Wikipedia has an entry Identity 2.0 that begins with "Identity 2.0, also called digital identity, is the anticipated revolution of identity verification on the internet using emerging user-centric technologies such as Information Cards or OpenID."

Ok, "Information Cards or OpenID": For Information Cards Wikipedia says "The Information Card metaphor is implemented by Identity Selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector." And for Windows CardSpace it says "Windows CardSpace (codenamed InfoCard), is Microsoft's client software for the Identity Metasystem." For OpenID, on the other hand, the text is "OpenID is an open, decentralized standard for user authentication and access control, allowing users to log onto many services with the same digital identity."

"Digital identity"? I don't get it. What I have understood ain't much. But for me OpenID is a web account suitable for Single sign-on into several web applications while CardSpace is sort of some Identity document data in a user's system. I wouldn't want either to provide me a digital identity!

What I want is: I want 1. that the identity provider can't use the provided identity data to identify itself as me. And I want 2. that the identiy provider can't track my use of the identity data provided to me. CardSpace does this. It's like a passport. (There is only one. Whoever gave it to me 1. doesn't have it anymore and 2. can't see to whom I'm showing it.) OpenID, however, fails on both.

I want further: I want 3. that my digital passport isn't tied to a certain hardware (like a TPM module on board of a Windows Vista based system) and 4. that the backend infrastructure of of the passport validation system can't be easily hacked. CardSpace fails on both, OpenID at least complies with 3.

I can see, why OpenID is so successful. It's because it fails on 2. That's why everyone is an OpenID provider but doesn't allow access with OpenIDs from other companies. Everyone wants to track user actions on other sites but wants to prevent other sites from tracking user actions on their own sites. OpenID is all about collecting user data for monetary purposes.

I can also see, why CardSpace is so unsuccessful. The users don't want it, because it can't be hosted on OpenSource systems, and because it doesn't provide access-from-everywhere functionality. The identity providers don't want it either because it doesn't collect user data. The problem ist not about that it's from Microsoft. DigitalMe or Higgins Identity Selector have the same problem.

So what is "Identity 2.0"? Whatever it is, it's certainly not reasonable to reduce it to authentication technologies like OpenID or Information Cards. It reminds me of the phenomenon of reducing Web 2.0 to the Ajax technology. I had an answer to the question what Web 2.0 is (see my blog post behind that link), but I don't have (yet) an answer to the question what Identity 2.0 is.

But it's for sure an interesting topic.