Comments, Suggestions, Features and WHAT THE HECK WAS THAT!?
Hopefully, that got your attention.
We're starting to sketch out designs for the next version of CardSpace. I'm starting this thread and makin' it sticky so we can continue a dialog around new features.
Now, I realize that CardSpace ain't even out the door yet, but the planning is beginning. I can't promise anything, but I can tell you that I'll listen, and I'll bringeverythingto the team.
So,
What do you want to see in the Next Version of CardSpace?
Hi Chris - I read the post here. I'd just like to "second" the view that this would be very cool indeed and may have huge implications for user adoption. I think seamless user of your cards on different devices is important.
Most people i know never use the Outlook contacts export utility (they'd have no idea what to do) and it's one of the most popular programs in day to day use. I rarely met anyone who moved around with dig certs.
I have no great ideas on how this could be achieved securely, but if you had the ability to serialize a card and within it contain several pieces of "challenge data" you could arguably, in combination with some CardSpace Windows root cert common across OS's, challenge the user for the data and deserialize the card for them. This way it could be sent by email, flash drive or even published on the Internet (or at least some online CardSpace backup secure site).
This is cool stuff!
steven
http://stevenR2.com
I was considering doing some research on what it would take to create a system
for the easy transfer and safe public use of the CardSpace cards, using an existing and popular media like USB flash disks to take them with you. The ability to use these cards anywhere, and do it safely, is in my opinion necessary before CardSpace and similar technologies can become the Next Big Thing.
I would just like to throw in my vote that portability is very important for user adoption.
Some sites need to be accessed from anywhere and everywhere and the fact that this isn't in the first release may slow down adoption.
It's very cool and I'd like to use it but I'm guessing a lot of developers couldn't use it if users were unable to login without their exported card.
Thanks,
John
So.... roaming.
And a cupholder. Never enough cupholders. :D
Ok. Cool.
Thanks,
While CardSpace makes an attempt to solve the mess of managing an infinitely growing list of passwords, version 1 does not address the problem of storing credentials portably. It is incorrect to assume that people access the Internet from a single machine. In fact, more and more people have no primary Internet access machine at all. I'd like to see how CardSpace evolves into a technology for managing cards on secure devices, thus freeing up the user from a particular machine.
I run a community website that allows members to authenticate using their corporate smart cards. You register the certificate on your smart card once and then you can access the website from any machine with a smart card reader. No need to remember passwords. I'd like to see CardSpace offer similar capabilities.
Thanks,
Rushi
CardSpace doesn't assume that people access the internet from a single machine.
Admitedly, the roaming facility is pretty damn lame, but you certainly can export your cards, and use them from other machines.
Roaming is the absolute most-requested feature right now, and is of critical importance. We have many things in motion designed to address the roaming situation. Given the complexity of roaming and the necessity of shipping with Vista, CardSpace couldn't be delayed to add in the perfect roaming story. Frankly, this gives us the possibility to drive it around the block a few times before taking it out on the open road. :D
Hey Garrett,
I am not sure if this is fixed as of > RC1 and I have been meaning to mention this for sometime so I apologize for my tardiness.
Myself and my fellow team members are building identity management services around user-centric identities. We plan on accepting both OpenID and CardSpace.
We feel the user experience around the optional data in CardSpace is not the best and from our case arguably a bug. 1) We feel that optional data fields the relying party is requesting should always be visible just as the required fields already are. 2) The user should have at least two choices with optional data. Choose to send the data "this time only" or "always send it". Of course maximum flexibility would allow for x times or expire on this date or remind monthly, etc.
Following are the common user experiences that highlight this issue:
First time first Card
===============
) When the person first shows up at our site and chooses CardSpace, the UI pops up.
) They choose to add a new Personal card.
) The UI lists three areas. The Card Properties, "data that will be sent to this site", "data that will not be sent". This is the first problem. The user is not informed of the optional data we would like from them.
) Now they select that new card and press Send.
) It presents them with a message saying it is the first time and to review the information before they send it. Again, no where is the user informed of the optional data we would like to see.
) Now, if the user is curious or whatever and clicks the "Include optional data", then and only then do they finally see the optional fields we would like from them.
) At that point they can finally say, oh ya, I'd like to send that. If some of the fields are empty, then they have to go back and click the Edit button. Now, as long as they left the "include optional data" checked, they see which optional fields we are also requesting and can fill them in if they want.
) Once they save their edit, they can then press Send and the optional data is sent if they still want it to be by still having the "include optional data" is checked.
-
Next time with that previously sent card
==============================
) When the person again shows up at our site and chooses CardSpace, the UI pops up.
) They choose to use the Card they previously sent by clicking Send.
) The optional data is not sent to the site.
-
Next time with that previously sent card and the user is wondering about the optional data
============================================================
) When the person again shows up at our site and chooses CardSpace, the UI pops up.
) They choose to use the Card they previously sent by clicking Preview.
) The user is not informed of the optional data we would like nor is the "include optional data" checked.
) They check on "include optional data" and now they can see what we are optionally asking for. The user clicks Send and we now get the optional data.
I'd like to see more features that cater to rich client / software+ services scenarios, where the application is either a rich presentation of subscribed content or a composite service.
Ability to agree to send a card automatically, for a particular duration, when making initial selection.
Scenario: I subscribe to an online service (news, content, media), and that subscription payment has a set period, i.e. 52 weeks. If I approve to send a card to that site - without displaying the identity selector - for a specified duration.
The relying party should be able to suggest the period as part of the policy. For example, the relying party that is selling the subscription can suggest that the card be accepted for the 47 weeks prior to the token expiration. At that point the Identity Selector would display. The benefit for both parties is that it would be a visual queue that the subscription was expiring.
I would also like to see the ability to specify (at the client) that I agree to send a card to all endpoints from an issuer, that prescribe to the same privacy policy.
Today, if I write a rich client application for Fabrikam and that application exposes two services that request the same claims and have the same policy, the identity selector is displayed twice. I'd like the ability to be able to say - "For all services from Fabrikam that have the same policy, please automatically send my card."
I have (for what ever reason, I don't know) downloaded .net Framework 2.0, and I just do not need it taking up space on my harddrive. I went to add/remove and clicked to remove it from my computer and a window popped up that said that if I removed .net framework...my computer might not run right. I got scared and didn't remove it. Do you or someone you know, or know of some place where I can go for information that I might be able to rid my computer of this .net mess. Any help will be greatly appreciated. Thanks, Johnnywayne
Johnnywayne-> you can remove it, but .net 2.0 and 3.0 apps won't run without .net 2.0. It won't break anything that doesn't need .net 2.0. Why bother removing it when it's not doing harm?
Noremac
We've discovered similar things in our usability testing. I'll make sure your comments make it to the design team.
Thanks for your reply.
When I run my Norton WinDoctor to clean up my files, it will always find 10 problems (missing program files).
All are: C:\Windows\Microsoft.Net\Framework\V2.0.50727\ " " ".
All 10 problems say; cannot access a necessay file, "msvcr80.dll."
I might add that Norton cannot fix these files, and I did not have them before I downloaded Microsoft net.framework
If you feel that this missing fiIe (msvcr80.dll), and these problems that Norton identifies still do not pose a real threat, and are
not harmful to my computer....then I will take your advise and leave them where they are. Would you please respond again?
Thanks. John
PS: I have not downloaded 3.0 yet.
At the moment managed card can only be imported from filesystem. It would be great to be able to receive cards from a trusted website as a download.
A tool to create a inforcard from a certificate so that I could wrap a card around my oces certificate. It might not count as a read infocard, but it would make things more easy to use.
Finally it would be great to be able to enter a "Cardspace debug mode", so that one can debugstep through a tokenservice while it is issuing a token for the card to use. At the moment one has to cancel the request in order to use the debugger, because of the security feature that switches to an other desktop when issuing cards.
