Windows CardSpace (

codename A code name, call sign or cryptonym is a Code word (figure of speech), code word or name used, sometimes clandestinely, to refer to another name, word, project, or person. Code names are often used for military purposes, or in espionage. They may ...

d InfoCard) is a discontinued identity selector app by

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...

. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

attacks and adherence to Kim Cameron's " 7 Laws of Identity" were goals in its design. CardSpace is a built-in component of

Windows 7 Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly ...

, and has been made available for

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...

Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...

, and

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

as part of the

.NET Framework The .NET Framework (pronounced as "''dot net"'') is a proprietary software framework developed by Microsoft that runs primarily on Microsoft Windows. It was the predominant implementation of the Common Language Infrastructure (CLI) until bein ...

3.x package.

Overview

When an information card-enabled application or website wishes to obtain information about the

user Ancient Egyptian roles * User (ancient Egyptian official), an ancient Egyptian nomarch (governor) of the Eighth Dynasty * Useramen, an ancient Egyptian vizier also called "User" Other uses * User (computing), a person (or software) using an ...

, it requests a particular set of claims. The CardSpace UI then appears, switching the display to the CardSpace service, which displays the user's stored identities as visual cards. The user selects a card to use, and the CardSpace software contacts the issuer of the identity to obtain a digitally signed

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. T ...

token that contains the requested information. CardSpace also allows users to create ''personal'' (also known as ''self-issued'') information cards, which can contain one or more of 14 fields of identity information such as full name and address. Other transactions may require a ''managed'' information card; these are issued by a third-party ''identity provider'' that makes the claims on the person's behalf, such as a bank, employer, or a government agency. Windows CardSpace is built on top of the Web services protocol stack, an open set of XML-based protocols, including

WS-Security Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS. The protocol specifies how integrity and confidentiality can be enfor ...

WS-Trust WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker t ...

WS-MetadataExchange WS-MetaDataExchange is a web services protocol specification, published by BEA Systems, IBM, Microsoft, and SAP. WS-MetaDataExchange is part of the WS-Federation roadmap; and is designed to work in conjunction with WS-Addressing, WSDL and WS-Pol ...

and

WS-SecurityPolicy WS-SecurityPolicy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-SecureConversatio ...

. This means that any technology or platform that supports these protocols can integrate with CardSpace. To accept information cards, a

web developer A web developer is a programmer who develops World Wide Web applications using a client–server model. The applications typically use HTML, CSS, and JavaScript in the client, and any general-purpose programming language in the server. is used f ...

needs to declare an

HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScri ...

<OBJECT> tag that specifies the claims the website is demanding and implement code to decrypt the returned token and extract the claim values. If an identity provider wants to issue tokens, it must provide a means by which a user can obtain a managed card and provide a Security Token Service (STS) which handles

requests and returns an appropriate encrypted and signed token. During the 2000s, identity providers that didn't wish to build STS could obtain one from a variety of vendors, including PingIdentity, BMC,

Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...

, or

Siemens Siemens AG ( ) is a German multinational conglomerate corporation and the largest industrial manufacturing company in Europe headquartered in Munich with branch offices abroad. The principal divisions of the corporation are ''Industry'', '' ...

. Because CardSpace and the identity metasystem upon which it is based are token-format-agnostic, CardSpace did not compete directly with other Internet identity architectures like

OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provider ...

and

SAML Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based m ...

. These three approaches to identity can be seen as complementary, because during the 2000s, information cards could be used today for signing into OpenID providers,

Windows Live ID A Microsoft account or MSA (previously known as Microsoft Passport, .NET Passport, and Windows Live ID) is a single sign-on Microsoft user account for Microsoft customers to log in to Microsoft services (like Outlook.com), devices running on on ...

accounts, and SAML identity providers. IBM and

Novell Novell, Inc. was an American software and services company headquartered in Provo, Utah, that existed from 1980 until 2014. Its most significant product was the multi-platform network operating system known as Novell NetWare. Under the lead ...

planned to support the Higgins trust framework to provide a development framework that includes support for information cards and the Web services protocol stack, thus including CardSpace within a broader, extensible framework also supporting other identity-related technologies, such as SAML and OpenID.

Release

Microsoft initially shipped Windows CardSpace with the

.NET Framework 3.0 Microsoft started development on the .NET Framework in the late 1990s originally under the name of Next Generation Windows Services (NGWS). By late 2001 the first beta versions of .NET 1.0 were released. The first version of .NET Framework was ...

, which runs on

, and

. It is installed by default on Windows Vista as well as

and is available as a free download for XP and Server 2003 via

Windows Update Windows Update is a Microsoft service for the Windows 9x and Windows NT families of operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Wind ...

. An updated version of CardSpace shipped with the

.NET Framework 3.5 Microsoft started development on the .NET Framework in the late 1990s originally under the name of Next Generation Windows Services (NGWS). By late 2001 the first beta versions of .NET 1.0 were released. The first version of .NET Framework was r ...

. The new Credential Manager in Windows 7 uses Windows CardSpace for the management and storage of saved user credentials.

Discontinuation

On February 15, 2011, Microsoft announced that Windows CardSpace 2.0 would not be shipped. Microsoft later worked on a replacement called

U-Prove U-Prove is a free and open-source technology and accompanying SDK for user-centric identity management. The underlying cryptographic protocols were designed by Dr. Stefan Brands and further developed by Credentica and, subsequently, Microsoft. T ...

References

External links

;Software development
Windows CardSpace on .NET Framework documentation site
– Developer articles and technical documentation on Windows CardSpace
Microsoft Information Card Kit for ASP.NET 2.0
– ASP.NET Relying Party (RP) code to support CardSpace
Microsoft Information Card Kit for HTML
– platform-independent JavaScript and CSS code that detects if the client can use i-cards and provides the corresponding UI support * Open sourc
Ruby
RP code for accepting information cards * Open sourc
Java
RP code for accepting information cards * Open sourc
C and PHP
RP code for accepting cards * Open sourc
C
RP code for accepting information cards and

STS STS, or sts, may refer to: Medicine * Secondary traumatic stress, a condition which leads to a diminished ability to empathize * Sequence-tagged site, a gene-reference in genomics * Soft-tissue sarcoma * Staurosporine, an antibiotic * STS (gen ...

code for managed i-cards * Open sourc
PHP
Security Token Service code for managed cards * Open sourc
C#
STS code for managed information cards ;Identity selectors
Digital Me
– an open-source Identity Selector for

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

and

Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...

A plug-in
for Apple's

Safari A safari (; ) is an overland journey to observe wild animals, especially in eastern or southern Africa. The so-called "Big Five" game animals of Africa – lion, leopard, rhinoceros, elephant, and Cape buffalo – particularly form an importa ...

implementing an Information Card identity selector
A plug-in
for

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...

to activate CardSpace and other identity selectors ;Blogs
''Kim Cameron's Identity Weblog''
– Blog from Microsoft's architect for identity
''Mike Jones: Self-Issued''
– Blog on CardSpace, cards, and digital identity from Microsoft's Director of Identity Partnerships
''Vittorio Bertocci'' (archived)
– Blog on designing and developing with CardSpace from Microsoft's architect evangelist for Windows Server 2008
''Claim-Based Identity Blog'' (archived)
– Blog on CardSpace from its development team {{Windows Components

CardSpace Windows CardSpace (codenamed InfoCard) is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to ...

Web services Federated identity Discontinued Windows components

Overview

Release

Discontinuation

See also

References

Further reading

External links