|
Web site users face a set of common problems including determining the legitimacy
of sites. The traditional method for users to identify themselves to a Web site—password
authentication—has a number of well-known flaws.
Windows CardSpace is client software that enables users to provide their digital
identity to online services in a simple, secure, and trusted way.
Each card has some identity data associated with it—though this data is not actually
stored in the card—that has either been given to the user by an identity provider
such as bank, employer, or government, or created by the users themselves.
Information cards are virtual representations of a person's identity that are assured
by a particular party. Information cards are analogous to real-world identity cards
such as passports, driver's licenses, credit cards, and employee ID cards.
Information cards are managed on client computers by a software component called
an identity selector. An identity selector is a user interface (UI) that appears
when a user attempts to authenticate to a Web site that requests an information
card. The following figure shows Windows CardSpace—the Microsoft implementation
of an identity selector for Windows—in response to a demand for credentials by a
Web site.
Advantages of information cards:
- Information cards are more flexible than simple user names and passwords.
- Information cards employ strong cryptography, which makes their use more secure
than passwords.
- Information cards can potentially present any type of identity claim that makes
sense to all of the interacting parties and which users are willing to release.
|
