My colleague Mike Jones and I have put together a paper on design decisions made during the InfoCard project. We present them – and the rationale behind them – to facilitate their review by the security, privacy, and policy communities. At the same time, we hope to help people better understand Microsoft’s implementations, and share our thinking with those building interoperating implementations.
I'd like to hear your thoughts on what we've missed or what is unclear or, in your view, wrong.
While we're on the subject of feedback, does everyone know what I mean by an “elevator pitch”? (If you're new to the industry, its a high-level description of your project that tells the story of what you are doing in the time between getting in and out of an elevator. And I'm not talking about a New York skyscraper.)
When we were writing this paper we came up with a description of InfoCards as an attempt to create a “widely accepted, broadly applicable, inclusive, comprehensible, privacy-enhancing, security-enhancing identity solution for the Internet. ”
Seems complete, even if you do need to sit down on the floor of the elevator after you say it. Any comments?