Introduction to Windows CardSpace

Windows CardSpace is client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector:  when a user needs to authenticate to a web site or a web service, CardSpace pops up a special security-hardened UI with a set of “information cards”  for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – that has either been given to the user by an identity provider such as their bank, employer or government or created by the user themselves. Having the user as an identity provider sounds a bit strange on first acquaintance – who would trust the user? –  but this is a very common scenario: this is what we do every time we register at a web site. The CardSpace UI enables users to create Personal cards (aka self-issued cards) and associate a limited set of identity data. When the user chooses a card, a signed and encrypted security token containing the required information (e.g. name and address, employer’s name and address, or credit limit) is generated by the idenitty provider that created the card. The user, in control at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the identity information is extracted.

CardSpace is an identity selector for Microsoft Windows. Other operating systems have their own identity selector implementations. The architecture upon which CardSpace has been built – consisting of subjects, identity providers and relying parties – is called “The Identity Metasystem”. This isn’t just a Microsoft initiative, but rather it is the shared vision of many across the industry as to how we can solve some of the fundamental identity challenges on the Internet today. The initial vision for the Metasystem was developed by Microsoft’s Identity Architect, Kim Cameron, and has been broadly adopted and championed by thought-leaders such as Doc Searls and Lawrence Lessig. To learn more about the Metasystem and the guiding principles behind it (“The Laws of Identity”), refer to the whitepapers on MSDN and Kim’s blog, www.identityblog.com.