Over the past few days I have been discussing it with Roland Sassen of Thinsia to try and establish exactly what Heartbeat-ID gives me.
My initial thoughts on looking at the site was that it is yet another URL based user-centric identity system (a la OpenID, LID, i-names etc). However, after speaking with Roland I have come to realise that it is more than just a pure identity system. Indeed it seems that it uses technologies like OpenID for certain functions.
There seem to be a number of main use cases for the product:
1. Real-time user maintenance of data
The first use case identifies a scenario where an application with a user list (it may be a corporate telephone directory) could you a persons heartbeat-ID site to keep their data up to date instead of storing the information in a local database.
This is fine but I don’t see the big differentiator from other URL based systems here.
2. Adding content to your website
Heartbeat-ID also gives the user the ability to add content to their website as well as toggle the visibility of the data.
Again, nothing groundbreaking here. Where it does differ slightly from other implementations of URL based identity systems is that you can authenticate to your site using a number of different technologies from username and password to biometric. Again, this is where Thinsia plan to see return as they will eventually tie their “heartbeat” biometric in as one of the authentication mechnisms. Presumably, fine if you carry a USB pulse reader around with you everywhere you go!
3. SSO to trusted web sites
Heartbeat-ID uses a number of existing technologies to accomplish SSO between trusted web sites, namely, i-name and/or OpenID.
Here, i’m not exactly sure where Heartbeat-ID adds any value since OpenID, LID, i-names etc already accomplish this quite happily without heartbeat-ID.
This is where Heartbeat-ID seems to stand out from the other URL based identity systems. Heartbeat-ID lets the user log into their site and then launch applications (e.g. word, outlook etc) directly from their web browser. The applications would be hosted on an applications service provider and accessed using thin client technology. Thus, removing the need for applications to be executed locally.
This I see as a differentiator from other URL based identity providers and obviously, I assume, where Thinsia plan to make their money, since the thin client technology they plan to use is produced by them. Obviously, if you have the money and infrastructure, there is nothing to stop you hosting your own applications.
Whilst I like the idea of Heartbeat-ID, I do have some concerns.
1) It is a bit pricey @ $50 per ID (soon to increase according to the website)
2) How much of it is or will be made opensource? The current success of identity protocols such as OpenID and LID have resulted from their wide availability through opensource.
I will keep in touch with Roland who might be able to provide further answers to my questions/concerns above.
Let me know your thoughts!