Playing with CardSpace Geneva Beta
There are two interesting new selector features to play with in the CardSpace Geneva beta. The first is the idea of the card tile, where (as I understand it, no guarantees of accuracy here) the browser interacts with the selector to discover, cache, and display the image of the last card you have used at a given RP as part of the context of the Relying Party page (rather than as a separate context). The Relying Party never sees or can access the image of your card. This mashup-like user interface is meant to be personalized and more inviting to users.
The second new feature is the “always use this card at this site” checkbox. If you check this box while authenticating with a card, you will subsequently see your card tile, but after clicking that card tile, the rest of the process happens without further interaction. Web site operators can veto this convenience if they wish, by adding a new parameter called ‘requireUserInteraction’ to the information card trigger object and setting the value to true.
I think the always use feature really works well in combination with card tiles, as the user retains context without having to push more buttons. I don’t know how to non-destructively change my mind about always using a given card at a particular site though. I tried restarting the browser, restarting the machine, and clearing “private” data from the browser without effect. I tried going to the control panel and opening CardSpace directly, but nothing there helps. Short of deleting & reinstalling the card, one click of that checkbox and I become permanently committed to a silent transaction with the Federated Identity demo website forever more. I’m sure this lack of choice is temporary (after all this is a beta) – but if possible, I would love to see more on the CardSpace blog about the planned persistence model for this feature, and about what the plans are for letting people manipulate it or even disable it.
When I first heard of card tile feature, I hated it. Now that I see it in use, I understand the value proposition, but I still have to point out that this little picture represents a critical piece of user context information. I can’t help but think that to allow the card tile image to be manipulated by the browser is to eventually serve it to the bad guys on a platter. I hope I’ll be proven wrong.
- Visually, I worry that the card tile feature lacks a strong enough branding consistency for people to easily identify where on a given page the information card trigger form is — if, for example, I happen to use a card which blends into the page, it might be confusing. Even with the example site, it isn’t immediately obvious that the picture placed front and center is also intended to be a control.
- Along that same line, I wonder how much control the web designer has over the size, style, and placement of the card tile. Is there a standard form factor or is the sky the limit?
- I hope that a card provider could also have the power to disallow the “always use” feature for certain types of cards.
- Will there be some kind of maximum limit to how long that little checkbox lasts?
- Currently the beta card service and RP service appear to be a closed circle – I’m very excited to see the beta get to the point where I can start to play with these features using my own code base.
Check out the blog entry from the CardSpace Team: http://blogs.msdn.com/card/archive/2008/11/18/the-cardspace-geneva-selection-experience.aspx Mike Jones also blogged on this: http://self-issued.info/?p=94
- If you play with this beta, remember YOU NEED TO GET THE CARD FIRST, as it is a managed card, and self-issued cards aren’t part of the beta yet.
- If you aren’t seeing the card tile, check Mike’s blog entry above for a link that explicitly asks for that feature.
- When you click on the card link to import the card, nothing happens; the card installs, but the selector doesn’t open or even give you a popup. I’m not sure if this is by design, or if the acknowledgement of successful install just hasn’t been put in yet — but I hope it is the latter, because without some kind of feedback, people like me assume that it either didn’t work or that it is still running and that I therefore have to wait. I only discovered that my work was done when I clicked the link a second time & was asked if I really wanted to install a dupe.