Again, if this sounds scary to those suspicious of Microsoft, it shouldn't. It's a protocol - a set of rules for exchanging information - not a Microsoft product. Any company can provide certified protection for data using the protocol, and many will. So unlike Microsoft's Passport system, the dubious personal info repository that alarmed many people a few years ago, no central administrator decides how privacy is protected or trust secured. Instead, the protocol solves the problem of security the same way the Internet solved the problem of browsers - through competition on an open, neutral platform. This is infrastructure for a digital age. It's TCP/IP for privacy and security.
None of this means there isn't a role for (smart) government policy and laws against online fraud or theft. There plainly is. But if this identity layer sticks, then there is a wider range of solutions to the problem. In particular, there is one that seemed impossible to me just a year ago, one that's consistent with the decentralized design of the Internet. That's an extraordinary gift to the online world, from a giant that increasingly depends on the Net's extraordinary design."
Lawrence Lessig on InfoCard (via Barry Briggs)