Mike Jones: self-issued

Musings on Digital Identity

Category: Windows CardSpace

Ashish Jain’s Open Letter to the CardSpace Team

By

On October 2, 2007

In Information Cards, Windows CardSpace

Today Ashish Jain posted an “Open Letter to the CardSpace Team” that I’d highly encourage everyone interested in Information Cards to read. As I replied to Ashish, this is fabulous feedback. These are exactly the kinds of issues we’re going to need to nail, both as the Microsoft CardSpace team, and as an industry, to get to seamless, ubiquitous use of Information Cards. Thanks for the great input!

As we’re planning future versions of CardSpace, it’s incredibly valuable to be hearing this and other constructive feedback from the community based on real deployment experiences. Keep it coming!

Towards that end, please permit me to be so bold, Ashish, as to ask you to write a second installment of your Open Letter. You did a tremendous job in the first capturing things that we could do better on. In the second it would be cool if you could capture the things that you believe that we already got right. Why? To hear you heap on the praise? No (although we’ll never refuse that when offered :-) ). I’m asking so that as we change things to make future versions better, we also have community input in some areas saying “This aspect of CardSpace is already working well for me — please keep it working at least that well in the future!”

And of course, my request doesn’t only apply to Ashish. The more concrete feedback we receive about what’s working well for you with CardSpace and what isn’t, the more data we’ll have to base our future decisions upon. Drop me a note when you post feedback and maybe also leave a blog comment on this post pointing to your feedback as well so I and others will be sure to see it.

Finally, as you know, the CardSpace team now has a voice at CardSpace: Behind The Code where you can expect to hear both posts both about things we’ve already improved in the upcoming the .Net Framework 3.5 release and also questions from the team and community dialog. So be sure to tune in to the discussion there as well.

Thanks again for the great letter, Ashish!

New CardSpace Team Blog, New CardSpace Features

By

On September 25, 2007

In Documentation, Information Cards, People, Windows CardSpace

I’m pleased to announce two great developments. First, the CardSpace team just established a team blog. The blog will provide a direct voice for the team members to communicate about their work.

Second, on the blog they’ve started a series of posts about new features to come in the .Net Framework 3.5, which will ship with Windows Vista Service Pack 1 and be available as a free download for Windows XP and Windows Server 2003. The first post in the series describes the ability to use Information Cards at relying parties over http connections, without requiring a SSL certificate. This was a feature a number of you had asked for and the team responded.

Subscribe to the blog and read the series! Also, check out Vittorio Bertocci’s useful commentary on the no-SSL feature.

Sign into your LiveID with an Information Card

By

On August 28, 2007

In Information Cards, LiveID, Windows CardSpace

The Windows LiveID team just added beta support for signing into your Windows LiveID accounts with self-issued Information Cards. Now I read my hotmail without ever typing a password. Very cool!

This post announced the support:

Windows Live ID adds Beta support for Information Cards with Windows CardSpace!

Windows CardSpace is a new way to sign in securely and conveniently into websites. And now you can use CardSpace with your Windows Live ID account! Using CardSpace with Windows Live ID means you don’t use a password to sign-in. Instead, just send your Information Card to Live ID to identify you and get signed into Hotmail, Windows Live Spaces or any other site that accepts Windows Live ID. And it is incredibly easy to use CardSpace with your Live ID. Just follow this link (here) to get going in minutes!

If you are using Windows Vista, you are all ready to use CardSpace! If you are on Windows XP or Windows 2003, you will need to get IE 7.0, our newest and coolest browser and .Net 3.0 with CardSpace support (if you don’t already have them). You will also need to add an Information Card to your Live ID account. To install these components and add an Information Card to your Live ID account, visit the Windows Live ID Information Card management page. Also go to that page to make changes to the Information Card added to your Live ID account.

Once you’ve added an Information Card to your Live ID account, sign in using the Information Card. You will be amazed at how easy it is! BTW, that Windows Live ID CardSpace support is still a “Beta”. We are still working on it and know a bunch of things that could be better. But do let us know your wish list; it is always good to get feedback.

Nayna Mutha, Program Manager – LiveID
Rob Franco, Lead Program Manager – Windows CardSpace

Here’s what it looks like:
LiveID InfoCard login page

Congratulations to the LiveID team for helping make the web safer and easier to use!

Information Card Deployment Guide Update

By

On August 2, 2007

In Documentation, Information Cards, Windows CardSpace

Sign in with your Information CardAn updated version of the Information Card Deployment Guide is now available. Among other improvements, it’s been updated to employ the Information Card Icon. As the original deployment guide announcement said:

So you’ve decided to use Information Cards on your web siteā€¦ Now what? I’m pleased to announce that we’ve just published a document giving step-by-step guidance to Web developers on what we believe are the best practices for doing this. The document walks Web site developers through two different deployment scenarios: sites exclusively using Information Cards for authentication, and mixed-mode sites allowing the use of either passwords or Information Cards. Examples are given for site sign-in, site sign-up, and handling lost Information Cards, including suggested confirmation text for each of these scenarios.

This link to the document Patterns for Supporting Information Cards at Web Sites: Personal Cards for Sign up and Signing In references the current version and will be updated to point to any future revisions as well. The Sample Information Card Site employs these guidelines and is built using the Information Card Relying Party Resources announced earlier. Enjoy adding Information Card support to your web sites!

User-Centric Identity Interop at Catalyst

By

On August 2, 2007

In Bandit Project, Firefox, Higgins Project, Information Cards, Interoperability, OpenID, Pamela Project, Shibboleth, Windows CardSpace

OSIS Logos

I’ve been waiting to write about the user-centric identity interop at the Burton Group Catalyst conference until the Burton Group report about the event was published. Now it’s here!

At the interop we demonstrated interoperability between 7 Identity Selectors, 11 Identity Providers, and 25 Relying Parties. As Bob Blakley wrote:

The interop event was a milestone in the maturation of user-centric identity technology. Prior to the event, there were some specifications, one commercial product, and a number of open-source projects. After the event, it can accurately be said that there is a running identity metasystem.

The full report includes a list of participants and the software they brought to the table, an overview of the results achieved, as well as the issues identified through the interop. See Bob’s post for all the details!

The report also includes thank-yous, to which I’d like to make some additions: Thanks are due to Jamie Lewis, Gerry Gebel, and Bob Blakley of the Burton Group for sharing our vision for this interop, striving to make it the best that it could be, and tirelessly working the details until it came true. You truly helped the industry to come together in a valuable and significant way.

Also, while I appreciate Bob’s thanks for the work I put into the Open Specification Promise, there were many believers in and drivers of this important work at Microsoft besides myself, both from the Law and Corporate Affairs team and from the Federated Identity product group. This was truly a team effort.

I’m also happy to report that there will be a follow-on interop in Europe at the Catalyst conference in Barcelona, October 22-25, which will hopefully include even more participants and scenarios, including more multi-protocol interoperation proof points. Hope to see you there!

Information Cards and CardSpace Book

By

On July 25, 2007

In Documentation, Information Cards, Windows CardSpace

Beginning Information Cards and CardSpace: From Novice to ProfessionalThe first CardSpace book, Marc Mercuri‘s Beginning Information Cards and CardSpace: From Novice to Professional went to press last week and can now be ordered. Marc is an expert in CardSpace and numerous related technologies and his book is chock full of practical examples and samples. Read more about Marc here. Another CardSpace expert, virtual team member, and friend of mine, Steven Woodward, served as technical editor for the book. Congratulations Marc and Steven!

Where to get Windows CardSpace

By

On July 3, 2007

In Documentation, Firefox, Windows CardSpace

In a recent comment, midtoad wrote:

There appears to be no way possible to allow my browser to recognize or use CardSpace cards. The one-minute video mentions a small download to be provided but none are available.

Let me try to help here. If you’re on Windows XP or Windows Server 2003 and you want to use Windows CardSpace you need to:

(Of course, if you’re on Windows Vista, you already have both.)

Finally, you didn’t say what browser you’re using. If you’re using IE you’re already set. If you’re using Firefox, follow the installation instructions at http://www.perpetual-motion.com/. And if you’re on other platforms, you might want to check out the Bandit Project’s DigitalMe downloads. Hope this helps!

Sample Information Card Site Live

By

On July 2, 2007

In Information Cards, Windows CardSpace

At http://www.cardspacedemos.com/FriendsWithCards/ you can try out a web site that uses Information Cards for account creation and site sign-in. It also allows you to create an account in the old way, with a username and password, and then associate Information Cards with that account. This site is intended to enable you to experience a site using Information Cards that you can use as a model for the flows on your site.

This site simulates e-mail address verification upon account creation. This enables “lost card” scenarios to be handled via card reset e-mails, similarly to how “lost password” scenarios are often handled today. I write “simulated”, because the site doesn’t actually send the e-mails — it just presents the bodies of the e-mails that would be sent as web pages.

This site is built using the Information Card Relying Party Resources I wrote about last week and follows the guidance in the Information Card Deployment Guide. I hope you will find this site useful to further your understanding of how to best employ information cards at your site.

Of course, site best practices are still a work in progress that others are helping to evolve as well, so I’d love to hear feedback on what you like at this site and what you think can be improved. For instance, Eric Norman correctly points out a place where the current site needs to be improved. The My Account page at SignOn.com already does a much better job here, identifying your cards by displaying your name and e-mail address, rather than an unintelligible string of characters. Keep those good ideas coming!

Initial Release of Bandit Project’s DigitalMe Identity Selector

By

On June 28, 2007

In Bandit Project, Higgins Project, Information Cards, Interoperability, Software, Windows CardSpace

Let me be the first to congratulate the Bandit and Higgins project members on the release of the DigitalMe Identity Selector for SuSE Linux! Now, for the first time, Linux users have an installable Identity Selector available to them that enables them to use Information Cards in a way that’s compatible with Windows CardSpace. See Novell’s press release “Bandit Project’s Cross-Platform Card Selector Gives Users Control of their Internet Identities“, the Identity Selector Service page, and the Identity Selector Service Download page for more details.

This announcement lets people who aren’t developers start to use Information Cards on Linux and builds on the interoperability successes demonstrated at Brainshare. And as the downloads page says, “Work is under way to provide packages for other Linux distros, OS X and Windows.” Great stuff!

Congratulations again!

Information Card Icon

By

On June 25, 2007

In Documentation, Information Cards, Windows CardSpace

Information Card IconI’m very pleased to announce that, as of today, there is now a graphical icon freely available for people to use to indicate that “Information Cards are accepted here”. This icon is intended to provide a common visual cue that Information Cards can be used to provide information to a site or program, similarly to how the RSS icon is used to indicate the availability of syndicated content.

The guidelines for the use of the icon, a frequently asked questions document, a set of png images of the icon rendered in a range of sizes, and the original artwork in Illustrator format are all available together in a download package. Please consult the guidelines and the FAQ before using the icon.

You’ll notice that the login page for my blog now uses the icon. Hopefully your sites will soon too!

And just for fun, because the icon is, after all, a graphical element, here’s a gallery of the renderings of the icon that we included in the downloads package. Enjoy!

Phishing-Resistant Authentication Specification Ready

By

On June 23, 2007

In Documentation, OpenID, Phishing Resistance, Specifications, Windows CardSpace

David Recordon just posted a simple draft OpenID specification enabling OpenID relying parties to request that a phishing-resistant authentication method be used by the OpenID provider and for providers to inform relying parties whether a phishing-resistant authentication method, such as Windows CardSpace, was used. This is a major step forward in fulfilling the promise of the JanRain/Microsoft/Sxip Identity/VeriSign OpenID/Windows CardSpace collaboration announcement introduced by Bill Gates and Craig Mundie at the RSA Security Conference this year.

In his post “Bringing Useful Scalable Security to OpenIDDavid wrote:

The integration cost of OpenID as a Relying Party is extremely low, the technology is free and as Brian Ellin and I showed at Web 2.0 Expo the time commitment is also low due to a lot of great Open Source code out there which takes care of the heavy lifting. So now the RP has successfully integrated OpenID and removed the need for new users to create yet another password for their site, though they no longer have the control over the strength of a user’s authentication process. The RP may be a simple Web 2.0 site and not care beyond that the user has a password, it may store marginally sensitive information and want to make sure that the Provider did something to help protect the user from common phishing attacks, or maybe it’s a site which has truly sensitive information and wants to make sure that a second-factor device, such as a VIP token, was used.

With the OpenID Provider Authentication Policy Extension that I just published, this is now possible. This extension to OpenID 1.1 and 2.0 allows Relying Parties to express preferences around the authentication, such as “use technology which is phishing resistant” (stemming from the collaboration announcement at the RSA conference earlier in the year), for the Provider to inform the user of the request, guide them through the authentication process, and then inform the Relying Party what happened. By taking advantage of existing specifications from the likes of the National Institute of Standards and Technology (NIST), Providers can also convey information as to the strength of a password or combination of a password and digital certificate or hardware device used. While the high-end of the specification may be beyond the uses of OpenID today, it certainly fulfills the scalable security vision that we have. Through this specification not only can I now strongly protect my OpenID identity, but let others know that I’m doing so and truly take advantage of a reduction in credentials needed when browsing the web.

I can’t wait to use the implementations that are sure to follow shortly!

Hands-On Information Card Interop at IIW

By

On May 25, 2007

In Bandit Project, Higgins Project, Information Cards, Interoperability, Pamela Project, Shibboleth, Software, Windows CardSpace

On Tuesday afternoon at IIW representatives from numerous Information Card projects sat down at the same table (actually, 3 tables so we would all fit :-) ) and systematically used our implementations together, exercising the different possible combinations. The session notes, as posted on the OSIS wiki, tell the story:

Notes from IIW 2007a

The OSIS group sponsored an Information Card interoperability connect-a-thon on May 15, 2007 as part of the Internet Identity Workshop 2007 A in Mountain View California. Participants collaborated to work through combinations of Identity Provider, Identity Agent, and Relying Party scenarios, in order to identify and workshop problems with interoperability. The following representatives were present and participated:

5 Information Card Selectors

  • Ian Brown’s Safari Plugin
  • XMLDAP
  • Windows Cardspace
  • Higgins IdA Native
  • Higgins IdA Java

11 Relying Parties

  • Bandit (basic wiki authentcation)
  • Bandit (elevated privileges)
  • PamelaWare
  • CA
  • XMLDAP
  • Windows Live RP (used to obtain a managed card)
  • Windows Live/single-issuer (where you can use the managed card)
  • Oracle RP
  • Identityblog RP (based on Rob Richards’ library)
  • Identityblog helloworld token RP
  • UW/Shibboleth

7 Identity Providers

  • Higgins
  • Bandit
  • XMLDAP
  • UW/Shibboleth
  • LiveLabs
  • HumanPresent
  • Identityblog HelloWorld IdP

4 Token Types

  • SAML 1.0
  • SAML 1.1
  • helloworld
  • username token

2 Authentication Mechanisms

  • username/password
  • self-issued (personal) card

Many combinations interoperated as expected; several issues were identified and are being fixed in preparation for the coming Information Card Interop event to be held at the Burton Group Catalyst Conference in San Francisco (June 25-29).

One of the things I love about IIW is that it’s a working meeting — not a series of mind-numbing presentations. This interop was a great example of the industry coming together and doing work together. And of course, this session was a dry run for the upcoming User-Centric Identity Interop event coming at Catalyst next month, where even more projects will be represented. Hope to see many of you there!

Open Source Information Card Relying Party Software Projects

By

On May 23, 2007

In Information Cards, Software, Windows CardSpace

Today at the Interop Conference in Las Vegas, Bob Muglia announced Microsoft’s sponsorship of four open source projects that are producing Information Card Relying Party software for important web programming environments: Ruby on Rails, Java, PHP, and C. The press release, which also talks about extending the Open Specification Promise to the Information Card Specifications, contains supportive quotations from several friends in the identity community: Paul Trevithick and Mary Ruddy, Tony Nadalin, Dale Olds, and Gerry Gebel.

Details on the Ruby and Java projects were announced, with details on the PHP and C projects to follow. See these sites for details:

Ruby on Rails Relying Party:
http://rubyforge.org/projects/informationcard/
http://www.codeplex.com/informationcardruby

Java Relying Party:
http://sourceforge.net/projects/informationcard/
http://www.codeplex.com/informationcardjava

Shibboleth Supporting Information Cards

By

On May 23, 2007

In Information Cards, Shibboleth, Software, Windows CardSpace

Today Internet2 announced that it is adding Information Card support to Shibboleth. This will enable the millions of members of the academic and research communities with identities provided by Shibboleth software to use those identities under user control through Information Cards at sites where they are accepted. Microsoft is a sponsor of this work, just as it sponsored the earlier Internet2 work to add WS-Federation support to Shibboleth.

I had the pleasure of test driving an early version of this software running at the University of Washington during IIW last week during the user-centric interop session there on Tuesday afternoon, courtesy of RL “Bob” Morgan. Very cool!

Interoperable Verified Identity Claims

By

On May 19, 2007

In Claims, Information Cards, Windows CardSpace

Monday morning before the Internet Identity Workshop people representing both providers of verified identity attributes and some of the key Information Card software projects met to talk about interoperable ways of exchanging verified identity claims via Information Cards. Verified claims are made by third party identity provider on your behalf, and have been validated in some fashion by the identity provider.

For instance, while I might claim that my street address is 123 Main Street, a statement by an authoritative data source on my behalf that they have verified that my address is 123 Main Street is substantially more valuable and may be required by relying parties for some purposes.

While the statement “I have verified the subject’s address as being 123 Main Street” is expressible in innumerable ways, the participants expressed a shared interest in expressing it the same way. That way Information Cards making this statement by different identity providers will interoperate, giving relying parties a choice of verified identity providers, which is good for everyone. The high-order bit coming out of this discussion is that we all agreed to agree.

The primary problem we tackled together was how to represent verified versions of the claims expressible in self-issued Information Cards like Name, Address, E-mail address, Gender, Date of Birth, etc. The constraints on the solution we agreed to were:

  • Compatibility with self-issued cards: Cards capable of issuing verified claims should also be accepted by relying parties willing to accept unverified versions of these claims.
  • Verification of individual claims: It should be possible to issue tokens in which some claims are verified and others are not.
  • Compatibility with CardSpace V1: The method for expressing verified identity claims should be usable from the first release of Windows CardSpace, as well as other compatible identity selectors such as the Higgins and Bandit selectors.

The solution we whiteboarded out together has the following properties:

  • Identity providers should advertise the ability to provide claims corresponding to the standard self-issued set under the standard schema URIs for self-issued cards, such as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress, even if a verified form of the claim is available. This satisfies the “compatibility with self-issued cards” requirement.
  • Identity providers will use a SAML 1.0 token for expressing verified identity claims intended to be compatible with self-issued information cards.
  • Identity providers will use common URIs for advertising and providing the verified versions of the claims in the self-issued claims schema. For the verified versions of the claims rooted at http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ we discussed a strawman proposal of rooting the corresponding verified version under http://schemas.xmlsoap.org/ws/2005/05/identity/claims/verified/. For instance, the URI for a verified street address claim would be http://schemas.xmlsoap.org/ws/2005/05/identity/claims/verified/streetaddress.

Of course, agreeing to common URIs for advertising and requesting verified claims is only the first step. Interoperability also requires that the structure of the verified claim values be compatible.

Verified claims, as currently issued by data providers through existing channels, are structured records containing both the data values as well as statements about the data. When provided via Information Cards, this will still be true.

Guided by input from the participating data providers, we whiteboarded the following proposal for how to structure these values:

  • Each verified claim value will be represented as a standard XML structure with a required subfield, optional standard subfields, and optional extension subfields that can be defined by identity providers.
  • The required subfield is the “value” field, providing the verified value of the claim.
  • Optional interoperable subfields discussed were:
    • who: What party verified the claim.
    • how: How the claim was verified.
    • when: When the claim was verified.
    • expires: When the verification should be treated as having expired.
    • supplied: The value supplied as input to the verification, which may differ from the “value” field. For instance, while the verified value of my given name might be “Michael”, the supplied value might be “Mike”.

For example, in response to a relying party’s request for the claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/verified/givenname a response might be:

<verified>
  <value>Michael</value>
  <who>Acme Data Provider</who>
  <when>2007-05-14T16:30:00Z</when>
</verified>

Of course, defining fields like these begs the question “what data types do these fields use?” In response, a proposal was made to consider making this explicit by allowing (or requiring) that a type URI be provided for each such element, thus making the fields self-describing.

One possibility is to add a “type” attribute to these fields to provide this information. Here’s an example illustrating this approach:

<verified>
  <value type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">Michael</value>
  <who type="http://www.w3.org/2001/XMLSchema#string">Acme Data Provider</who>
  <when type="http://www.ietf.org/rfc/rfc3339.txt">2007-05-14T16:30:00Z</when>
</verified>

Beyond the self-issued claim types
Of course, the vast majority of verified claims will not correspond to the self-issued card claim types. Many will be specific to particular application domains. There was agreement that wherever possible, existing schemas should be used. For instance, in the employment space, HR-XML schemas might be utilized.

Another issue raised was that some kinds of verified claims will themselves be complex data structures, such as “employment history”, “education”, or “professional certifications”. While the display token value for these claims should try to communicate something of value, such as an indication of the most recent job or degree, it was recognized that the person may have to go directly to the identity provider to view these claims in full detail.

Next Steps
It is our hope that this discussion will lead to experts defining precise representations for these and other useful interoperable claims. The parties involved in these discussions all want to see this happen soon so that identity providers and relying parties can start to take advantage of interoperable verified claims through Information Cards as soon as possible.

Caveats and Closing
The examples above are illustrative, not normative. They’re intended to document the discussion we had and provoke further discussion. I’m sure there are numerous ways that they can be improved and useful approaches that we didn’t even think of. Please join in!

Discussion participants were:

John Cartin, BackgroundChecks.com
Pat Mangiacotti, BackgroundChecks.com
Tony Nadalin, IBM / Higgins Project
Dieter Sommer, IBM / Higgins Project / Idemix
John Dancu, IDology
Mike Jones, Microsoft / CardSpace
Andy Hodgkinson, Novell / Bandit Project / Higgins Project
Paul Antoniades, ooTao
Barry Beechinor, ooTao
Andy Dale, ooTao
Mary Ruddy, Social Physics / Higgins Project
Dick Hardt, Sxip Identity
Brian Hernacki, Symantec
Bill Johnson, Symantec
David Recordon, VeriSign
Andrew Jaquith, Yankee Group

Thanks all for a lively and productive discussion!

Updated versions of Information Card profile documents published

By

On May 15, 2007

In Documentation, Information Cards, Specifications, Windows CardSpace

New versions of three Information Card documents are now available:

These documents are intended for people building software that plays any of the roles in the Information Card ecosystem: Identity Providers to issue cards, Relying Parties to accept cards, and Identity Selectors to put the person in control by enabling them to employ Information Cards when and where they choose. They include the specifications necessary to move Information Cards from one Identity Selector implementation to another, enabling card portability. And they’re also for those of you who just want to look under the hood and understand how it all works…

Along with these updated documents also comes updated licensing. We recently completed the technical and legal review of the normative specifications that enabled us to bring them under Microsoft’s Open Specification Promise. While this had been in the queue since the beginning, sometimes good things take time and come in stages. Once we had a complete, highly reviewed (and community reviewed) version of the interoperability specifications, that enabled us to complete this licensing work as well.

Thanks to all of you who reviewed earlier versions of these docs and especially those of you who built software based upon them. These documents greatly benefited from the substantial community feedback we received.

A footnote for those of you who have used earlier drafts of these documentsā€¦ The “Identity Selector Interoperability Profile V1.0” was formerly known as “A Technical Reference to the Information Card Profile V1.0”; “An Implementer’s Guide to the Identity Selector Interoperability Profile V1.0” was formerly known as “A Guide to Interoperating with the Information Card Profile V1.0”; “A Guide to Using the Identity Selector Interoperability Profile V1.0 within Web Applications and Browsers” was formerly known as “A Guide to Supporting Information Cards within Web Applications and Browsers as of the Information Card Profile V1.0”.

Information Card Deployment Guide now live!

By

On April 30, 2007

In Documentation, Information Cards, Windows CardSpace

So you’ve decided to use Information Cards on your web site… Now what? I’m pleased to announce that we’ve just published a document giving step-by-step guidance to Web developers on what we believe are the best practices for doing this: Patterns for Supporting Information Cards at Web Sites: Personal Cards for Sign up and Signing In.

The document walks Web site developers through two different deployment scenarios: sites exclusively using Information Cards for authentication, and mixed-mode sites allowing the use of either passwords or Information Cards. Examples are given for site sign-in, site sign-up, and handling lost Information Cards, including suggested confirmation text for each of these scenarios.

We all owe Bill Barnes, Garrett Serack, and Keith Ballinger, as well as others behind the scenes, a big thank you for making this happen. Enjoy!

Who are you?

By

On April 5, 2007

In Bandit Project, Information Cards, Interoperability, Windows CardSpace

On March 21st at Novell’s BrainShare 2007 conference, Dale Olds and I co-presented the session Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity”. Our presentation was a brief history of digital identity solutions, ranging from a password per application to interoperable user-centric digital identity using the Information Card metaphor and several steps in between.

demo self-issued cardThe coolest thing in the session was the first public demo of the Bandit/Higgins cross-platform Identity Selector. During the demo Dale and I both used the same self-issued Information Card (that I created on the BrainShare show floor :-) ) to log into a Bandit relying party site, Dale from Linux and me with Windows CardSpace. As Dale and Pat Felsted blogged, two days later the Bandits also demonstrated their selector running on the Mac. Also see Pat’s post on the Details of the Cross Platform Identity Selector.

Great progress towards enabling everyone to answer the question “Who are you?” online with the Information Card of their choice!

Page 3 of 3

Previous

Powered by WordPress & Theme by Anders Norén