Great idea in concept but major issue has to be the import/export of cards.
Ive been in the MS camp since i started developing about 10 years ago but I also have to wonder if it will fly with the end users based on the fact that most of the "big" web apps these days are social sites and mostly written in php.
Will the end users be bothered using a card for xyz site when they still have to use traditional authentication methods for facebook etc.
On the flipside i think b2b apps will benefit greatly as there has always been issues with companies wanting integrated authentication with SAAS type sites. Cardspace will make overcoming this problem much easier.