Federation is a technology that has different characteristics than most others. As a result, companies have struggled to figure out how to price it, and doing pilot projects with serious software can be pretty expensive.

Ping Identity thinks it is time for a new pricing model, one that Dan Farber has dubbed "Pay as you Succeed." It seems pretty radical, which is just the type of thing that might work in the internet world. In the meantime, you can get serious federation software to try out for free, paying only when your transaction rate goes above some pretty significant levels. At that point you should have no question about its value, and if you never reach that point, you've learned about the technology for nothing. This one will be interesting to watch.

It has long been discussed that using identity to keep you "in the loop" when your credit is being used would be a great anti-fraud capability. Now MasterCard is teaming up to create a service that will notify you via cell phone text messaging when they detect what might be a suspicious use of your credit. It is a significant step in putting you "in the loop," and it will be interesting to see how it works out...

OASIS has announced an update to its IPR policy. Intellectual property rights are always a sticky part of creating standards. OASIS has long worked to make as many standards as it can royalty free, but its policy was seen as in need of an overhaul. Patrick Gannon, president and CEO of OASIS, said "though we did have RAND as a baseline, we had mandates in place to do royalty-free work. And if you look at it, the majority of the standards produced at OASIS were in a royalty-free manner."

Now, however, standards committee members are being given three choices. They can choose to license their submissions under either a RAND(Reasonable and Non-Discriminatory) model, an RF(Royalty-Free) model, or a Royalty-Free on Limited Terms model.

What effect this will have in practice on which standards efforts remains to be seen. Eric Newcomer, CTO at Iona Technologies said, "what's needed is a policy that ensures specs aren't encumbered by IP rights. Instead of that, OASIS has adopted a policy that requires the TCs to clearly state their IP policy. The choice under the new policy basically boils down to encumbered or unencumbered specs, with two variations on unencumbered."

The EU has always taken a strong privacy based outlook, and
it is now working on regulations that will affect Rights Management and RFID technologies. These will be important, because whatever technologies develop will have to meet the intent of these privacy regulations, and the designers need to take that into account.

It is one thing to make an identity technology work, another altogether to make it work without transferring more identity information than is required to do the job. Here is where Kim Cameron's identity Law of Fewest Parties that says "Technical identity systems MUST be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship" comes into play. The EU is going to demand it be so.

Note: Kim's Laws of Identity can be found here.

Dell is going IBM one better by integrating both a Trusted Computing TPM and a Smart Card reader into a line of laptops. Trusted computing has been quietly gaining wide deployment, with most computers today having a TPM option at very small cost.