocates of one particular protocol vs. another) more difficult than it should be, and is very confusing to the end user. A number of market participants still considers digital identity a “protocol standards war” that they are fighting against other market participants, instead of realizing that the promise of digital identity can only be realized with broad interoperability.

While we obviously believe strongly in the benefits of URL-based identity at NetMesh, we also realize that there are a range of use cases where other alternatives (e.g. blind proofs) are more appropriate. Thus we are continuing and even extending our engagement with other similarly-minded market participants in an effort to expand the vision we have had for light-weight identity from day one – simplicity and interoperability while empowering everybody to continue innovating – to include other identity approaches, for which a demand exists and that solve real-world problems.