For people who create software today, working with identity isn’t much fun. First, a developer needs to decide which identity technology is right for a particular application. If the application will be accessed in different ways, such as within an organization, across different organizations, and via the public Internet, one identity technology might not be enough—the application might need to support multiple options. Next, the developer needs to figure out how to find and keep track of identity information for each of the application’s users. The application will get some of what it needs directly from those users, but it might also need to look up other information in a directory service or someplace else.
This is all more complex than it needs to be. Why not create a single interoperable approach to identity that works in pretty much every situation? Rather
than making applications hunt for identity information, why not make sure that this single approach lets users supply each application with the identity information it requires?