These days I have had a briefing with John De Santis, Chairman and CEO of TriCipher, about the new myOneLogin service. This service provides strong authentication and Single Sign-On for SaaS applications, supporting many SaaS apps as well as features like SAML-based federation to the few SaaS providers which are already at that level.
One of the things John mentioned was that Salesforce.com has allowed Google to be the authoritative source of identity assertion. In that relationship, Google is acting as identity provider. Besides the question whether Google is the best choice to trust on that leads to another question: There is no established identity provider in the so called "cloud" [By the way: Has the term "cloud" been chosen because everything out there is a bit "cloudy" in the sense of "fuzzy"?].
Yes, there are many. There are OpenID providers, there are some providers in the Infocard business, there are all these online providers and so on. But right now there is no trusted identity provider for the real online business, neither in the Identity 2.0 space nor in the area of business applications which are delivered as SaaS.
Covisint is probably the one which is closest to filling this gap, at least in some industries like automotive and healthcare. Their approach is to act as identity broker between suppliers and manufacturers or between different parties in the healthcare market.
Verisign is adressing this segment as well with their VIP strategy (Verisign Identity Protection), but from a technical perspective they have some way to go to support things like Infocards or SaaS authentication. [By the way: For sure, in the SaaS market there is as well the need that SaaS providers fully support federation and open up their apps for an easier external management.] Arcot Systems might become a player in that market as well, given their current business, the technology and the experiences they have.
But: Who will be *the* Identity Provider? It might be one of the companies I've mentioned. The online providers probably won't fill the gap. It probably won't be Google or some other big player - the trust problem there is the same like with Microsoft Passport some years ago. It might be Telcos or postal services for their regional markets. It might be the credit card organizations. Or it might be someone new in that market, who appears at some point of time, tells the best story and finds the grail. I personally believe that the leading trusted identity provider for business transactions might be sort of the next Amazon or Google - someone who becomes really big. Thus, it is time to start the quest for the grail. There are several players which might participate in that quest. Some have started, some think about it and some still don't know that there will be a quest.
Let's wait and see who is successful in that quest. Oh, you might argue that the idea of such a big identity provider is contradictory to the Identity 2.0 ideas. First of all, it is not contradictory to the needs of SaaS business. And with respect to Identity 2.0 - when it comes to transactions and not only interactions, you need someone to rely on. That might be some strong players, like in the credit card space. But it won't be many because you won't trust too many different parties for your transactions.