{"id":661,"date":"2007-01-22T08:59:14","date_gmt":"2007-01-22T16:59:14","guid":{"rendered":"\/?p=661"},"modified":"2007-01-22T09:05:05","modified_gmt":"2007-01-22T17:05:05","slug":"drummond-reed-on-cardspace-and-openid","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=661","title":{"rendered":"Drummond Reed on CardSpace and OpenID"},"content":{"rendered":"<p>Amongst other things, Drummond is CTO of <a href=\"http:\/\/www.cordance.net\" class=\"broken_link\">Cordance<\/a>&nbsp;and co-chair of the OASIS XRI and XDI Technical Committees.&nbsp; He&#39;s playing an important role in getting new identity ideas into the Internet Service Provider world.&nbsp; <a href=\"http:\/\/www.equalsdrummond.name\/?p=95\">Here he responds<\/a>&nbsp;to my first convergence post:<\/p>\n<blockquote><p>Earlier this month Kim Cameron starting blogging about <a href=\"\/?p=649\">some of the phishing concerns he\u00e2\u20ac\u2122s had about OpenID<\/a> that he and Mike Jones have shared with myself and other members of the <a href=\"http:\/\/www.openid.net\/\">OpenID<\/a> community privately since Digital ID World last September. Given that anti-phishing protection is one of the greatest strengths of <a href=\"http:\/\/en.wikipedia.org\/wiki\/CardSpace\">CardSpace<\/a>, one of Kim\u00e2\u20ac\u2122s and Mike\u00e2\u20ac\u2122s suggestions has been for OpenID providers to start accepting CardSpace cards for customer authentication.<\/p>\n<p>Today Kim <a href=\"\/?p=659\">blogged his proposed solution for integrating OpenID and InfoCard in detail<\/a>. He does a wonderful job of it, making it very clear how using CardSpace and OpenID together can be a win\/win for both. With Windows Vista shipping to consumers at the end of the month, and the CardSpace upgrade now available to XP users, this is a very practical solution to increasing OpenID security that I expect all <a href=\"http:\/\/www.inames.net\/register.html\" class=\"broken_link\">XDI.org-accredited i-brokers<\/a> (who all provide OpenID authentication service for <a href=\"http:\/\/www.inames.net\/\">i-name<\/a> holders) to implement as soon as they can.<\/p>\n<p>Kim closes his post by saying, \u00e2\u20ac\u0153That said, I have another proposal [for integrating OpenID and CardSpace] as well.\u00e2\u20ac\u009d That\u00e2\u20ac\u2122s good, and I await it eagerly, because I too believe the integration can go much deeper, just as it can for <a href=\"http:\/\/www.equalsdrummond.name\/?p=94\">OpenID and SAML<\/a>. The heart of it is individuals and organizations being able to assert their own resolvable, privacy-protected digital identifiers. That\u00e2\u20ac\u2122s the foundation of the OpenID framework, and the job for which we\u00e2\u20ac\u2122ve been designing <a href=\"http:\/\/en.wikipedia.org\/wiki\/XRI\">XRI i-names and i-numbers<\/a> for the past five years. Microsoft\u00e2\u20ac\u2122s current default CardSpace schema does not yet natively support XRIs as digital identifiers, but adding them could increase their power and utility and be another big step towards convergence on a unified Internet identity layer.<\/p><\/blockquote>\n<p>I&#39;m going&nbsp;to clone myself so I can find more time to write up my second proposal.&nbsp; Meanwhile, just a small clarification.&nbsp; Drummond&nbsp;talks about&nbsp;the &#8220;default CardSpace schema&#8221;.&nbsp; He&#39;s really talking about the &#8220;default Self-Issued Card schema.&#8221;&nbsp;<\/p>\n<p>CardSpace itself handles tokens of any type, containing claims of any type.&nbsp;&nbsp;There are no limitations on your&nbsp;schema&nbsp;if you create a managed card.&nbsp; I&#39;ll&nbsp;make that clearer in my next post.&nbsp;<\/p>\n<p>Further,&nbsp;we tried to keep the&nbsp;&#8220;bootstrap&#8221; Self-Issued Card provider&nbsp;down to a minimal set of&nbsp;initial schema choices &#8211; precisely to leave room for a managed card ecology.&nbsp; But one of those initial claims is a URL&#8230;&nbsp;&nbsp;I thought an i-name&nbsp;or i-numbers would be able to go there.&nbsp; Is more needed?<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Drummond agrees that &#8220;using CardSpace and OpenID together can be a win\/win for both&#8230;&#8221;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[16,10,8,15,23],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/661"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=661"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/661\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}