Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software, that enables users to provide their digital identity to online services in a simple, secure and trusted way.
It is what is known as an identity selector: when a user - or subject - needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it - though this is not actually stored in the card - and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider - this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated.
CardSpace is an implementation of an identity selector on Microsoft Windows. Other operating systems will see their own identity selector implementations.
The architecture upon which CardSpace has been built - consisting of subjects, identity providers and relying parties - is called “The Identity Metasystem”.
This isn’t just a Microsoft initiative, but rather it is the shared vision of many across the industry as to how we can solve some of the fundamental identity challenges on the Internet today. The initial vision for the Identity Metasystem was developed by Microsoft’s Identity Architect, Kim Cameron, and has been broadly adopted and championed by thought-leaders such as Doc Searls and Lawrence Lessig. To learn more about the metasystem and the guiding principles behind it (“The Laws of Identity”), refer to the whitepapers on MSDN and Kim’s blog, www.identityblog.com.
Thanks & Regards,
Arun Manglick
SMTS || Microsoft Technology Practice || Bridgestone - Tyre Link || Persistent Systems || 3023-6258
DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
No comments:
Post a Comment