Anyone with a modicum of experience on the web knows the repeated trial of registering their identity with individual organizations’ websites in order to gain access to services, and would not even ask why a common web identity would be valuable.
The trouble is that, in their real lives, everyone has a number of identities, individually related to different work roles within their own organization, via collaborative ventures, and a range of personal activities and interests. Single sign-on systems long ago achieved automated presentation of the credentials relevant to a given website for a single logged-in identity, but would fail to represent multiple identities.
CardSpace – formerly referred to as InfoCard, but now renamed by Microsoft – allows Windows users to automatically pass credentials and personal information to websites when they log in. It was released in Vista, where it is deeply integrated with the operating system, but is also available as an add-on for Windows XP.
A user would commonly set up one or more ‘cards’ within CardSpace, with each instance representing a role that the user undertakes, in either the consumer realm or enterprise use. CardSpace software determines which sets of identity details held by the Windows user can match the policy requirements of the site or service being accessed, and provides a user interface with which the user can check the site is safe, and select which identity details and attributes they wish to share.
OpenID is intended to work as a web address that guarantees a user’s identity, which is provided by an identity provider that forms part of a decentralized network. Users can supply this web address when logging on to a site, whereupon the OpenID scheme checks and verifies that site, and supplies the user’s credentials as appropriate. It can be compared to Microsoft’s own aborted Passport scheme, which was intended to enable users to log into a range of websites with a single web identity, managed by Microsoft, except that Passport was run entirely by Microsoft (and therefore attracted considerable suspicion) – OpenID is decentralized, and also supports multiple identities.
OpenID is to some extent plucked from obscurity with the Microsoft announcement; unlike the parade of major names behind many a nascent initiative, its main participants are vendors Sxip, VeriSign, and JanRain – many of its current users are bloggers who value the mobility between the sites they visit, but it is not in wide use.
Microsoft was open in its announcement about the need to extend the current specification of OpenID, especially to address its current vulnerability to ‘phishing.’ Craig Mundie, Microsoft’s chief research and strategy officer, acclaimed the potential of the collaboration, and said that the company’s participation would enable OpenID to deal with its remaining security issues.
Content from our partners
The extent to which we are nowadays dealing with a different Microsoft mindset was evident from the company’s identity guru, Kim Cameron, who commented that, We need a pluralistic system that supports lots of different identity providers, lots of different technology providers…
Others connected with the venture indicated that potential developments could see OpenID providers use the Microsoft ‘cards’ to authenticate a new user applying for an OpenID identity, or CardSpace used to manage OpenID credentials via an integration within Vista.
Above all other issues, identity is no doubt the key to unlocking the value available from high-benefit, web-based services. Microsoft’s move to embrace a community-based, open initiative is therefore welcome, although we now hope to see the company continue to keep it as open, and also move to be inclusive of other open identity schemes.
Source: OpinionWire by Butler Group (www.butlergroup.com)
