[OpenID] OpenID Providers Invited to Join in an NSTIC Pilot Proposal

Tue Feb 14 19:26:07 UTC 2012

I have not followed openid for a couple of years. Shame on me. I have played with the Microsoft openid-websso bridge though (seeing something good, for us, even today). I for one really need to understand what has strategically changed (with openid-connect).

In those years, however, things have changed somewhat even in realty - and adoption community. Remember, realty is a bell-weather adoption community; being SO mainstream (and cutting across all three bottom 3 LOA levels). There is a time when you are an online person, using the web as a communication and professional-evaluation medium, if not shopping and or seeking raw information. There is a time when you are risk most of your net worth (and lots of folks got that wrong, recently). There is a time when you are interacting formally with land registries and other formal and regulated processes (regulated "title" insurers, and city tax issues, liens, notes and trust-instruments). Not that the average consumer sees it, their professionals also have business=centric identity issues - being a simple competitor in marketing services, being a agent in a legally-defined representation agency capacity, and even being a party with certs that uses signature to induces federal authorities to do their thing (the HUD statement).

Though that is all the formal process, into which openid might fit, there is also a much larger informal set of assurance controls that are just not technology-related, underpinning the realty world. Without insurance firm ratings, insurers are worthless (think AIG). Without insurance, the titles are not worth having. Without assured titles, you cannot get a mortgage. Without fixing the house leaks up to Fanne-Mae lending standards, no one else will lend (because the note is now not transferable, in the secondary market that funds the trillion dollar mortgage space). etc etc.

Its a big "public" assurance space, that is - with many moving part - some technology driven, but most are not. But, mostly, its pretty ordinary folk who run the business, acting for pretty ordinary folks who COULD do everything themselves (if they want). 10 folks do, of course, using their craigslist account.

THe problem with adopting ANY technology is that they all tend to be out of date in 3 years. Huge companies on tech-missions also tend to come (and quickly go). Google came and went, in the last 5 years. 15 years ago, Microsoft came and went. My boss tells me GTE with its many mainframes came and went 30 years ago, too. Folks see a trillion dollars and think "Fortune 1000" revenues and budgets - which never materialize - since its all about 25c per user, per month, per feature, since its all "public trust".

Why go on about real estate? Because its "public trust" - in the final stage, using only comodity technology, largely settled law, and ordinary folks with ordinary education running the systems. NO defense trained folks, super spies, or managers  with a direct line to the FBI. Its use of technology has to FIT, with those presumptions. The latest thing is just not interesting (another google wave). Things 5+ years old are "just" about interesting (eg. ws-fedp, SAML2, and now just about openid2)

websso has been hard to gauge. Its had major impact on the systems-side of the industry in the last 5 years (and now we have at least 5 protocols in use, and an increasing trend for folks to define their own proprietary, simple tokens). As an industry, we dropped the SAML2 requirement (and insisted mere on the "use case" of websso). If folks decide on low-end tech, we deliver it - since the commodity marketplace has to FIND its happy medium. its now easy to mint 15 tokens, all variants of the same thing. Its not our place to insist on X.

When I look at NSTIC, I think we (in our space) should be - at heart - taking a pass (for the first few years). Once aerospace has proven the point, once 5 government agencies are using it, and once the price has come down to cents, then (and only then) does it meet realty needs. Realty is the last adopter, when there is nothing left to argue about. At the same time, the typical realtor wants to be seen to endorse things like national programs (that just the kind of folks they are). They tend to be self-starters. So, while we wait, we also have to be keeping in touch, testing the waters to see when it hits commoditization point. (I was right to consider openid a false-commdization signal, note.)

As I see it, we are in for another (2-5 year) round of quite-fundamental arguments (largely about bits and bytes, and systems of governance built into the bits and bytes flows). NSTIC is clearly the beginning of a (long) process, and not an imminent solution.

Somehow, we have to endorse the mission so we actually land on the moon and dont just circle it). Perhaps that means, down here in the trenches, that we we just keep plugging away at the websso story, one business office at a time, building a grass roots receptivity (that will one day just flip-over, to the standard that EVERYONE else does).