*** Welcome to piglix ***

Windows CardSpace

Windows CardSpace
A component of Microsoft Windows
Windows CardSpace icon.png
Cardspace identity selector.png
The Windows CardSpace user interface
Details
Type Identity management system
Included with Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2
Also available for Windows XP and Windows Server 2003
Service name Windows CardSpace (idsvc)
Description Securely enables the creation, management, and disclosure of digital identities.
Related components
Active Directory Federation Services
Windows Identity Foundation
Active Directory Rights Management Services

Windows CardSpace (codenamed InfoCard), is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual Information Cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

When an Information Card-enabled application or website wishes to obtain information about the user, the application or website requests a particular set of claims from the user. The CardSpace UI then appears, switching the display to the CardSpace service, which displays the user's stored identities as visual i-cards. The user selects the InfoCard to use and the CardSpace software contacts the issuer of the identity to obtain a digitally signed XML token that contains the requested information. CardSpace also allows users to create personal (also known as self-issued) Information Cards, which can contain one or more of 14 fields of identity information such as full name, address, etc. Other transactions may require a managed InfoCard; these are issued by a third party identity provider that makes the claims on the person's behalf, such as a bank, employer, or a government agency.

Windows CardSpace is built on top of the , an open set of XML-based protocols, including WS-Security, WS-Trust, WS-MetadataExchange and WS-SecurityPolicy. This means that any technology or platform that supports WS-* protocols can integrate with CardSpace. In order to accept Information Cards, a website developer simply needs to declare an HTML <OBJECT> tag that specifies the claims the website is demanding from the user and then implement code to decrypt the returned token and extract the claim values. If an Identity Provider wants to issue tokens, they must provide a means by which a user can obtain a managed card and provide a Security Token Service (STS) which handles WS-Trust requests and returns an appropriate encrypted & signed token. If an Identity Provider does not wish to build an STS, they will be able to obtain one from a variety of vendors including PingIdentity, BMC, Sun Microsystems, Microsoft, or Siemens, as well as other companies or organizations.


...
Wikipedia

...