{"id":702,"date":"2007-03-04T15:34:08","date_gmt":"2007-03-04T23:34:08","guid":{"rendered":"\/?p=702"},"modified":"2007-03-04T16:01:53","modified_gmt":"2007-03-05T00:01:53","slug":"identities-on-multiple-devices","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=702","title":{"rendered":"Identities on multiple devices"},"content":{"rendered":"<p><a href=\"\/?p=701\">As I said here<\/a>, I want also to look at a <a href=\"http:\/\/jkobielus.blogspot.com\/2007\/03\/rfi-user-centric-identity-and-what-eve.html\">second strange claim<\/a>&nbsp;by <a href=\"http:\/\/www.xmlgrrl.com\/blog\/\" class=\"broken_link\">Eve<\/a>:&nbsp;<\/p>\n<blockquote><p>On another issue, she noted that OpenID 1.0 has a vulnerability in that it leaves users&#8217; identities open to possible correlation by unauthorized third-parties.<\/p>\n<p>But that CardSpace has a vulnerability of an opposite but equally problematic nature. Given that each CardSpace is associated with a particular client device (i.e., a particular desktop, laptop, or mobile phone running Vista), and given the fact that each user might have multiple such devices, each with a multiplicity of cards running on them&#8230;that the more such devices, cardspaces, and i-cards multiply for a given user, the more difficult it will become for a particular user to correlate the various fragments of their identity across their own personal &#8220;space.&#8221;<\/p><\/blockquote>\n<p>This <strong>really<\/strong> strikes me as bizarre.&nbsp;&nbsp;Maybe Eve&nbsp;was asleep while the entire world learned to&nbsp;copy mp3s onto their music players and carry them around?&nbsp; Duh.&nbsp; We&nbsp;know how to move files from device to device.&nbsp; In fact there are probably many hundreds of millions of people who can do it&nbsp;better than&nbsp;either Eve or I can.<\/p>\n<p>The idea that&nbsp;this is&nbsp;the big vulerability of&nbsp;CardSpace boggles my mind.&nbsp; The whole criticism <em>&#8220;Does not compute.&#8221;<\/em><\/p>\n<p>Then again,&nbsp;I actually <em>use<\/em> Information Cards, and move them from device to device, so maybe that&#39;s why it&#39;s so clear to me how easy it is to do.&nbsp;<\/p>\n<p>Let me share the exact experience I have installing the Information Cards from my PC&#39;s CardSpace onto my mobile phone.<\/p>\n<p>&nbsp;<strong>Moving Information Cards from device to device<\/strong><\/p>\n<p>1)&nbsp; I open up CardSpace and select Back Up Cards.&nbsp; This will create a&nbsp;file containing my cards.&nbsp;&nbsp;I decide to call&nbsp;it &#8220;cardset&#8221;.<\/p>\n<p><img src=\"\/wp-content\/images\/2007\/03\/card-export-1.jpg\" \/><\/p>\n<p>2) I copy&nbsp;&#8216;cardset&#8217; to my phone and click on it:<\/p>\n<p><img src=\"\/wp-content\/images\/2007\/03\/pc_capture2.jpg\" \/><\/p>\n<p>3)&nbsp;The phone asks for the&nbsp;password I used to protect my file<\/p>\n<p><img src=\"\/wp-content\/images\/2007\/03\/pc-capture9.jpg\" \/>&nbsp;<\/p>\n<p>4)&nbsp;It verifies&nbsp;I&#39;m importing the right cards<\/p>\n<p><img src=\"\/wp-content\/images\/2007\/03\/pc-capture10.jpg\" \/><\/p>\n<p>5)&nbsp; And now I have the same cards on my phone device as on my PC.<\/p>\n<p><img src=\"\/wp-content\/images\/2007\/03\/pc-capture5.jpg\" \/><\/p>\n<p>How hard is that?&nbsp; It would be the same process copying the file to&nbsp;some other device.&nbsp; It works fine.&nbsp; As easy as getting a word document or powerpoint or mp3 from one place to another.&nbsp; Dongle anyone?&nbsp; How about email?<\/p>\n<p>Still, the uberpoint is this:&nbsp; once Information Cards&nbsp;live on my phone, they go whereever I go.&nbsp;<\/p>\n<p>There are lots of ways phones can potentially talk to other devices.&nbsp; So who says&nbsp;we have to copy our cards&nbsp;to all our devices once they live in a secure, personal device like a phone that&nbsp;we always have with us?<\/p>\n<p><strong>NOTE<\/strong>:&nbsp; I want to point out that the&nbsp;mobile implementation of CardSpace I&#39;m showing here is NOT a product.&nbsp; It&#39;s a way of learning about the issues, and collaborating with colleagues in the world of telecom and secure portable devices.&nbsp; But hey!&nbsp;&nbsp;It&#39;s still a lot of fun.&nbsp; More later.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Eve thinks CardSpace has &#8220;a vulnerability of an opposite but equally problematic nature&#8230;&#8221;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,15,11,5,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/702"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=702"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/702\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}