I was talking to a co-worker today after a code review, whom is going through my code currently for the CardSpace authentication provider pieces. We talked a little bit about some things that he had found, and about our general CardSpace experience. Mostly, we talked about the inefficiencies / bottlenecks of some of the stuff I had written (object disposal drives me nuts!).
What I was interested in was why there was so much industry push-back on CardSpace. He made a very good point. The threshold of entry for organizations just starting with SharePoint implementations is exceptionally high. Introducing a concept like CardSpace would most likely be daunting to them. The way that we authenticate to most web application right now is so throw-back. Things really haven’t changed for such a long time, and the paradigm had to eventually shift.
However, in this situation I think that the benefits outweigh the initial cost and hesitation that CardSpace provokes in suits. Beyond the level of it being much more secure on several levels from storing of credentials to while they are in transit, it is so easy for users to use. Nothing is more annoying to me than having to remember 50 user names and passwords, CardSpace makes it easy for my SharePoint userbase.
I will admit, the SDK as it sits leaves something to be desired. However I would imagine that will get ramped up as the technology itself ramps up. There is also an extreme lack of community involvement at this stage, however I would imagine that will change as well. I will be excited when I first visit an external MOSS implementation using FBA and I see the option to submit an InfoCard.