Musings on Digital Identity

Month: May 2010

Card Issuance CTP for AD FS 2.0

Information Card IconToday Microsoft released a Community Technology Preview (CTP) of software for issuing Information Cards that works with the recently released Active Directory Federation Services (AD FS) 2.0 server software. This means that as well as supporting identities using WS-Federation and SAML 2.0, people can try out scenarios where their identities are based on Active Directory, AD FS 2.0 provides the claims for them using WS-Trust, and cards using the AD FS 2.0 WS-Trust endpoints are issued using the CTP.

As well as working with the current CardSpace 2.0 beta, these cards work with CardSpace 1, which shipped with Windows 7 and Windows Vista and is available for download on Windows XP. They should also work with other identity selectors, both on Windows and on other platforms.

You can ask questions about this at or by participating in the CardSpace forum.

2010 OpenID Summit EU

OpenID logoA European OpenID summit will be held in London on Tuesday, June 8th at the Microsoft Offices at Cardinal Place, 100 Victoria Street, London SW1E 5JL, UK. This is the same location as the European e-Identity Management Conference, which follows it June 9th and 10th. Topics are expected to include: use cases, issues and problems encountered, solutions proposed, the OpenID v.Next effort, and EU trust profile topics.

Register at If you’re interested in presenting, please include your proposed topic in your registration.

This summit builds upon the recent 2010 OpenID User Experience (UX) Summit and the 2010 OpenID Technology Summit West. I’m looking forward to seeing many of you there!

AD FS 2.0 Has Shipped

Active Directory Federation Services (AD FS) 2.0 shipped today. In addition to supporting WS-Federation, as the first version did, this release also supports the SAML 2.0 and WS-Trust protocols.

At this milestone, I’d like to thank the numerous partners who did extensive interop testing with us as AD FS 2.0 was being developed, helping ensure that it works well with other’s products. Milestones along the way included early interop testing with Shibboleth, IBM, and Ping Identity during Beta 1, interop work with CA, Novell, and Sun during Beta 2, the Federation Interop at Catalyst in July 2009, the Liberty Alliance SAML 2.0 testing last summer, and the OASIS IMI interop at RSA in March. Plus, we’re grateful to the numerous customers who test-drove and gave us invaluable feedback on AD FS 2.0 and the other “Geneva” wave products as they were being developed. This release is far stronger because of all of your contributions!

Update to Identity Selector Detection Script for IE8

Information Card IconIn December, 2006 Garrett Serack (Fear the Cowboy!) wrote about Detecting CardSpace support, including FireFox. His detection script since made its way onto numerous sites and into relying party software releases.

Unfortunately, this script didn’t detect selectors on Internet Explorer 8 due to changes between IE7 and IE8. Andrew Arnot asked the question Why don’t InfoCards work in IE8? on, and then subsequently answered his own question, with help from the IE8 team. Given I’ve referred people to this answer numerous times since, I decided to re-post it here, both for others, and for my own ease of reference.

Here’s the fix… If you’re using Garrett’s original JavaScript, replace the line:
    embed.setAttribute("type", "application/x-informationcard");
    embed.type = "application/x-informationcard";
Then your relying party will work with IE7, IE8, and Firefox.

Powered by WordPress & Theme by Anders Norén