Windows CardSpace in One Minute

Play Windows CardSpace in One Minute

The Discussion

  • User profile image
    So what's the deal if I want to log in using the same account on multiple machines?  Do I have to export the card and import on another machine?

    How would this work for something like hotmail where I might be logging in from a web cafe?  Is that model covered by cardspace?
  • User profile image

    Today, if you want to use a card on another machine you have to move it there by exporting and importing.

    Alternatively, you could use a different card but associate it with the same account at the website. Our samples on show how websites can easily allow this and it is also a very useful feature for handling revocation and different user contexts. For example, I might want to use an employer card *and* a personal card to access, say, In one context I'm seeing what my employer is paying into my 401K and in the other I'm looking at my overall retirement fund (imagine I change employer). 

    In the future we'll have support for cards and token generation on devices such as smart cards and phones - Novell and Microsoft have already demostrated prototypes. This enables secure roaming scenarios where I can login using a kiosk machine when on vacation carrying nothing more than my phone and without having to worry about key loggers since all that passes through the compromised Internet Cafe machine is an encrypted token with a limited lifetime.

  • User profile image

    This raises a few immediate questions:

    • Do managed cards permit roaming?
    • Can the managed card writer require that the managed card be locked with a PIN or biometric?
    • What about password ageing with locked managed cards?
  • User profile image
    That isn't the point.  How many forums do you visit?  How many vendor, bank, or government sites?  How many of those sites impose different security requirements (password length, no duplicate usernames) which invariably force you into remembering multiple accounts and passwords.  How annoying is it to have to fill in the same forum registration form when all that information could be automatically provided.  Since most of us auto-login via cookies, how cool would it be if you could just click on a visual representation of your account and let the authentication mechanism do the rest?

    I'm new to Cardspace but the general idea has been around for a while.  Being able to associate a card with multiple sites is incredible improvement and has the potential to greatly enhance and enrich the end-user experience.  Think of the potential possibilities; perhaps where you change your card info and your profile is updated across all sites that card is associated with?
  • User profile image
    Today, if I use public computer, then common scenario is it takes three steps. 1-log in, 2-do what I want, 3-log out or close the browser. When using cards, two more steps will be added. I need to import my card before log in, and I need to erase my card after log out. The more clean-up needed, the more possibility you forget something and someone to misuse your account. Moreover, leaving your card not erased on a public computer poses a real trouble, because many people who uses the same computer after you did is capable of using your identity. You wont be aware until you notice some changes in your bank account balance, will you?
  • User profile image
    Great idea in concept but major issue has to be the import/export of cards.

    Ive been in the MS camp since i started developing about 10 years ago but I also have to wonder if it will fly with the end users based on the fact that most of the "big" web apps these days are social sites and mostly written in php.

    Will the end users be bothered using a card for xyz site when they still have to use traditional authentication methods for facebook etc.

    On the flipside i think b2b apps will benefit greatly as there has always been issues with companies wanting integrated authentication with SAAS type sites. Cardspace will make overcoming this problem much easier.

  • User profile image
    What screen recording software was used to make this video?  I'd like to make some screencasts demonstrating CardSpace and blog usage but the tool I'm using (CamStudio) does not capture the Identity Selector screens properly.
  • User profile image

    The simplest ways to record CardSpace for a screencast are to use a virtual machine or terminal services (aka Remote Desktop).

  • User profile image
    Is there a way for one to store an Info Card on a removable USB drive and be able to use it where ever I go without having to import it and delete it everytime? (Ie. The computer reads it right from the USB drive)
  • User profile image
    Check out They seem to offer secure identity solution where you can manage multiple profiles(similar to information cards) and don't have to worry about importing/exporting data from one machine to another - Single username/password does it all!
  • User profile image
    simply show what's cardspace.
  • User profile image
    Thanks for sharing, because I didn't know what CardSpace is.
  • User profile image
    Yes you are right. But if there are two sites one username is holding by one person on one site and the same username is holding by another person on different site then how can a person use the same usernames on both sites?.

    User1: Bharath Reddy is holding vasireddybharath on some site lets say
    User2: Ramesh is holding same vasireddybharath username on some other site lets say

    Then what will happen?. Is the cards unique worldwide taking considering all the sites?.

    Thanks & Regards
    Bharath Reddy VasiReddy
  • User profile image
    I see a lot of complains about import and export cards, and most of them related to using public computers.. but.. even in my country where not to many people have their personal computer I can´t see somebody using credit card number or some other sensitive data in a public computer beside thinking in a cybercoffe wath if somebody installed a trojan horse or is usinf a snifer near... is login and password a securer idea.

Add Your 2 Cents