Windows CardSpace, Solving The Identity Crisis

Last week saw another meeting of the Gold Coast .NET User Group and was presented on Windows CardSpace by Daniel Bartholomew.

Windows CardSpace is the Microsoft implementation of the Identity Metasystem, a standards compliant platform agnostic system which hopes to solve the identity crisis. CardSpace is referred to as an identity selector, which is client software which helps create, manage and share personal information in a secure and trusted manner. Since the Identity Metasystem is platform agnostic and built upon WS-*, identity selectors already exist for Linux and OS X.

After you install Windows CardSpace, the user is then able to create Self Issued cards. A self issued card is not unlike a normal business card in that a user tells everyone who they are and they don’t have a choice but to take the users word for it. CardSpace allows a user to create many different digital business cards for themselves, with varying levels of personal information attached to them which may even represent numerous online identities or persona’s. To help solve the ‘you really are who you say you are’ problem that government agencies and financial institutions have been grappling with for the last few years, the Identity Metasystem also provides for Managed Cards. A Managed Card is created by someone who would typically has previously verified the identity of an individual, such that after receiving their managed card – the institution can assert that User A really is User A and is not simply someone posing as User A.

When using an online service, the web site developer can choose to support Windows CardSpace as an authentication mechanism. Once the identity selector is invoked on the client, the user has an opportunity to securely choose which identity to provide to the web site, such that the level of information provided matches the importance or significance of the service. An important point at this point is that if the user provides the same card to many web sites, each web site receives a unique version of that information – such that multiple web services cannot collude.

Daniel presented on an ASP.NET AJAX Control Toolkit extender for CardSpace, which gives the developer the ability to integrate Windows CardSpace into an existing site with relative ease and good flexibility on the user interface. Daniel happens to be a DotNetNuke junkie as well, the examples that he provided on the night highlighted the existing product integration point quite well. It isn’t all smooth sailing though, Daniel did point out that the developer still needs to do a little work – however the majority of the complex stuff has been taken care of.

Watching the Identity Metasystem mature over the next year or so is going to be quite exciting. Even since listening to Daniel present a week ago, questions I posed to him regarding how CardSpace and OpenID fit together are being answered already with implementations in the wings. If the online identity management scene makes your ears perk up, you can find a whole swag of information at Kim Cameron’s Identity Blog.