Introduction to .NET Framework 3.0/Windows Cardspace

Microsoft Cardspace (codenamed: Info Card) is a part of Microsoft's new initiative to construct an identity metasystem where different identities shall be stored and authentication provided by a single system.

Digital Identity
People have multiple identities. For an immigration officer at an airport, a person is identified as a citizen of some country while to a traffic policeman who catches him for overspeed, he is a driver from a particular locality. In a similar way, a person on the net might want to purchase grocies from a grocer, book air tickets for a holiday and order a pizza from the nearest pizza shop through the computer. Hence a digital identity is needed to identify him and this may vary depending upon the vendor

This could be realized through a large-scale system of computers or a metasystem. No single system can issue identities or permissions especially when multiple businesses and multiple transactions are involved. This issue is tackled with by the use of a metasystem wherein each organization issues its own card or passport for the user.

By the use of standards as WS-Security, WS-Trust, WS-MetadataExchange, and WS-SecurityPolicy, it will be possible for the identity metasystem to work with multiple identities issue by different organizations.

Identities are usually assigned based on security tokens which consists of a set of claims. Each claim is a component which identifies the user such as username, address, telephone number,etc. which are unique to that particular user. The set of claims required to authenticate an user might vary from site to site and with this set of claims, the digital identity. These security tokens could be created using Security Assertion Markup Language (SAML), a new standard created by the industry group OASIS.

Digital Identities and Windows Cardspace
Windows Cardspace implements the system of digital identity in Microsoft's identity metasystem effort by offering the user a system of cards from which the user might be able to select for authentication to different websites. Each of these cards is provided by an identity provider. These cards are authenticated by relying parties representing that particular business establishment.

Internal Working
As seen earlier, Windows Cardspace uses a system of cards to authenticate an user. When a new card is created, it gets stored as a .CRD file. The .crd file is composed of metadata. It contains the card name, card image details and STS details. The URL of the location where user information is located is actually specified in the STS section. So, the card simply contains the address or location of the file which contains user information and not the information itself.