Windows CardSpace

From Wikipedia, the free encyclopedia

This subsystem is a part of .NET Framework 3.0
Enlarge
This subsystem is a part of .NET Framework 3.0

Windows CardSpace, formerly known by its codename InfoCard, is a framework developed by Microsoft which securely stores digital identities of a person, and provides a unified interface for choosing the identity for a particular transaction, such as logging in to a website. Windows CardSpace is a central part of Microsoft's effort to create an Identity Metasystem, or a unified, secure and interoperable identity layer for the Internet.

Contents

[edit] Overview

When a CardSpace-enabled application or website wishes to obtain personal information about the user, the app or site demands a particular set of claims or a particular token type from the user. CardSpace then appears, taking over the display of the computer and represents the stored identities as virtual information cards. The user selects the card to use and the CardSpace software contacts the issuer of the identity to obtain a digitally signed XML token that contains the requested information.

CardSpace allows users to create self-issued identities for themselves, which can contain one or more of around 15 fields of telephone-book quality identity information. Other transactions may require a managed identity issued by a trusted identity provider, such as a bank, employer or a governmental agency.

Windows CardSpace is built on top of Web Services Protocol Stack, an open set of XML-based protocols, including WS-Security, WS-Trust, WS-MetadataExchange and WS-SecurityPolicy. This means that any technology or platform which supports WS-* protocols can integrate with CardSpace. In order to accept information cards, a website developer simply needs to declare an HTML <OBJECT> tag that specifies the claims the website is demanding from the user and then implement code to decrypt the returned token and extract the claim values. If an Identity Provider wants to issue tokens, they must provide a means by which a user can obtain a managed card and provide a Security Token Service (STS) which handles WS-Trust requests and returns an appropriate encrypted & signed token. If an IP does not wish to build an STS, they will be able to obtain one from a variety of vendors including PingID, BMC, Sun or Microsoft, as well as other companies or organizations.

Because it is token-agnostic, CardSpace does not compete directly with other Internet identity architectures like OpenID and Liberty Alliance. In some ways the three approaches to identity can be seen as complementary. [1]

In February 2006, IBM and Novell announced that they will support the Higgins trust framework to provide a development framework that subsumes a support for the Web Services Protocol Stack underlying CardSpace within a broader, extensible support for diverse other identity-related technologies, such as SAML and OpenID. (Note that initial reports in the mainstream media positioning Higgins as a direct competitor for InfoCard [2] were somewhat misconstrued.)

Microsoft plans to include Windows CardSpace within its impending new Operating System Windows Vista, and is also available as part of Microsoft's .NET Framework 3.0 for Windows XP and Windows Server 2003.

[edit] See also

[edit] External links

[edit] Microsoft

[edit] Other

Retrieved from "http://en.wikipedia.org../../../w/i/n/Windows_CardSpace_0ab5.html"
In other languages