Dave Kearn has been posting up a storm – a good storm – including his comment on Johannes Ernst‘s What is Microsoft InfoCard? He says:
The explanation is a good, if somewhat convoluted, one. But could be simplified.
InfoCard is simply Novell's old DigitalME decentralized (as Novell's personal directory intended it to be) and hopped up on Web Services SOA.
In many ways, it could also be described as Passport without the Big Brother implications of “Hailstorm“, hopped up on SOA.
The important thing to remember, I think, is that there's nothing new here except the joining together of the personal directory with the panoply of specs and protocols that make up Service Oriented Architectures. That's no small accomplishment, of course, especially for a company as vilified for it's security and privacy policies as Microsoft is.
It has certainly been my intention to invent as little as possible, so I thank Dave for pointing out my lack of a contribution in this regard.
Decentralization is certainly a big part of what is being proposed. The ablility to support multiple (and evolving) underlying security technologies is also a key property. So is the new approach to integrating the user into the experience and keeping it consistent across contexts and technologies. Finally the project employs various technologies which raise the bar on resisting phishing and pharming attacks.