On Wednesday January, 2007 I delivered an internal webcast on the Windows Cardspace (WPF) as part 4 of the four part SRA .Net University series. I had 15 people attend the webcast register and 10 attend. Participants attended from Virginia, Maryland, Geogia,  and Washington DC. Windows CardSpace enables users to provide their digital identities in a familiar, secure and easy way. In the physical world we use business cards, credit cards and membership cards. Online with CardSpace we use a variety of virtual cards to identify ourselves, each retrieving data from an identity provider.

 Who are You - if someone asks us this question we typically answer in a manner that’s appropriate to the context in which I am being asked. I can say that “I am Noah Subrin”, “I am an American citizen”, I work at SRA International and so on. At SRA I am employee# so and so, to the Georgia State Patrol I am represented by my driver’s license. At my local bank I am represented by an account number. I have several “identities” depending on the current context. But why is this important?

Identity Management has become a very important topic because we use the Internet constantly at work and at home to connect to a variety of services. Almost every type of service we utilize asks for some manner of authentication. Despite the ubiquitous nature of the Internet, there are studies which indicate that phishing, pharming, and other attacks, such as man-in-the middle are on the rise. The site antiphishing.org contains data to substantiate this.

As a result consumer confidence in the Internet is suffering. Along with phishing and pharming, there is the problem of password fatigue. Everyone has many passwords - it is difficult to remember them all - especially in sites we visit in frequently. If we recycle them, we expose ourselves to attacks.

Windows Cardspace addresses these issues because it is based on an Identity Metasystem. Cardspace is found in Windows Vista, and also is part of the .Net Framework 3.0. Windows Cardspace is an application that can be started up from Windows Control Panel.  It is based on a system of Information Cards, or simply, InfoCards. There can be self-issued cards and managed cards.  ●Cards contain no actual identity data – only metadata. The metadata includes the following: