I just went into my junk mail folder for the first time in a long time and saw that many of it's 1107 items were from people who have been trying to reach me through my i-names or even through regular email. The i-names are working fine, but my corporate spam filter likes some messages and doesn't like others – for reasons that are completely beyond me. Here's an example:

Hi Kim,

We have never met, I hope you don't mind the intrusion.

I am fascinated with the InfoCard concept, the Laws of Identity, and the simplicity and similarity the InfoCard solution has with todays plastic card solutions.

( These I keep in my wallet, which I guard with my life. And like most of us, I am totally paranoid that I might somehow loose my wallet and be forever lost.)

I believe everyone will be able to easily and quickly adopt this solution for the future virtual interactions in cyberspace.

In many discussions with others promoting the InfoCard way, one question keeps coming up that I haven't been able to easially answer.

“Where should I keep my InfoCards.” USB drive, not a good idea. My laptop, but what if I'm at my desk? How about a smartcard I keep in my wallet, to add to the paranoia. Or maybe its time to have that chip installed in my forehead.:)

If you would be so kind to share your thoughts, or simply direct me to an article discussing this question.

Regardless, I am very excited about the InfoCard future, and continue to follow your progress.

Thank you.


Mark Munro

What in this email looks like spam? The use of the word “wallet”?

I don't know what to say. First, I apologize to everyone who has written to me and seen their mail go into the void. I will go through all these messages – but it may take me a while! And I'll start reading my spam folder, I promise…

Now, to answer Mark's question. InfoCards don't actually contain any personal information. They are just pointers to the place where that information is held. In this sense, they are quite different from a wallet. That's one of the reasons I don't think “digital wallet” is necessarily the right word for this.

Suppose you had an InfoCard issued by a credit card company – let's use the example of Visa. Visa (or some clearing house) would operate a service on the Internet, and your InfoCard would contain a description of what the Visa card looks like, how to connect to Visa's internet service, which bank puts out the credit card, and so on.

When you decide to submit the Visa card, what really happens is that your InfoCard Selector goes out to Visa's internet service and gets a “software token” (meaning a set of claims about you – in this case perhaps a one-time credit card number) and sends it to the company you want to purchase from. The set of claims is typically encrypted, so nothing running on your PC can get at the secrets it contains. In this example, the credit card number is never exposed on your PC.

The question now becomes one of how your system proves who you are to Visa's internet service.

This could be done by using a cryptographic key stored on your machine and unlocked with a PIN. Or it could prompt you to put a USB device into the PC (which would keeps your cryptographic keys isolated from the PC). And there are a number of other methods that could be used. One vendor has even showed use of a fingerprint to release the secret.

One of the advantages of InfoCards is that you get to choose from this rich palette of methods – and identity providers can make this palette as extensive as they want. Axalto, GemPlus and other innovators have even demonstrated complete security token services that run on “smart dongles”… And we can imagine having the whole infocard selection itself stored on such a next-generation smart device – a dongle, phone or mp3 player.

In the first release of Microsoft's version of the Identity Selector, you can export your cards – in protected form – and move them from PC to PC by “sneaker net” – namely on a USB drive, a floppy, or even in an email. This makes it easy to take your cards from home to work or visa versa.

The first release also supports use of dongles and smart cards when people and identity providers choose to use them. We will work to evolve this to allow storage and roaming of your entire InfoCard collection on such devices as well.

Gosh. I just took another look at the junk mail folder and I see a note from Johannes Ernst. Hope this hasn't ruined a beautiful friendship…

I'm afraid to look further down in the list of unopened items. But I will.

Published by

Kim Cameron

Work on identity.

Comments are closed.