In short: I discuss a new feature, introduced by the .NET framework 3.5 and by a (future) update of IE, which enables the use of CardSpace also on websites on normal http (as opposed to https). Back in January I was asking Caleb (SDET on the CardSpace team and most excellent buddy author) when he would have started blogging. It took 9 months, but it eventually worked ! Not only he is going to blog, but he got the entire team to do it... if I were you I would subscribe the feed this instant! (being me, I can actually take a 10 mins walk and go bug the guys directly in their lairs). In the first technical post Ruchi presents a very important innovation, introduced with the .NET framework 3.5: the capability of using CardSpace also with websites without SSL. She goes into the detail of system requirements, how the new functionality can be leveraged and how things like PPID generation and transmission of the RP identity in the RST are affected by the new regimen. I won't repeat those details here: I invite you to read that post and consider it the main reference on the subject. Here I'll just highlight few points, largely derived from the QA sessions we had internally when the new feature was first discussed. This change opens up the advantages of using CardSpace to a significantly wider range of scenarios I know what you're thinking, or at least what many of you are thinking. A cert comes down for just few bucks, come on! Actually, the cert in itself is rarely the problem. The fact Read More...