Always Learning

Advanced Search

Understanding Windows CardSpace

Understanding Windows CardSpace

An Introduction to the Concepts and Challenges of Digital Identities

Vittorio Bertocci, Garrett Serack, Caleb Baker

Jan 2008, Paperback, 384 pages
ISBN13: 9780321496843
ISBN10: 0321496841
This title is no longer available.
£31.99

This title cannot be purchased online
  • Print pagePrint page
  • Email this pageEmail page
  • Share

Windows CardSpace empowers organizations to prevent identity theft and systematically address a broad spectrum of security and privacy challenges. Understanding Windows CardSpaceis the first insiderís guide to Windows CardSpace and the broader topic of identity management for technical and business professionals. Drawing on the authorsí unparalleled experience earned by working with the CardSpace product team and by implementing state-of-the-art CardSpace-based systems at leading enterprises, it offers unprecedented insight into the realities of identity management: from planning and design through deployment.

Part I introduces the fundamental concepts of user-centered identity management, explains the context in which Windows CardSpace operates, and reviews the problems CardSpace aims to solve. Next, the authors walk through CardSpace from a technical standpoint, describing its technologies, elements, artifacts, operations and development practices, and usage scenarios. Finally, they carefully review the design and business considerations associated with architecting solutions based on CardSpace or any other user-centered identity management

system. Coverage includes

  • The limitations of current approaches to authentication and identity management
  • Detailed information on advanced Web services
  • The Identity Metasystem, the laws of identity, and the ideal authentication system
  • Windows CardSpace: What it is, how it works, and how developers and managers can use it in their organizations
  • CardSpace technology: user experience, Information Cards, private desktops, and integration with .NET 3.5 and Windows Vista
  • CardSpace implementation: from HTML integration through federation, Web services integration, and beyond
  • Adding personal card support to a website: a detailed, scenario-based explanation
  • Choosing or becoming an identity provider: opportunities, business impacts, operational issues, and pitfalls to avoid
  • Using CardSpace to leverage trust relationships and overcome phishing

Whether youíre a developer, security specialist, or business decision-maker, this book will answer your most crucial questions about identity management, so you can protect everything that matters: your people, your assets, your partners, and your customers.

Foreword xv

Preface xviii

Part I Setting the Context

Chapter 1: The Problem 3

The Advent of Profitable Digital Crime 4

Passwords: Ascent and Decline 29

The Babel of Cryptography 36

The Babel of Web User Interfaces 79

Summary 84

Chapter 2: Hints Toward a Solution 87

A World Without a Center 89

The Seven Laws of Identity 92

The Identity Metasystem 110

Trust 115

WS-* Web Services Specifications: The Reification of the Identity Metasystem 136

Presenting Windows CardSpace 161

Summary 164

Part II THE TECHNOLOGY

Chapter 3: Windows CardSpace 169

CardSpace Walkthroughs 169

Is CardSpace Just for Websites? 175

System Requirements 176

What CardSpace Provides 177

A Deeper Look at Information Cards 184

Features of the CardSpace UI 204

Common CardSpace Management Tasks 210

User Experience Changes in .NET Framework 3.5 218

Summary 221

Chapter 4: CardSpace Implementation 223

Using CardSpace in the Browser 224

Federation with CardSpace 248

CardSpace and Windows Communication Foundation 252

CardSpace Without Web Services 262

Summary 268

Chapter 5: Guidance for a Relying Party 269

Deciding to Be a Relying Party 270

Putting CardSpace to Work 274

Privacy and Liability 299

Summary 302

Part III PRACTICAL CONSIDERATIONS

Chapter 6: Identity Consumers 305

Common Misconceptions about Becoming an Identity Provider 306

Criteria for Selecting an Identity Provider 309

Relying on an IP 315

Migration Issues 320

Summary 321

Chapter 7: Identity Providers 323

Uncovering the Rationale for Becoming an Identity Provider 324

What Does an Identity Provider Have to Offer? 334

Walking a Mile in the Userís Shoes 338

An Organizationís Identity 341

Summary 342

Index 343

Windows CardSpace empowers organizations to prevent identity theft and systematically address a broad spectrum of security and privacy challenges. Understanding Windows CardSpaceis the first insiderís guide to Windows CardSpace and the broader topic of identity management for technical and business professionals. Drawing on the authorsí unparalleled experience earned by working with the CardSpace product team and by implementing state-of-the-art CardSpace-based systems at leading enterprises, it offers unprecedented insight into the realities of identity management: from planning and design through deployment.

Part I introduces the fundamental concepts of user-centered identity management, explains the context in which Windows CardSpace operates, and reviews the problems CardSpace aims to solve. Next, the authors walk through CardSpace from a technical standpoint, describing its technologies, elements, artifacts, operations and development practices, and usage scenarios. Finally, they carefully review the design and business considerations associated with architecting solutions based on CardSpace or any other user-centered identity management

system. Coverage includes

  • The limitations of current approaches to authentication and identity management
  • Detailed information on advanced Web services
  • The Identity Metasystem, the laws of identity, and the ideal authentication system
  • Windows CardSpace: What it is, how it works, and how developers and managers can use it in their organizations
  • CardSpace technology: user experience, Information Cards, private desktops, and integration with .NET 3.5 and Windows Vista
  • CardSpace implementation: from HTML integration through federation, Web services integration, and beyond
  • Adding personal card support to a website: a detailed, scenario-based explanation
  • Choosing or becoming an identity provider: opportunities, business impacts, operational issues, and pitfalls to avoid
  • Using CardSpace to leverage trust relationships and overcome phishing

Whether youíre a developer, security specialist, or business decision-maker, this book will answer your most crucial questions about identity management, so you can protect everything that matters: your people, your assets, your partners, and your customers.

Foreword xv

Preface xviii

Part I Setting the Context

Chapter 1: The Problem 3

The Advent of Profitable Digital Crime 4

Passwords: Ascent and Decline 29

The Babel of Cryptography 36

The Babel of Web User Interfaces 79

Summary 84

Chapter 2: Hints Toward a Solution 87

A World Without a Center 89

The Seven Laws of Identity 92

The Identity Metasystem 110

Trust 115

WS-* Web Services Specifications: The Reification of the Identity Metasystem 136

Presenting Windows CardSpace 161

Summary 164

Part II THE TECHNOLOGY

Chapter 3: Windows CardSpace 169

CardSpace Walkthroughs 169

Is CardSpace Just for Websites? 175

System Requirements 176

What CardSpace Provides 177

A Deeper Look at Information Cards 184

Features of the CardSpace UI 204

Common CardSpace Management Tasks 210

User Experience Changes in .NET Framework 3.5 218

Summary 221

Chapter 4: CardSpace Implementation 223

Using CardSpace in the Browser 224

Federation with CardSpace 248

CardSpace and Windows Communication Foundation 252

CardSpace Without Web Services 262

Summary 268

Chapter 5: Guidance for a Relying Party 269

Deciding to Be a Relying Party 270

Putting CardSpace to Work 274

Privacy and Liability 299

Summary 302

Part III PRACTICAL CONSIDERATIONS

Chapter 6: Identity Consumers 305

Common Misconceptions about Becoming an Identity Provider 306

Criteria for Selecting an Identity Provider 309

Relying on an IP 315

Migration Issues 320

Summary 321

Chapter 7: Identity Providers 323

Uncovering the Rationale for Becoming an Identity Provider 324

What Does an Identity Provider Have to Offer? 334

Walking a Mile in the Userís Shoes 338

An Organizationís Identity 341

Summary 342

Index 343

Foreword xv

Preface xviii

Part I Setting the Context

Chapter 1: The Problem 3

The Advent of Profitable Digital Crime 4

Passwords: Ascent and Decline 29

The Babel of Cryptography 36

The Babel of Web User Interfaces 79

Summary 84

Chapter 2: Hints Toward a Solution 87

A World Without a Center 89

The Seven Laws of Identity 92

The Identity Metasystem 110

Trust 115

WS-* Web Services Specifications: The Reification of the Identity Metasystem 136

Presenting Windows CardSpace 161

Summary 164

Part II THE TECHNOLOGY

Chapter 3: Windows CardSpace 169

CardSpace Walkthroughs 169

Is CardSpace Just for Websites? 175

System Requirements 176

What CardSpace Provides 177

A Deeper Look at Information Cards 184

Features of the CardSpace UI 204

Common CardSpace Management Tasks 210

User Experience Changes in .NET Framework 3.5 218

Summary 221

Chapter 4: CardSpace Implementation 223

Using CardSpace in the Browser 224

Federation with CardSpace 248

CardSpace and Windows Communication Foundation 252

CardSpace Without Web Services 262

Summary 268

Chapter 5: Guidance for a Relying Party 269

Deciding to Be a Relying Party 270

Putting CardSpace to Work 274

Privacy and Liability 299

Summary 302

Part III PRACTICAL CONSIDERATIONS

Chapter 6: Identity Consumers 305

Common Misconceptions about Becoming an Identity Provider 306

Criteria for Selecting an Identity Provider 309

Relying on an IP 315

Migration Issues 320

Summary 321

Chapter 7: Identity Providers 323

Uncovering the Rationale for Becoming an Identity Provider 324

What Does an Identity Provider Have to Offer? 334

Walking a Mile in the Userís Shoes 338

An Organizationís Identity 341

Summary 342

Index 343

Vittorio Bertocci is an Architect Evangelist in the service of Windows Server Evangelism for Microsoft. He is based in Redmond, Washington. He works with Fortune 100 and major G100 enterprises worldwide, helping them to stay ahead of the curve and take advantage of the latest unreleased technologies. In the past two years, he helped many customers all around the world to design and develop solutions based on technologies such as Identity and Access Management, Windows CardSpace, Windows Communication Foundation, and Windows Workflow Foundation. He frequently serves as a speaker at international conferences such as IDWorld, Gartner Summit, TechEd, and the like. His blog, located at http://blogs.msdn.com/vbertocci, focuses on identity and distributed systems architecture; it is periodically translated into Chinese at www.china-ac.net.cn/zmjgsbkzxnew4.aspx.

Vittorio has more than 13 years of experience in the software industry. He worked in the fields of computational geometry, scientific visualization, usability, business data, and industrial applications and has published articles in international academic industry journals. Vittorio joined Microsoft Italy in 2001 in Consulting Services. Before falling hopelessly in love with identity, he worked with Web Services and Services Orientation from its very inception, becoming a reference and a trusted advisor for key industry players nationwide and at the European level. In October 2005, he answered the call of Microsoft headquarters and moved to Redmond, where he lives with his wife, Iwona. Vittorio holds a Masterís degree in Computer Science from the Universitaí di Genova, Italy.

Garrett Serack

worked as an independent software development consultant in Calgary, Canada, for 15 years, with clients in fields such as government, telecom, petroleum, and railways. Joining Microsoft in the fall of 2005 as the Community Program Manager of the Federated Identity team, Garrett has worked with the companies and the Open Source community to build digital identity frameworks, tools, and standards that are shaping the future of Internet commerce and strengthening the fight against fraud. In the summer of 2007, he transitioned to be the Community Lead in the Open Source Software Labs at Microsoft.

Garrett lives in Bothell, Washington, with his fantastic wife, Brandie, and their two amazing daughters Tea and Indyanna. Catch up on CardSpace and begin to learn more about Microsoft Open Source efforts on his blog at http://fearthecowboy.com.

Caleb Baker has been at Microsoft for the past seven years and is part of the Federated Identity team. In addition to building CardSpace, the team is working on the other pieces needed to build the Identity Metasystem. Caleb has been on the CardSpace product team since 2004 (InfoCard at the time). Since the first release of CardSpace, he has continued to work on future CardSpace products as well as various Identity Metasystem interoperability projects.

Before working on CardSpace, Caleb gained experience in the identity and security space by working on Active Directory and the Active Directory Migration Tool (ADMT). Caleb is a Seattle-area native, having graduated from the University of Washington with a degree in Physics and Political Science and has also earned a Masterís degree in Computer Science.