Microsoft yesterday unveiled Windows CardSpace, a user-centric identity technology that was formerly called InfoCard.
CardSpace is the name the technology will carry when the Vista client operating system ships to corporate users before the end of the year, according to Stuart Kwan, director of program management for identity and access technologies at Microsoft.
Microsoft also laid out its roadmap for identity technologies, including development tools, the client OS, and server-based components. One of those server components is MIIS (Microsoft Identity Integration Server), which is slated to be incorporated into the operating system.
CardSpace is an interface that presents users with an identity selector, a palette of identity cards that can be used to authenticate to various network resources or websites.
Microsoft has added an interface that pops the CardSpace selector out to the front of the desktop while suspending other functionality on the desktop. The interface also shows the user what kinds of credentials are needed to access a particular site or resource.
"The selector helps you select an identity card and tells you who you are talking to," says Kwan.
Kwan says CardSpace would be the technology that replaces the traditional username and password and said it would provide one-click sign-on and protection against spoofing and phishing attacks.
Microsoft has built CardSpace into Internet Explorer 7.0, but the technology can be built into smart clients. Kwan says the technology could work with Mozilla's Firefox browser, but that a third-party would have to develop an adapter. Last year, Microsoft said it was in talks with Mozilla and Apple about integration of CardSpace with their browsers.
CardSpace and IE represent the client side of Microsoft's identity equation.
On the server side, Microsoft has developed a technology called the STS (Security Token Service) that will be integrated with Active Directory.
STS, which will ship sometime after Longhorn Server is released late next year, is a lightweight gateway based on the WS-Trust protocol for servers and clients that negotiates the exchange of security tokens, such as Kerberos or Security Assertion Markup Language.
On the developer side, Kwan says, Microsoft has added support for CardSpace into the .Net Framework 3.0 (formerly WinFX) to make it easier for developers to build identity services into their applications.
In February, Microsoft outlined a new platform strategy using Active Directory as a brand name and a hub to support a slew of technologies targeted at identity and access management, including sophisticated provisioning tools now lacking from the Microsoft lineup.
Experts say Microsoft needs to add or improve workflow, password management, user self-service and delegated administration capabilities to Active Directory and MIIS, the core of its identity platform. Both are foundation elements for Microsoft's Identity Metasystem strategy.
Ultimately Microsoft would like that core to support strong credentials, access control, single sign-on, federated identity, information rights protection, process automation and auditing.
Kwan says Microsoft is investing heavily in support for strong credentials, especially native smart-card support. Windows will include an architecture to support smart-card operations based on the same mini-driver model used to support printers. The platform will support a smart-card certification program so users can get automated upgrades through Windows Update. Those upgrades are expected as much as 12 months past the release of Vista.
For MIIS, Microsoft will add support in Service Pack 2, slated to ship later this year, for Visual Studio 2005 and SQL Server 2005. In addition, Microsoft is developing new provisioning/deprovisioning technology, auditing, self-service, web services programming interfaces, and support for Windows Workflow Foundation. Those technologies are expected to ship after Longhorn.