{"id":923,"date":"2008-02-24T23:03:22","date_gmt":"2008-02-25T07:03:22","guid":{"rendered":"\/?p=923"},"modified":"2008-02-25T00:14:11","modified_gmt":"2008-02-25T08:14:11","slug":"how-openid-leads-to-cardspace","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=923","title":{"rendered":"Why OpenID leads to CardSpace&#8230;"},"content":{"rendered":"<p>The recent <a href=\"\/?p=922\">announcements about OpenID<\/a> made enough impact that I&#39;ve had a number of people ask what\u00a0our\u00a0interest in\u00a0OpenID\u00a0means for Information Cards in general and CardSpace in particular.<\/p>\n<p>The answer is simple.\u00a0 OpenID provides\u00a0Single Sign On\u00a0to social networking sites and blogs.\u00a0 It\u00a0means we can\u00a0use a public personna across sites, and just log in once to use that persona.<\/p>\n<p>But OpenID\u00a0doesn&#39;t have the privacy characteristics that would make it suitable for government\u00a0applications or casual web surfing.\u00a0 And it doesn&#39;t have the\u00a0security characteristics\u00a0necessary for financial transactions or access to private data.\u00a0 In other words, its good for a\u00a0specific\u00a0set of purposes, and we are interested in it for those purposes,\u00a0but we remain as committed to more secure and privacy-oriented technologies as ever.\u00a0 In other words, we are interested in OpenID as part of a spectrum.<\/p>\n<p>Information Cards are a way of safely organizing a\u00a0palette of\u00a0digital identities\u00a0into a &#8220;digital wallet&#8221;.\u00a0\u00a0Over time, some of these identities will be very valuable, controlling access to government information,\u00a0bank accounts, and corporate resources.\u00a0 Other identities will be very private, like those associated with health information\u00a0or perhaps dating.\u00a0 Others will be the kind of public personas\u00a0we are talking about with OpenID.<\/p>\n<p>These different identities\u00a0will co-exist in a metasystem with contextual separation but a similar use model.\u00a0 Importantly, the metasystem won&#39;t replace the underlying technologies &#8211;\u00a0it\u00a0will unify them and provide a consistent experience.\u00a0<\/p>\n<p>The relation between OpenID and CardSpace\u00a0provides a good example of the issues involved here.\u00a0\u00a0\u00a0OpenID provides convenience and power but\u00a0suffers the problem of all the Single Sign On technologies\u00a0&#8211;\u00a0the more it succeeds, the more dramatically phishable it will become.\u00a0 <a href=\"\/wp-content\/images\/2008\/02\/OpenID\/Normal\/OpenIDPhish.html\" class=\"broken_link\">I&#39;ve created a visual demo\u00a0to help explain how this works <\/a>&#8211; and how CardSpace works with OpenID to solve the problems.<\/p>\n<p>My takeaway is\u00a0that OpenID <em>leads to<\/em> CardSpace.\u00a0 I don&#39;t mean by this that Information Cards replace OpenID.\u00a0 I just\u00a0mean that the more people start using cross-site identities, the more the capabilities\u00a0of CardSpace become relevant as a way of strengthening OpenID and put it in a\u00a0broader technology context.\u00a0\u00a0<\/p>\n<p>Information Cards were\u00a0created to put in place\u00a0an infrastructure that can solve the security problems of the web before\u00a0they explode in our faces.\u00a0 It&#39;s a serious technology and involves secure high-strength products emerging across the industry.\u00a0 The recent announcement by Higgins of\u00a0the new\u00a0<a href=\"http:\/\/www.eclipse.org\/org\/press-release\/20080221_higgins.php\">user-centric identity framework\u00a0for Eclipse\u00a0 <\/a>is a great sign of the progress being made.\u00a0 And there are other important announcements coming as well.<\/p>\n<p>[In this demo I use my favorite OpenID provider, which is myOpenID.com.\u00a0 It is <em>super<\/em> important to point out that I think\u00a0the company is\u00a0great.\u00a0 None of my analysis is a critique of myOpenID &#8211;\u00a0I&#39;m explaining\u00a0some of the &#8220;browser-redirect&#8221; problems that face all OpenID providers (as well as SAML and Shibboleth providers). Importantly, myOpenID have supported Information Cards for a long time &#8211; and\u00a0their\u00a0implementation\u00a0works well.\u00a0 So they are at the forefront of working these problems.\u00a0 Try using their Information Card solution.]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenID provides convenience and power but suffers the problem of all the Single Sign On technologies &#8211; the more it succeeds, the more dramatically phishable it will become.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[25,16,24,7,22],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/923"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=923"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/923\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}