Microsoft offers personal digital ID cards

gallery

5.RP grants you access

Cards issued to you

1.You connect to a site, application or service - Relying Party (RP) - that supports InfoCard

2.RP sends back a list of information it needs.

3.You select which of your InfoCards you want to use for this site.

4.InfoCard connects to the Issuing Party (IP) to get the information requested by the RP

5.You are asked to authenticate yourself to the IP

6.WS-Trust (another industry standard) then requests a security token from the IP

7.Security token sent to you

8.Security token forwarded to the RP

9.RP grants access

Most of this is done behind the scene with the user having to simply connect to the RP, choose a card and then provide their authentication if this is an issued card. All of the communication is done over secure internet connections. You don't type anything other than your authentication code if required leaving little or nothing for the hacker to steal. What could be simpler?

This is where the whole InfoCard project shows its strength. The fact that you can create your own InfoCards rather than go through third parties allows you to create as many digital identities as you want. People are used to having different personas or identities when they access various internet systems and InfoCard does not change that approach.

InfoCard has another key advantage. When the RP sends back what information is needs, you get to see what data it is requesting and you can, if you wish, simply create an InfoCard for that particular service.

InfoCard and its role in IT policy

What will make InfoCard appeal to the IT community is that it actually delivers on a long awaited promise, federated security. It doesn't matter who issues the InfoCard or what operating system or software they use. The whole process is standards driven and vendor neutral. After years of false starts, this looks like it will deliver something that has eluded the IT industry so far.

So what is Microsoft adding to InfoCard under its CardSpace banner?

Whenever the user is working with an InfoCard they will find themselves put into a separate desktop and using a very restricted account. You will not be able to move between your normal desktop and the CardSpace environment. This will make it exceptionally hard for hackers to try and screen grab or harvest passwords using keystroke logging software.

What you will have to do is upgrade to Internet Explorer 7, which automatically recognises InfoCard requests and this might just be a sticking point for many on Windows XP.

Alongside this is the need for developers to understand how to write systems that will accept InfoCards. Microsoft is currently pushing out a lot of information on its MSDN web site about how to do this. Ultimately, this might be the limiting factor in the adoption of InfoCard and CardSpace services. Developers don't like messing with authentication mechanisms and corporate IT departments get very nervous about the thought of weakening security.

For once, those concerns need to be overridden and pilot projects started. This really does have the ability to improve security and Microsoft is already talking to a number of online retailers about adding InfoCard support to their web sites.

Email to a friend

Print this page