Windows CardSpace

Windows CardSpace

Windows CardSpace (codenamed InfoCard), is Microsoft's client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual Information Cards. CardSpace provides a consistent UI that enables people to easily use these identities in applications and web sites where they are accepted.

Overview

When an Information Card-enabled application or website wishes to obtain information about the user, the application or website requests a particular set of claims from the user. The CardSpace UI then appears, switching the display to the CardSpace service, which displays the user's stored identities as visual Information Cards. The user selects the InfoCard to use and the CardSpace software contacts the issuer of the identity to obtain a digitally signed XML token that contains the requested information. CardSpace also allows users to create "personal" (also known as "self-issued") Information Cards, which can contain one or more of 14 fields of telephone book-quality identity information (that is to say, labeled and categorized information, such as full name, address, etc., though most fields are optional). Other transactions may require a "managed" InfoCard; these are issued by a third party "identity provider" that makes the claims on the person's behalf, such as a bank, employer, or a government agency.

Windows CardSpace is built on top of the Web Services Protocol Stack, an open set of XML-based protocols, including WS-Security, WS-Trust, WS-MetadataExchange and WS-SecurityPolicy. This means that any technology or platform that supports WS-* protocols can integrate with CardSpace. In order to accept Information Cards, a website developer simply needs to declare an HTML tag that specifies the claims the website is demanding from the user and then implement code to decrypt the returned token and extract the claim values. If an Identity Provider wants to issue tokens, they must provide a means by which a user can obtain a managed card and provide a Security Token Service (STS) which handles WS-Trust requests and returns an appropriate encrypted & signed token. If an Identity Provider does not wish to build an STS, they will be able to obtain one from a variety of vendors including PingID, BMC, Sun Microsystems, Microsoft, or Siemens, as well as other companies or organizations.

Because CardSpace and the Identity Metasystem upon which it is based are token-format-agnostic, CardSpace does not compete directly with other Internet identity architectures like OpenID and SAML. In some ways, these three approaches to identity can be seen as complementary. [ [http://netmesh.info/jernst/Digital_Identity/three-standards.html Three Digital Identity Standards] ] Indeed, Information Cards can be used today for signing into OpenID providers, Windows Live ID accounts, SAML identity providers, and other kinds of services.

IBM and Novell will support [ [http://www-03.ibm.com/press/us/en/pressrelease/19280.wss Novell Press Release] ] the Higgins trust framework to provide a development framework that includes support for Information Cards and the Web Services Protocol Stack underlying CardSpace within a broader, extensible framework also supporting other identity-related technologies, such as SAML and OpenID.

Microsoft initially shipped Windows CardSpace with the .NET Framework 3.0, which runs on Windows XP, Windows Server 2003, and Windows Vista. It is installed by default on Windows Vista and is available as a free download for XP and Server 2003 via Windows Update. An updated version of CardSpace shipped with the .NET Framework 3.5.

See also

* Information Card
* Identity 2.0
* Higgins Project
* Shibboleth (Internet2)

References


* [http://download.microsoft.com/download/1/1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1.pdf Identity Selector Interoperability Profile] , Arun Nanda, April 2007.
* [http://download.microsoft.com/download/1/1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1-Guide.pdf An Implementer's Guide to the Identity Selector Interoperability Profile V1.0] , Microsoft Corporation and Ping Identity Corporation, April 2007.
* [http://download.microsoft.com/download/1/1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1-Web-Guide.pdf A Guide to Using the Identity Selector Interoperability Profile V1.0 within Web Applications and Browsers] , Michael B. Jones, April 2007.
* [http://research.microsoft.com/~mbj/papers/Identity_Metasystem_Design_Rationale.pdf Design Rationale behind the Identity Metasystem Architecture] , Kim Cameron and Michael B. Jones, January 2006.
* [http://www.microsoft.com/interop/osp/ Microsoft Open Specification Promise] , May 2007.

Additional resources

* Vittorio Bertocci, Garrett Serack, Caleb Baker: "Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities", December 27 2007, Addison-Wesley, ISBN 0-321-49684-1

External links

;Informational
* [http://www.microsoft.com/windows/products/winfamily/cardspace/default.mspx A consumer introduction to Windows CardSpace]
* [http://msdn.microsoft.com/CardSpace Microsoft Developer Network (MSDN) CardSpace page] – Developer articles and technical documentation on Windows CardSpace.
* [http://netfx3.com/content/WindowsCardspaceHome.aspx Microsoft .NET Framework 3.0 Community (NetFx3)] – CardSpace community site.
* [http://msdn2.microsoft.com/en-us/library/ms996456.aspx The Laws of Identity] , Kim Cameron, May 2005.

;Software development
* [http://go.microsoft.com/fwlink/?LinkId=89183 Microsoft Information Card Kit for ASP.NET 2.0] – ASP.NET Relying Party code to support CardSpace.
* [http://go.microsoft.com/fwlink/?LinkId=89182 Microsoft Information Card Kit for HTML] – platform-independent JavaScript and CSS code that detects if the client can use Information Cards and provides the corresponding UI support.
*Open Source [http://www.codeplex.com/informationcardruby Ruby] Relying Party code for accepting Information Cards.
*Open Source [http://www.codeplex.com/informationcardjava Java] Relying Party code for accepting Information Cards.
*Open Source [https://infocard-demo.labs.pingidentity.com/ C and PHP] Relying Party code for accepting Information Cards.
*Open Source [http://www.carillon.ca/products/demo-sts.php PHP] Secure Token Service code for managed Information Cards.
*Open Source [https://sharpsts.com/ C#] Secure Token Service code for managed Information Cards.
*Open Source [http://wso2.org/downloads/solutions/identity WSO2 Identity Solution] WSO2 Identity Solution is a set of Relying Party components and an Identity Provider to enable CardSpace and OpenID authentication.

;Identity selectors
* [http://www.bandit-project.org/index.php/Digital_Me Digital Me] – an open source Identity Selector for Linux and Mac OS X
* [http://www.hccp.org/safari-plug-in.html A plug-in] for Apple's Safari implementing an Information Card identity selector.
* [http://www.codeplex.com/IdentitySelector A plug-in] for Firefox to activate CardSpace and other identity selectors.

;Blogs
* [http://www.identityblog.com/ Kim Cameron's Identity Weblog] – Information from Microsoft's architect for identity.
* [http://self-issued.info/ Mike Jones' blog] – Information on CardSpace, Information Cards, and the Digital Identity from Microsoft's Director of Identity Partnerships.
* [http://blogs.msdn.com/vbertocci/ Vittorio Bertocci's Weblog] – Information on designing and developing with CardSpace from Microsoft's architect evangelist for Windows Server 2008.
* [http://blogs.msdn.com/card/ CardSpace team blog] – Information on CardSpace from the CardSpace team itself.

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Windows CardSpace — в составе .NET Framework Windows CardSpace  ныне отмененное клиентское ПО с патентованной технологией единого входа от Microsoft. WCS  это способ идентификации пользователей при пе …   Википедия

  • Windows CardSpace — (ehemals InfoCard) ist Bestandteil des Microsoft .NET Frameworks. CardSpace ist eine Technologie zur Identitätsverwaltung und kann zur Authentifizierung und/oder Identifizierung gegenüber Webseiten und Webservices genutzt werden. Unter Windows… …   Deutsch Wikipedia

  • Windows CardSpace — (nom de code : InfoCard), est un système désormais obsolète de gestion d identités par authentification unique mise en place par Microsoft pour son système d exploitation Windows Vista. Microsoft a annoncé le 15 février 2011 son abandon,… …   Wikipédia en Français

  • CardSpace — Windows CardSpace (ehemals InfoCard) ist Bestandteil des Microsoft .NET Frameworks. CardSpace ist eine Technologie zur Identitätsverwaltung und kann zur Authentifizierung und/oder Identifizierung gegenüber Webseiten und Webservices genutzt werden …   Deutsch Wikipedia

  • Windows Live ID — An example of a Windows Live ID sign in page Type Single sign on …   Wikipedia

  • Windows Live ID — Разработчик Microsoft Сайт …   Википедия

  • Windows PowerShell — Windows PowerShell …   Википедия

  • Windows Script Host — (WSH; первоначально назывался Windows Scripting Host, был переименован ко второму выпуску)  компонент Microsoft Windows, предназначенный для запуска сценариев на скриптовых языках JScript и VBScript, а также и на других дополнительно… …   Википедия

  • Windows Media — Windows Media  мультимедийный набор от Microsoft для создания и распространения аудио и видеофайлов для Windows. Включает набор средств разработки и интерфейс программирования приложений. Составляющие Приложения Windows Media Encoder Windows …   Википедия

  • Windows Template Library — Тип библиотека (программирование) Разработчик Nenad Stefanovic Написана на С++ Операционная система Microsoft Windows Последняя версия WTL 8.1.11324 (21.11.2011) Лицензия …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”