Man, I hate these clichÃ© technology terms. Anyways, at one of my clients we are using CardSpace with SharePoint, and it is working great, users really love it as the whole experience for both internal and external use is the same. Best of all we were able to eliminate the dual authentication prompts with office clients dropping the login token when invoked from SharePoint with the CardSpace OM. We use a common WebPart library that exposes the required common CardSpace API calls to build out something that we call “IdentityPoint” which manages all the InfoCards within the enterprise. All in all it is very neat, very manageable, and very cool. I spent a lot of time on it.
Then I was in a meeting today, and one of my co-workers was talking about how we were identity 2.0 cutting edge, compliant, or some other phrase that made no sense. I reached over the table and I punched him. Well, ok, I didn’t punch him, but we had a verbal argument.
Identity 2.0, as coined by Dick Hardt (which really isn’t that clever of a term when you think about it), people feel is the principal enabler for Web 2.0 implementation. Reason being, Web 2.0 will highly integrate the concept of people / identities, and therefore an identity metasystem is a pivotal concept to take into consideration with Web 2.0. This I can agree with.
CardSpace alone can’t build an identity metasystem, that’s not how it works. CardSpace provides an interface into an open standards identity architecture, agnostic towards vendor or protocol (that is why we are using WS* standards). CardSpace is central to identity metasystem realization because the reach of the Windows OS is massive, and being native with the packaging of CardSpace within Vista (and most of your SharePoint users being on IE anyways), it is something that should generally be embraced. An identity metasystem, on the other hand, is the collaboration of a huge amount of parties to subscribe to this theme. It is an Amish barn building process, whereby everyone that chooses to subscribe to this concept participates in putting up the necessary segments that lead to the final product. Once the final barn is finished, then we can add new horses to it to move things around, move horses back and forth, or remove horses as we see fit.
I think that metaphor sucked but it was the only thing that I could think of that fit.
I was talking to a co-worker today after a code review, whom is going through my code currently for the CardSpace authentication provider pieces. We talked a little bit about some things that he had found, and about our general CardSpace experience. Mostly, we talked about the inefficiencies / bottlenecks of some of the stuff I had written (object disposal drives me nuts!).
What I was interested in was why there was so much industry push-back on CardSpace. He made a very good point. The threshold of entry for organizations just starting with SharePoint implementations is exceptionally high. Introducing a concept like CardSpace would most likely be daunting to them. The way that we authenticate to most web application right now is so throw-back. Things really haven’t changed for such a long time, and the paradigm had to eventually shift.
However, in this situation I think that the benefits outweigh the initial cost and hesitation that CardSpace provokes in suits. Beyond the level of it being much more secure on several levels from storing of credentials to while they are in transit, it is so easy for users to use. Nothing is more annoying to me than having to remember 50 user names and passwords, CardSpace makes it easy for my SharePoint userbase.
I will admit, the SDK as it sits leaves something to be desired. However I would imagine that will get ramped up as the technology itself ramps up. There is also an extreme lack of community involvement at this stage, however I would imagine that will change as well. I will be excited when I first visit an external MOSS implementation using FBA and I see the option to submit an InfoCard.
Actually, it didn’t really freeze it. The reason for what I call “insane modal mode” :-) is on purpose for security reasons. When you start the CardSpace UI (icardagt.exe), it is actually invoking a private desktop, so is completely separate from your actual desktop.
It is pretty heavy on not letting you do anything. Watch your clock on the background, it won’t even move. What you are looking at in the background is actually just a bitmap capture of what your background used to look like when the CardSpace UI was invoked.
The security concept that we want to eliminate is allowing users to emulate the CardSpace UI in order to steal personal information, using this private desktop concept, it makes it much more difficult to achieve that.