Windows CardSpace (

codename A code name, codename, call sign, or cryptonym is a code word or name used, sometimes clandestinely, to refer to another name, word, project, or person. Code names are often used for military purposes, or in espionage. They may also be used in ...

d InfoCard) is a discontinued identity selector app by

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to

phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...

attacks and adherence to Kim Cameron's " 7 Laws of Identity" were goals in its design. CardSpace is a built-in component of

Windows 7 Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on July 22, 2009, and became generally available on October 22, ...

and

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...

, and has been made available for

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...

and

Windows Server 2003 Windows Server 2003, codenamed "Whistler Server", is the sixth major version of the Windows NT operating system produced by Microsoft and the first server version to be released under the Windows Server brand name. It is part of the Windows NT ...

as part of the .NET Framework 3.x package.

Overview

When an information card-enabled application or website wishes to obtain information about the

user Ancient Egyptian roles * User (ancient Egyptian official), an ancient Egyptian nomarch (governor) of the Eighth Dynasty * Useramen, an ancient Egyptian vizier also called "User" Other uses * User (computing), a person (or software) using an ...

, it requests a particular set of claims. The CardSpace UI then appears, switching the display to the CardSpace service, which displays the user's stored identities as visual cards. The user selects a card to use, and the CardSpace software contacts the issuer of the identity to obtain a digitally signed

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing data. It defines a set of rules for encoding electronic document, documents in a format that is both human-readable and Machine-r ...

token that contains the requested information. CardSpace also allows users to create ''personal'' (also known as ''self-issued'') information cards, which can contain one or more of 14 fields of identity information such as full name and address. Other transactions may require a ''managed'' information card; these are issued by a third-party ''identity provider'' that makes the claims on the person's behalf, such as a bank, employer, or a government agency. Windows CardSpace is built on top of the Web services protocol stack, an open set of XML-based protocols, including

WS-Security Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS. The protocol specifies how integrity and confidentiality can be enf ...

, WS-Trust,

WS-MetadataExchange WS-MetaDataExchange is a web services protocol specification, published by BEA Systems, IBM, Microsoft, and SAP. WS-MetaDataExchange is part of the WS-Federation roadmap; and is designed to work in conjunction with WS-Addressing, WSDL and WS-P ...

and WS-SecurityPolicy. This means that any technology or platform that supports these protocols can integrate with CardSpace. To accept information cards, a

web developer A web developer is a programmer who develops World Wide Web applications using a client–server model. The applications typically use HTML, CSS, and JavaScript in the client, and any general-purpose programming language in the server. is used ...

needs to declare an

HTML Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It defines the content and structure of web content. It is often assisted by technologies such as Cascading Style Sheets ( ...

<OBJECT> tag that specifies the claims the website is demanding and implement code to decrypt the returned token and extract the claim values. If an identity provider wants to issue tokens, it must provide a means by which a user can obtain a managed card and provide a Security Token Service (STS) which handles WS-Trust requests and returns an appropriate encrypted and signed token. During the 2000s, identity providers that didn't wish to build STS could obtain one from a variety of vendors, including PingIdentity, BMC,

Sun Microsystems Sun Microsystems, Inc., often known as Sun for short, was an American technology company that existed from 1982 to 2010 which developed and sold computers, computer components, software, and information technology services. Sun contributed sig ...

, or

Siemens Siemens AG ( ) is a German multinational technology conglomerate. It is focused on industrial automation, building automation, rail transport and health technology. Siemens is the largest engineering company in Europe, and holds the positi ...

. Because CardSpace and the identity metasystem upon which it is based are token-format-agnostic, CardSpace did not compete directly with other Internet identity architectures like

OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provi ...

and

SAML Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (SAML), identity provider and a service provid ...

. These three approaches to identity can be seen as complementary, because during the 2000s, information cards could be used today for signing into OpenID providers,

Windows Live ID A Microsoft account or MSA (previously known as Microsoft Passport, .NET Passport, and Windows Live ID) is a single sign-on personal user account for Microsoft customers to log in to consumer Microsoft services (like Outlook.com), devices ru ...

accounts, and SAML identity providers.

IBM International Business Machines Corporation (using the trademark IBM), nicknamed Big Blue, is an American Multinational corporation, multinational technology company headquartered in Armonk, New York, and present in over 175 countries. It is ...

and

Novell Novell, Inc. () was an American software and services company headquartered in Provo, Utah, that existed from 1980 until 2014. Its most significant product was the multi-platform network operating system known as NetWare. Novell technolog ...

planned to support the Higgins trust framework to provide a development framework that includes support for information cards and the Web services protocol stack, thus including CardSpace within a broader, extensible framework also supporting other identity-related technologies, such as

and

Release

Microsoft initially shipped Windows CardSpace with the .NET Framework 3.0, which runs on

, and

. It is installed by default on Windows Vista as well as

and is available as a free download for XP and Server 2003 via

Windows Update Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers sof ...

. An updated version of CardSpace shipped with the .NET Framework 3.5. The new Credential Manager in Windows 7 uses Windows CardSpace for the management and storage of saved user credentials.

Discontinuation

On February 15, 2011, Microsoft announced that Windows CardSpace 2.0 would not be shipped. Microsoft later worked on a replacement called U-Prove.

References

External links

;Software development
Windows CardSpace on .NET Framework documentation site
– Developer articles and technical documentation on Windows CardSpace
Microsoft Information Card Kit for ASP.NET 2.0
– ASP.NET Relying Party (RP) code to support CardSpace
Microsoft Information Card Kit for HTML
– platform-independent JavaScript and CSS code that detects if the client can use i-cards and provides the corresponding UI support * Open sourc
Ruby
RP code for accepting information cards * Open sourc
Java
RP code for accepting information cards * Open sourc
C and PHP
RP code for accepting cards * Open sourc
C
RP code for accepting information cards and

STS STS, or sts, may refer to: Medicine * Secondary traumatic stress, a condition which leads to a diminished ability to empathize * Sequence-tagged site, a gene-reference in genomics * Soft-tissue sarcoma * Staurosporine, an antibiotic * STS (gene ...

code for managed i-cards * Open sourc
PHP
Security Token Service code for managed cards * Open sourc
C#
STS code for managed information cards ;Identity selectors
Digital Me
– an open-source Identity Selector for

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

and

Mac OS X macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

A plug-in
for Apple's

Safari A safari (; originally ) is an overland journey to observe wildlife, wild animals, especially in East Africa. The so-called big five game, "Big Five" game animals of Africa – lion, African leopard, leopard, rhinoceros, African elephant, elep ...

implementing an Information Card identity selector
A plug-in
for

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...

to activate CardSpace and other identity selectors ;Blogs
''Kim Cameron's Identity Weblog''
– Blog from Microsoft's architect for identity
''Mike Jones: Self-Issued''
– Blog on CardSpace, cards, and digital identity from Microsoft's Director of Identity Partnerships
''Vittorio Bertocci'' (archived)
– Blog on designing and developing with CardSpace from Microsoft's architect evangelist for Windows Server 2008
''Claim-Based Identity Blog'' (archived)
– Blog on CardSpace from its development team {{Windows Components CardSpace CardSpace Web services Federated identity Discontinued Windows components

Overview

Release

Discontinuation

See also

References

Further reading

External links