CardSpace: Quick Start
Windows CardSpace is but a single example of Information Card technology, but it is the best-known. This summary is meant to detail the current state of Information Card Technology as it evolves over time. If you find that this summary is missing information, please comment and I will make sure to update it.
Last updated: 12 August 2008 6 January 2008 28 May 2007 4 April, 2007 27 January, 2007
Information Cards in a Nutshell
CardSpace is a software client that runs on Microsoft Windows, and which can participate as an Identity Selector within the framework of the Identity Metasystem, one of theoretically many different card systems that utilize Information Cards. CardSpace utilizes WS-* protocols to communicate claims between three parties: the Identity Provider (IdP), the Relying Party (RP), and the Identity Selector.
- A user requests access to a resource or begins a transaction that requires information card validation. This site (called the Relying Party because it wishes to rely upon information from another source) triggers an Identity Selector client to start on the user’s local desktop. Examples of this could be authentication to a web resource, or entering into a purchasing transaction where credit card information is requested. The Relying Party requests one or more units of information – each unit of information is called a “claim”.
- The Identity Selector client prompts the user to choose one of possibly many “information cards” that represent collections of claims owned/managed by any number of different Identity Providers, and that match the types of claims required by the Relying Party. Note that the information card itself is just a pointer to the data, it does not contain any data.
- Once the user selects a card, the Identity Selector client brokers the transfer of claim values between the chosen Identity Provider and the original Relying Party. If/when the Relying Party accepts the brokered claims, the transaction is considered successful and the Identity Selector closes.
Things to Remember
- Although CardSpace is just one implementation of one part of a 3-part system, many people say “CardSpace” and mean not just the client, but the whole process. This isn’t perfect usage but it gets the general point across. CardSpace has much more visibility than “the Identity Metasystem” as an understood term.
- The generic concept of information cards has many synonyms and abbreviations: i-cards, iCard, and infocard are some examples.
- CardSpace and Windows Card Services (WCS) are the same thing, and they both used to be known as “InfoCard”.
- The CardSpace client is installed as part of the “.NET Framework 3.x” subsystem (formerly WinFX).
- The original version of CardSpace was part of .NET Framework 3.0.
- There is a new version of CardSpace, included with .NET Framework 3.5.
- As of 11 Aug 2008, SP1 for .NET 3.5 is available.
- The CardSpace client can be triggered in two ways:
- From a browser.
- From a desktop application (ie a rich client)
- Could be a service built using Windows Communication Foundation (formerly Indigo).
- Could be a service built using Zermatt, which is currently in public beta
- The applet that starts CardSpace from the Control Panel used to be called “digital identities” but now it is called “Windows CardSpace”.
- Information cards can currently be of two types:
- Self-issued (now called Personal) Cards:
- Self-issued cards contain data that users may create and manage from within the identity selector.
- Self-issued cards may only contain a strict list of claims.
- Managed Cards:
- Managed cards contain data that is owned by an “authority” that is not the Identity Selector. Data about the user is managed at the Identity Provider, and the Identity Provider is responsible for the veracity of that data.
- Managed cards can contain any kind of claim.
- Self-issued (now called Personal) Cards:
- Some Identity Selectors also require a separate “Browser Add-on” in order to function – this browser add-on works to trigger standalone identity selectors, and to select which of possibly multiple identity selectors should open when you begin an information card transaction.
- This foundation has been formed as a focal point for users and developers – not a lot of content is there, but we are working on it.
- This is my list of technical and non-technical documentation on the subject of Information Cards.
- Kim came up with the concept of information cards and has evangelized them tirelessly ever since. His blog acts as an aggregator for the debate around information cards, CardSpace, user-centric identity, and identity in general. He’s Maven, Connector, and Salesman all in one package.
Ping Identity put this white paper together to describe & compare the major forces in User-centric identity. It is a good overview of the problem space.
CardSpace can be triggered from IE7 natively, and from Firefox using a browser extension (get it here).
- Windows CardSpace Sandbox
- This contains the list of what you need and where to get it for the purpose of authenticating to the handful of example sites on the web that take information cards (Check out the Information Card Enabled Internet Sites section below).
- Windows CardSpace Simple Demo
- This is a channel 9 video by Richard Turner which shows the Windows CardSpace client in use.
DigitalMe is part of Higgins, and packaged by the Bandit team at Novell. DigitalMe is open-source code that can theoretically be compiled for any platform, but is currently being supported in binary form for SUSE and Mac OSX. DigitalMe can be triggered from Firefox.
Azigo is an Adobe AIR based Identity Selector.
OpenInfocard/XMLDAP Firefox Identity Selector
The OpenInfocard Identity Selector is browser-based, installable as a Firefox browser extension.
Higgins Identity Selectors
There are two Higgins Identity Selectors:
- Higgins native client
- Higgins Java Identity Agent (AFAIK there is no simple link to this component)
Ian Brown’s Safari Selector
This is a browser-based Identity Selector plugin for Apple’s Safari Browser.
Check here for more information
Play with cards in a test environment:
Create and work with Managed Information Cards
Downloads of Relying Party Modules & Code
the Pamela Project: contains PHP code for WordPress, and is expanding to Joomla and MediaWiki in the near future. Also contains test blogs that you can authenticate to with information cards to test the technology.
OpenSSO Java Module: A snap-in module for information card authentication to OpenSSO and Sun Access Manager
Write your own Relying Party and/or Identity Provider code:
- NetFX3 Sample Code: not too much there yet, but this will eventually fill up
Enable your site to accept Information Cards:
- InfoCard Demo & Tutorial: code & instructions on how to set up your wordpress blog to accept infocards. This is what Kim Cameron has implemented on his site.
- How to configure IIS to Support CardSpace: a video by Richard Turner.
- CardSpace is supported on the Vista, XP, and W2K3 Windows platform.
- CardSpace v3.0 does not work on systems with a FAT32 root filesystem, only on NTFS (however CardSpace v3.5 does work on FAT32).
Windows/IE7 – CardSpace selector works by default for IE7, thanks to an ActiveX control called ‘infocardsigninhelper’
Windows/Firefox – CardSpace selector can be launched by Kevin Miller’s CardSpace Extension.
- – Chuck Mortimore’s Identity Selector Firefox Extension is java-based and works anywhere Firefox works.
- The Higgins Java Identity Agent is also java-based and works where firefox works, but I don’t have a download location yet.
Apple/Safari – Ian Brown’s Identity Selector Safari Extension is also java-based, and is closely related to Chuck’s selector.
Linux/Firefox – the Higgins native client is mostly running on OpenSUSE right now, but eventually there will be packages for all sorts of unix-based operating systems.
- OSIS is an open-source initiative to create an Identity Selector that runs on multiple platforms.
- The Information Card Foundation (ICF)
- A new OASIS Technical Committee is being formed – more information as it arrives
News & Announcements
Check Kim’s blog for things like who in the community is doing fun things with the identity metasystem.
Check the WCS Main Page for technical announcements such as new CTP releases.
Information Card Products
WS02 (haven’t played with this yet, but it looks cool)
Online Identity Providers
The Pamela Provider – based on the Higgins STS
Human Present – Kim Cameron’s identity provider
Wag – the Bandit Project Reference Implementation of the Higgins STS
Information Card Enabled Internet Sites
Kim’s blog: use a self-issued card to create an account and then use it to authenticate and post comments.
Chuck’s Relying Party: for some reason this page isn’t loading at the time I’m writing this, but I think it’s still valid. I’ll keep you posted.
Opinity: I haven’t tried this yet but I will as soon as possible. My assumption is that this takes a self-issued card. The first non-MS-related site to offer information cards as part of a consumer offering, as far as I know.
Sxore: Sxore is an ultra-hip blogging tool. Check it out, you can use your infocard.
dotnet.org.za: A south african developers portal
CDATA Zone: Rob Richards’ blog
Hot Chicken!: use a managed card to login and view DEC chicken pics!
Date Created: June 18, 2006