Information Cards are personal digital identities that people can use online, and the key component of Identity Metasystem. Visually, each i-card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select one they want to use for any given interaction. The Information Card metaphor is implemented by Identity Selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector.
The Identity Metasystem is an interoperable architecture for digital identity that enables people to have and employ a collection of digital identities based on multiple underlying technologies, implementations, and providers. Using this approach, customers can continue to use their existing identity infrastructure investments, choose the identity technology that works best for them, and more easily migrate from old technologies to new technologies without sacrificing interoperability with others. The Identity Metasystem is based upon the principles in The Laws of Identity.
There are three participants in digital identity interactions using Information Cards:
An Identity Selector is used to store, manage, and use their digital identities. Examples of Identity Selectors are Microsoft's Windows CardSpace, the Bandit Project's DigitalMe, and several kinds of Identity Selectors from the Eclipse Foundation's Higgins project.
An Identity Selector performs the following user-centric identity management tasks:
An Identity Selector may also allow the user to manage (e.g. create, review, update, and delete cards within) their portfolio of i-cards.
There are five key components to the Identity Metasystem:
Using i-cards, users can authenticate without needing a username and password for every web site; instead, at sites accepting them, they can log in with an i-card, which may be used at multiple sites.
Each Information Card utilizes a distinct pair-wise digital key for every realm where a key is requested. A realm may be a single site or a set of related sites all sharing the same target scope information when requesting an Information Card. The use of distinct pair-wise keys per realm means that even if a person is tricked into logging into an imposter site with an i-card, a different key would be used at that site than the site that the imposter was trying to impersonate; no shared secret is released.