CardSpace and Smart Cards

Over the next few days I will write about some of the Information Card ideas and products I saw at the Burton Group's Catalyst Conference.  The Interopathon demonstrated a whole slew of identity provider, identity selector and relying party products written by all kinds of competitors and collaborators.  Pretty much all the big software companies were involved, as were a some smart identity industry startups.  The next day, the party continued in the Microsoft hospitality suite – and probably other suites as well.

One of my favorite demonstrations was put together by Gemalto, one of the world's largest manufacturers of smart cards, cell phone SIMS and dongles.  They collaborated closely with the CardSpace team on a prototype of CardSpace in which Information Cards and the associated metadata and secret keys are all kept on a smartcard or dongle.

Here's the user experience:

You arrive at a machine, and insert your smart card. 

CardSpace asks for a password, and when you enter it, you see your CardSpace cards as usual – except they marterialize from the smart card.  The system supports both self-issued and managed cards. 

Then, when you remove your smart card, all the CardSpace cards go away.

In other words, the system completely solves the roaming and “kiosk” problem.  You take your Information Cards with you, and use them wherever you go.  A single smart card can transport a whole set of unrelated cards – the “Fist full of dongles” problem is solved.

The Gemalto folks have a demo that makes the ideas completely clear here.   Much of the work was done by Kapil – great guy  and I have my fingers crossed that he'll start blogging again.

Published by

Kim Cameron

Work on identity.

2 thoughts on “CardSpace and Smart Cards”

  1. Kim,

    These developments are terrific and very timely. It will be interesting to see how easy it is to retrofit Infocards with the existing installed bases of multi-function smartcards (e.g. 6M ID cards in Hong Kong, some millions of FIPS 201 cards in US Govt, 50M health cards in France, another 80M soon in Germany …) and with the more locked-down banking EMV smartcards (esp the 110M in the UK).

    Question: How easy is it now for apps to generate digital signatures associated with Infocards-on-smartcards, where the private key is controlled wholly inside the chip?

    Cheers,

    Steve Wilson
    Lockstep Group
    http://www.lockstep.com.au

  2. Hi Kim,
    I've read your entry on CardSpace and smart cards and seen the video you linked, but it's not clear to me how can I create a smart card as depicted in the video.
    I've have a smart card with which I can perform a Windows login on my XP Professional machine within my company Windows Active directory domain. So when I'm at the Windows login stage my PC gives me both the ALT-CTRL-DEL alternative as well as the possibility to use the smart card and its associated PIN.
    If I start CardSpace it seems completely unaware of the presence of a smart card reader, as weel as of the insertion of a smart card.
    Could you please provide us specific instructions (o reference where to find them) on how to create a smart card usable with CardSpace? Additionally, Windows Vista doesn't, at least on my laptop, react to the presence of a smart card at the Windows login stage. is there some specific settings in Vista?
    Thanks in advance, cheers

    Domenico Rotondi
    TXT e-solutions Spa

Comments are closed.