As I mentioned the CardSpace Geneva is an upgrade of the CardSpace that Microsoft had previously offered. The upgrade allows developers to take what was good and make it even better. Information cards are a big part of this new approach.
Each user is going to be represented by an information card in the system. Each time a user selects a card then a token will be requested from STS from the right identity provider. This connection is complex but possible. Each part of the card and the identity provider is linked by the STS on the information card.
To clarify, the information card is the same as an XML file. Each one is used to create a relationship for the identity provider. This will allow users to get tokens from the provider for those applications that are designed to accept the tokens.
The information card stores plenty of information and allows the right STS to be found from the right provider. That way the token is requested from the right provider as well. There aren’t any claims found on these cards as they are linked to the identity provider directly.
The reason that an information card exists is to makes sure the right information is stored to find the tokens. While it can sound confusing it is easier if you remember that tokens and information cards are two distinct items.
All of the different identities that a user is able to access will have an information card stored to access it. That information comes from the STS so there isn’t any type of confidential information actually on an information card. Passwords aren’t found on them either.
Through the Geneva Server, the information card can be placed on the machine of a user. This can happen through the use of any STS out there. It can be challenging though to get information for those that are using laptops rather than desktop computers. Being able to have the same digital identity for both of them is important.
CardSpace Geneva allows this to be accomplished through the card export feature. With it in place, the information cards can be copied for an external storage on a USB key. Then they can be placed into a laptop so that the security tokens will be accessed the same as they would be for a desktop computer.
The risk of hackers getting access to that information is reduced due to the encryption process. If someone was to lose their USB key or it is stolen then there is no way someone with it can use it to their own benefit.
Another idea that Microsoft is considering involves users being able to store their information card on a server that is internet accessible. This would definitely make the process of sharing identities from one computer to another easier. For many people that use them at home, work, and on the go it will be a huge benefit.
Of course there will be times when the access a user has through CardSpace Geneva will need to be terminated. The identity provider can be notified to stop issuing security tokens for that card. This will be a very simple process to get into motion. Yet it can be harder to do the same with an information card.
The idea of assigning a PIN that has to be entered when the information card is used may be useful. Then someone can’t get into information if their access has been terminated. It also prevents someone from accessing data should they break into a business or home where a computer is or steal a laptop.
It is important for users to understand when a site is able to accept information from cards to log in. There can be an icon offered that will let someone know card based logins are accepted there. The Information Card Foundation is doing all they can to help make this type of technology user friendly. They have board members from a variety of top entities out there including Google, Microsoft, Paypal, and more. They are also working in conjunction with the Liberty Alliance to help ensure the use of claim based identities can work in the world of business as we know it.
Next Section >> Windows Identity Foundation