Personal and Managed InfoCards

In recent posts, there was the discussion of the different types of InfoCards that CardSpace provides. There have been some questions that I have been receiving in regards to this, so I thought I would provide some clearer answers.

There are two types of InfoCards that CardSpace currently supports. Although there are some differences between the two, the main thing to keep in mind is that both cards contain the relevant metadata to obtain security tokens that can get the encrypted information that is required. Meaning, both types of InfoCards know the correct location to point to.

The first of the InfoCards that we should look at are Personal cards. Personal cards, as the name implies, are those issued by yourself, by your person. They are cards that are self-issued, so the maintenance of these InfoCards is up to the owning user that initially self-issued the card to themselves. Whereas with the second card that we will discuss shortly, Managed Cards, there is no external identity provider. Rather, the user is the identity provider and is responsible for the creation of the card. The InfoCard and its associated metadata are stored on the user machine. A personal InfoCard will also have a finite amount of claims associated with it, usually nothing very robust. This is the most typical type of InfoCard in environments with loose website registration, such as ones that you are used to normally filling out registration forms for where there is no account provisioning architecture that would normally take care of this task.

Managed cards are a little different that personal cards. Managed cards are given by a third party and then installed into the CardSpace UI. These cards are transferred to the user with a signed file with the .CRD extension from the identity provider. Whereas with Personal InfoCards the amount of claims that was located within then was not very robust, the amount of claims with managed cards is only really up to the identity providers imagination, so can contain a large amount of claims. Personal information with managed cards is stored with the identity provider. These types of InfoCards are generally used with high-risk environments such as banks, shipping, and misc. large commercial web applications.

I hope that gives you a better idea on the two types of InfoCards that you will experience. Except more posts on CardSpace, because it ROCKS!