CardSpace: Quick Start

Windows CardSpace is but a single example of Information Card technology, but it is the best-known. This summary is meant to detail the current state of Information Card Technology as it evolves over time. If you find that this summary is missing information, please comment and I will make sure to update it.

Last updated: 12 August 2008 6 January 2008 28 May 2007 4 April, 2007 27 January, 2007

Information Cards in a Nutshell

CardSpace is a software client that runs on Microsoft Windows, and which can participate as an Identity Selector within the framework of the Identity Metasystem, one of theoretically many different card systems that utilize Information Cards. CardSpace utilizes WS-* protocols to communicate claims between three parties: the Identity Provider (IdP), the Relying Party (RP), and the Identity Selector.

  1. A user requests access to a resource or begins a transaction that requires information card validation. This site (called the Relying Party because it wishes to rely upon information from another source) triggers an Identity Selector client to start on the user’s local desktop. Examples of this could be authentication to a web resource, or entering into a purchasing transaction where credit card information is requested. The Relying Party requests one or more units of information – each unit of information is called a “claim”.
  2. The Identity Selector client prompts the user to choose one of possibly many “information cards” that represent collections of claims owned/managed by any number of different Identity Providers, and that match the types of claims required by the Relying Party. Note that the information card itself is just a pointer to the data, it does not contain any data.
  3. Once the user selects a card, the Identity Selector client brokers the transfer of claim values between the chosen Identity Provider and the original Relying Party. If/when the Relying Party accepts the brokered claims, the transaction is considered successful and the Identity Selector closes.

Things to Remember

  • Although CardSpace is just one implementation of one part of a 3-part system, many people say “CardSpace” and mean not just the client, but the whole process. This isn’t perfect usage but it gets the general point across. CardSpace has much more visibility than “the Identity Metasystem” as an understood term.
  • The generic concept of information cards has many synonyms and abbreviations: i-cards, iCard, and infocard are some examples.
  • CardSpace and Windows Card Services (WCS) are the same thing, and they both used to be known as “InfoCard”.
  • The CardSpace client is installed as part of the “.NET Framework 3.x” subsystem (formerly WinFX).
    • The original version of CardSpace was part of .NET Framework 3.0.
    • There is a new version of CardSpace, included with .NET Framework 3.5.
    • As of 11 Aug 2008, SP1 for .NET 3.5 is available.
  • The CardSpace client can be triggered in two ways:
    • From a browser.
    • From a desktop application (ie a rich client)
      • Could be a service built using Windows Communication Foundation (formerly Indigo).
      • Could be a service built using Zermatt, which is currently in public beta
  • The applet that starts CardSpace from the Control Panel used to be called “digital identities” but now it is called “Windows CardSpace”.
  • Information cards can currently be of two types:
    • Self-issued (now called Personal) Cards:
      • Self-issued cards contain data that users may create and manage from within the identity selector.
      • Self-issued cards may only contain a strict list of claims.
    • Managed Cards:
      • Managed cards contain data that is owned by an “authority” that is not the Identity Selector. Data about the user is managed at the Identity Provider, and the Identity Provider is responsible for the veracity of that data.
      • Managed cards can contain any kind of claim.
  • Some Identity Selectors also require a separate “Browser Add-on” in order to function – this browser add-on works to trigger standalone identity selectors, and to select which of possibly multiple identity selectors should open when you begin an information card transaction.

Starting point

Information Card Foundation

  • This foundation has been formed as a focal point for users and developers – not a lot of content is there, but we are working on it.

Infomation Card Documentation List

  • This is my list of technical and non-technical documentation on the subject of Information Cards.

Kim Cameron’s Identity Weblog.

  • Kim came up with the concept of information cards and has evangelized them tirelessly ever since. His blog acts as an aggregator for the debate around information cards, CardSpace, user-centric identity, and identity in general. He’s Maven, Connector, and Salesman all in one package.

Internet Scale Identity Systems Overview

Ping Identity put this white paper together to describe & compare the major forces in User-centric identity. It is a good overview of the problem space.

Identity Selectors

Windows CardSpace

CardSpace can be triggered from IE7 natively, and from Firefox using a browser extension (get it here).

  • Windows CardSpace Sandbox
    • This contains the list of what you need and where to get it for the purpose of authenticating to the handful of example sites on the web that take information cards (Check out the Information Card Enabled Internet Sites section below).
  • Windows CardSpace Simple Demo
    • This is a channel 9 video by Richard Turner which shows the Windows CardSpace client in use.

DigitalMe

DigitalMe is part of Higgins, and packaged by the Bandit team at Novell. DigitalMe is open-source code that can theoretically be compiled for any platform, but is currently being supported in binary form for SUSE and Mac OSX. DigitalMe can be triggered from Firefox.

Bandit Main Site

Bandit Code Downloads

Azigo

Azigo is an Adobe AIR based Identity Selector.

Azigo.com

OpenInfocard/XMLDAP Firefox Identity Selector

The OpenInfocard Identity Selector is browser-based, installable as a Firefox browser extension.

OpenInfocard/XMLDAP Identity Selector Download Page

Higgins Identity Selectors

There are two Higgins Identity Selectors:

Ian Brown’s Safari Selector

This is a browser-based Identity Selector plugin for Apple’s Safari Browser.

Check here for more information

Identity Providers

Play with cards in a test environment:

Create and work with Managed Information Cards

Downloads of Relying Party Modules & Code

PHP

the Pamela Project: contains PHP code for WordPress, and is expanding to Joomla and MediaWiki in the near future. Also contains test blogs that you can authenticate to with information cards to test the technology.

Java

OpenSSO Java Module: A snap-in module for information card authentication to OpenSSO and Sun Access Manager

http://sourceforge.net/projects/informationcard/

http://www.codeplex.com/informationcardjava

Ruby

http://rubyforge.org/projects/informationcard/

http://www.codeplex.com/informationcardruby

.NET

Write your own Relying Party and/or Identity Provider code:

Enable your site to accept Information Cards:

Supported Platforms

  • CardSpace is supported on the Vista, XP, and W2K3 Windows platform.
  • CardSpace v3.0 does not work on systems with a FAT32 root filesystem, only on NTFS (however CardSpace v3.5 does work on FAT32).

Platform/Browser Combinations

Windows/IE7 – CardSpace selector works by default for IE7, thanks to an ActiveX control called ‘infocardsigninhelper’
Windows/Firefox – CardSpace selector can be launched by Kevin Miller’s CardSpace Extension.
Any/Firefox

Apple/Safari – Ian Brown’s Identity Selector Safari Extension is also java-based, and is closely related to Chuck’s selector.

Linux/Firefox – the Higgins native client is mostly running on OpenSUSE right now, but eventually there will be packages for all sorts of unix-based operating systems.

Governing Bodies

  • OSIS is an open-source initiative to create an Identity Selector that runs on multiple platforms.
  • The Information Card Foundation (ICF)
  • A new OASIS Technical Committee is being formed – more information as it arrives

Discussion Forums

Windows CardSpace MSDN Forum

News & Announcements

Check Kim’s blog for things like who in the community is doing fun things with the identity metasystem.

Check the WCS Main Page for technical announcements such as new CTP releases.

Information Card Products

WS02 (haven’t played with this yet, but it looks cool)

Online Identity Providers

The Pamela Provider – based on the Higgins STS

Human Present – Kim Cameron’s identity provider

Wag – the Bandit Project Reference Implementation of the Higgins STS

Information Card Enabled Internet Sites

Kim’s blog: use a self-issued card to create an account and then use it to authenticate and post comments.

Chuck’s Relying Party: for some reason this page isn’t loading at the time I’m writing this, but I think it’s still valid. I’ll keep you posted.

Ashish’s SP Demo: A java-based RP that serves the handy purpose of showing you the claims & token that were passed to the RP as part of the WS-* transaction. Instructions are here.

Opinity: I haven’t tried this yet but I will as soon as possible. My assumption is that this takes a self-issued card. The first non-MS-related site to offer information cards as part of a consumer offering, as far as I know.

Sxore: Sxore is an ultra-hip blogging tool. Check it out, you can use your infocard.

dotnet.org.za: A south african developers portal

CDATA Zone: Rob Richards’ blog

Hot Chicken!: use a managed card to login and view DEC chicken pics!


Date Created: June 18, 2006


17 Responses to “CardSpace: Quick Start”

  1. This is a great summary Pam. I need to upgrade the SP server to work with the July CTP. I’ll get right on it. :-)
    – Ashish.

  2. [...] Microsoft has recently released the .NET 3.0 Framework – July CTP. Pam has put together a great page that consolidates the various resources available to help with Cardspace. It inspired me to upgrade our test website to the July CTP. Here is the new URL: https://infocard.pingidentity.com/sp/login.jsp. [...]

  3. [...] Craig also has a recent post on Cardspace: A Sandbox to Play In: “Pamela Dingle, who always has the intestinal fortitude to ask the best darn questions at Catalyst (and other conferences), has posted a good “quick start” guide for anyone wanting to play around with Windows CardSpace. Via that post, I found this CardSpace “sandbox” site, which has some interesting pointers on it.” [...]

  4. k. Finally upgraded it to the July CTP. Give it a go when you get a chance. Here are the general instructions: http://itickr.com/index.php/?p=25

    And here is the new server url (please update your post accordingly):

    https://infocard.pingidentity.com/sp/login.jsp

    Pam says:   Ashish, I’ve updated the page to have the new link, and I’ve Added a link to your instruction page!

  5. [...] Pamela Dingle has written about the site here.  Her description of Cardspace is great, although I really do recommend following the installation instructions.  In fact, if you don’t follow them you will likely have problems. [...]

  6. I believe it is essential that a Card can be copied from one PC to another. Is there a method and/or transport media you would recommend?

    Pam says:  Hi Allan!   You can export one or more cards from the Cardspace client and then import them into another client.   The output is a .crd file that is encrypted and password-protected.  Once the card(s) is/are exported, you can throw that .crd file into email or onto a USB key for other Windows PCs, but I’m not sure how that exactly works for a mobile device such as a cell phone.  I’ll see what I can find out…

  7. Thanks for putting it in simple terms for me!

  8. i believe that the out put is crd file as well for a cell fone.

  9. [...] By David Evans on Jan 8th, 2007 Adventures of an Eternal Optimist has a good introduction to the Cardspace Identity System. [...]

  10. The information I found here was rather helpful. Thank you for this.

  11. Thanks for the summary and putting it into easy and understandable language

  12. This is the best summary I could find, helped greatly Thanks!

  13. Thank you for putting this into simple terms and making this alot more understandable to the un-tech-i-fied mind!

  14. [...] Mike Jones from Microsoft has some great Cardspace/InfoCard resources on his blog. If you are interested in this area, you should definitely check this out. You should also check out Pamela Dingle’s introduction to Cardspace. [...]

  15. [...] dostępne jest na windows XP Vista, jest też selector na Linux FreeBSD, Mac OS X. Komponent dla przeglądarki jest w IE i FF (w obu działa poprawnie, sprawdzone). Tak więc [...]

  16. Just did a post at http://drstarcat on my first experience with Cardspace: http://drstarcat.com/archives/30

  17. Its great. Everything under one roof.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: