CF: I've got two questions. Number 1, this is all fine for browsing, but these things will work in physical form as well, right?

SH: Right. More and more they're going to have to support storing these tokens on secured FOBs, any kind of thing that could potentially provide more context. So, like...

CF: Could you envision a day where you would be able to check in at an airport a lot faster if you have an info card?

SH: If you had like an identity set-up on like Alaska Airlines or on United, and you associated an information card, if I had that info card on some physical thing and they, of course, will have to decide whether that was USB or smart card or whatever, I could see, whether I would be able to go to a kiosk at an airport and give them this cert and because it is a real certificate that can identify me as being totally unique and guaranteed to be me and then maybe apply some additional information, because security is not just about what you have, it's about what you know.

CF: Right.

SH: The more factors in the authentication, the more legit, that's why ATMs have the card that you require and the pin number.

CF: ...And the pin. And the second question is, do you foresee of everybody trying to be a card provider just like every business in the world wants you to think of them as the end all and be all in all services? You know what I mean.

SH: Yeah, totally.

CF: Get your Ground Round credit card, get your Mobile credit card, get your Ben and Jerry's credit card. You know, it's ridiculous and if that's the case, doesn't that sort of defeat the whole purpose of having a universal card?

SH: Yeah, I totally agree with you that having everyone like your local Safeway grocery store giving you a card is lame and I know I've got like six different tokens on my key chain.

CF: I don't want a 150 tokens and I won't have to...

SH: And I think that the public will make that decision. I think that while there are companies that issue hundreds of different kinds of branded credit cards - I know that I had a Yahoo! card for a while - I think that people eventually kind of decide that there'll probably be fi ve to 10, the obvious players. If everyone gets behind this, there will be a Google identity, there will be Live.com, Amazon, and people will decide that. What really becomes interesting is when Google decides that they'll accept Microsoft cards and we are not talking about the format, we're talking about the authority to issue them.

CF: We shouldn't have to rely on trust relationships between providers in order to have access to things and that's really bothering me. Like I would just want...I would want one provider and I would want everybody to trust it. You know what I'm saying? I would want American Express to be my provider and I want everybody else to trust it and then I don't have, "Oh! I'm sorry, sir, you can't stay at this hotel, because we don't have a relationship with Google or whatever."

SH: Sure, but that's a part of reality though. I don't like going to Costco - did you know Costco - the big wholesaler - didn't take debit cards for the longest time? They didn't take Visa. They didn't take MasterCard. They only took American Express.

CF: Yeah.

SH: That's just part of business. I think that same problem is going to happen within the CardSpace space, that people would just decide that "We won't accept this certain kind of card." But I think that the pressure from the public will push for a clean approach to identity and will eventually make sure that everyone decides...

CF: Yeah, and it's going to have to - I mean like ATMs, you've got - how many networks are there for ATMs? - but every ATM machine recognizes all of those networks. But there is only a handful of them. Right?

SH: Well, but every once in a while though you get penalized in some way. I hope you don't get to that.

CF: Yeah, I really hope that this works out so that the consumer wins and not - it doesn't become a battle for the heart and mind of the consumer.

SH: At this point I don't think that will happen - but a lot - but no managed services have come out yet, right? I mean there is not a whole run or rush due to - to come with your own managed token service.

CF: Right.

SH: I think it's going to be probably this time next year, the hardware, the software will all be ready by then. I mean Microsoft's implementation of it is just the first step. It's getting everyone else to get stoked about it, right? If it's just the thing that works in Vista that's not going to be cool. Now it works in Windows 2003, it works in XP if you've got .NET Framework 3.0. If people are able to download a tiny certifi cate acceptor in Firefox giving alternative browsers the ability to do this kind of stuff then it's going to become a lot more palatable. And interestingly I really think it's going to be the blogs, it's funny. I mean just the fact that Kim Cameron's got a PHP one, that Kevin Hammond put together a DasBlog one and just today set it up to work in 1.1 or 2.0 with a pluggable identity provider. Isn't it funny how the people who have no money and run blogs are the ones that do these things first? And then the people with lots of money like Amazon or Google will do it later.

CF: Yeah, interesting.

SH: It's defi nitely going to change the game though, and I think for banking and for protecting your identity it's going to be invaluable, for my industry it's going to be fantastic. It's just going to be fi guring out what the easiest way to get grandma to run an information card is.