Card Space with X509 Certificate

Well, it doesn't quite work that way.

Information Cards are representations of data that is assured by a particular party. In the real world the conventions for exchanging information are well known; people are trained to offer proof of their relationships with organizations by providing a card that the organization has issued and makes claims about the data. The data is exchanged with physical tokens (business cards, passports, drivers license) and by verbal tokens ("My name is Frank Lee, I work at Contoso."). Some cards are acceptable in some situations and not others. For example, the library only accepts library cards that are recognized by it for checking out books, where a shop would certainly not accept the same library card as a token of credit.

There are two types of Information Cards supported by CardSpace: Managed cards and Personal cards.

Managed cards are cards which an Identity Provider has given to the user, who has imported it into Identity Selector. Identity Providers declare the claims they support in their cards using URIs. Separate Identity Providers can collaborate on the URIs they use to declare their claims, or make up ones specifically for themselves.

Personal Cards are cards that the user is also acting as the Identity Provider, and the user provides all the values for the claims. CardSpace provides the facility for the user to create, edit, export and import Personal cards. The data for these cards is encrypted and stored on the user's computer. The claims that a personal card can support are fixed, so that Relying Parties can accept a common, consistent Information Card.

In order to use Managed Cards, one must authenticate with the Identity provider, and you can currently do that with one of four methods: a self-issued card, a smartcard, a Kerberos token, or a username and password. So, while you can associate a smartcard with a managed card, CardSpace itself doesn't provide functionality to use that to sign things--that is still a application issue.

g	Garrett Serack | Program Manager |Federated Identity Team | Microsoft Corporation blog:http://blogs.msdn.com/garretts

GarrettSerack-MSFT at 2007-10-7 >