Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Windows CardSpace in One Minute

Download

Right click “Save as…”

This demo shows the Windows CardSpace user experience in IE7 and FireFox. It only takes a minute* so anyone can see what's involved without having to become a world expert in Identity (although you may be tempted). This is a technology that everyone can, and will, benefit from.


* I overran by 15 seconds. If you use the Fast Play Speed in Windows Media Player you can get it down to about 50 seconds!

Tags:

Follow the Discussion

  • PerfectPhasePerfectPhase "This is not war, this is pest control!" - Dalek to Cyberman
    So what's the deal if I want to log in using the same account on multiple machines?  Do I have to export the card and import on another machine?

    How would this work for something like hotmail where I might be logging in from a web cafe?  Is that model covered by cardspace?
  • Today, if you want to use a card on another machine you have to move it there by exporting and importing.

    Alternatively, you could use a different card but associate it with the same account at the website. Our samples on http://cardspace.netfx3.com show how websites can easily allow this and it is also a very useful feature for handling revocation and different user contexts. For example, I might want to use an employer card *and* a personal card to access, say, fidelity.com. In one context I'm seeing what my employer is paying into my 401K and in the other I'm looking at my overall retirement fund (imagine I change employer). 

    In the future we'll have support for cards and token generation on devices such as smart cards and phones - Novell and Microsoft have already demostrated prototypes. This enables secure roaming scenarios where I can login using a kiosk machine when on vacation carrying nothing more than my phone and without having to worry about key loggers since all that passes through the compromised Internet Cafe machine is an encrypted token with a limited lifetime.

  • dprdpr

    This raises a few immediate questions:

    • Do managed cards permit roaming?
    • Can the managed card writer require that the managed card be locked with a PIN or biometric?
    • What about password ageing with locked managed cards?
  • That isn't the point.  How many forums do you visit?  How many vendor, bank, or government sites?  How many of those sites impose different security requirements (password length, no duplicate usernames) which invariably force you into remembering multiple accounts and passwords.  How annoying is it to have to fill in the same forum registration form when all that information could be automatically provided.  Since most of us auto-login via cookies, how cool would it be if you could just click on a visual representation of your account and let the authentication mechanism do the rest?

    I'm new to Cardspace but the general idea has been around for a while.  Being able to associate a card with multiple sites is incredible improvement and has the potential to greatly enhance and enrich the end-user experience.  Think of the potential possibilities; perhaps where you change your card info and your profile is updated across all sites that card is associated with?
  • Today, if I use public computer, then common scenario is it takes three steps. 1-log in, 2-do what I want, 3-log out or close the browser. When using cards, two more steps will be added. I need to import my card before log in, and I need to erase my card after log out. The more clean-up needed, the more possibility you forget something and someone to misuse your account. Moreover, leaving your card not erased on a public computer poses a real trouble, because many people who uses the same computer after you did is capable of using your identity. You wont be aware until you notice some changes in your bank account balance, will you?
  • Great idea in concept but major issue has to be the import/export of cards.

    Ive been in the MS camp since i started developing about 10 years ago but I also have to wonder if it will fly with the end users based on the fact that most of the "big" web apps these days are social sites and mostly written in php.

    Will the end users be bothered using a card for xyz site when they still have to use traditional authentication methods for facebook etc.

    On the flipside i think b2b apps will benefit greatly as there has always been issues with companies wanting integrated authentication with SAAS type sites. Cardspace will make overcoming this problem much easier.

    Rich
    www.litmos.com
  • What screen recording software was used to make this video?  I'd like to make some screencasts demonstrating CardSpace and blog usage but the tool I'm using (CamStudio) does not capture the Identity Selector screens properly.
  • The simplest ways to record CardSpace for a screencast are to use a virtual machine or terminal services (aka Remote Desktop).

  • Is there a way for one to store an Info Card on a removable USB drive and be able to use it where ever I go without having to import it and delete it everytime? (Ie. The computer reads it right from the USB drive)
  • Check out www.slashid.com. They seem to offer secure identity solution where you can manage multiple profiles(similar to information cards) and don't have to worry about importing/exporting data from one machine to another - Single username/password does it all!
  • simply show what's cardspace.
    tx 
  • Thanks for sharing, because I didn't know what CardSpace is.
  • Yes you are right. But if there are two sites one username is holding by one person on one site and the same username is holding by another person on different site then how can a person use the same usernames on both sites?.

    User1: Bharath Reddy is holding vasireddybharath on some site lets say www.xyz.com
    User2: Ramesh is holding same vasireddybharath username on some other site lets say www.zyx.com

    Then what will happen?. Is the cards unique worldwide taking considering all the sites?.

    Thanks & Regards
    Bharath Reddy VasiReddy
  • I see a lot of complains about import and export cards, and most of them related to using public computers.. but.. even in my country where not to many people have their personal computer I canĀ“t see somebody using credit card number or some other sensitive data in a public computer beside thinking in a cybercoffe wath if somebody installed a trojan horse or is usinf a snifer near... is login and password a securer idea.

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.