Windows CardSpace (

codename A code name, call sign or cryptonym is a code word or name used, sometimes clandestinely, to refer to another name, word, project, or person. Code names are often used for military purposes, or in espionage. They may also be used in industrial c ...

d InfoCard) is a discontinued identity selector app by

Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...

. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

attacks and adherence to Kim Cameron's "

7 Laws of Identity 7 (seven) is the natural number following 6 and preceding 8. It is the only prime number preceding a cube (algebra), cube. As an early prime number in the series of positive integers, the number seven has greatly symbolic associations in religion ...

" were goals in its design. CardSpace is a built-in component of

Windows 7 Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearl ...

, and has been made available for

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was release to manufacturing, released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Wind ...

Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, ...

, and

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

as part of the

.NET Framework The .NET Framework (pronounced as "''dot net"'') is a proprietary software framework developed by Microsoft that runs primarily on Microsoft Windows. It was the predominant implementation of the Common Language Infrastructure (CLI) until bein ...

3.x package.

Overview

When an information card-enabled application or website wishes to obtain information about the user, it requests a particular set of claims. The CardSpace UI then appears, switching the display to the CardSpace service, which displays the user's stored identities as visual cards. The user selects a card to use, and the CardSpace software contacts the issuer of the identity to obtain a

digitally signed A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created b ...

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. ...

token that contains the requested information. CardSpace also allows users to create ''personal'' (also known as ''self-issued'') information cards, which can contain one or more of 14 fields of identity information such as full name and address. Other transactions may require a ''managed'' information card; these are issued by a third-party ''identity provider'' that makes the claims on the person's behalf, such as a bank, employer, or a government agency. Windows CardSpace is built on top of the

Web services protocol stack A web service protocol stack is a protocol stack (a stack of computer networking protocols) that is used to define, locate, implement, and make Web services interact with each other. A web service protocol stack typically stacks four protocols: * ...

, an open set of XML-based protocols, including

WS-Security Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS. The protocol specifies how integrity and confidentiality can be enfo ...

WS-Trust WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broke ...

WS-MetadataExchange WS-MetaDataExchange is a web services protocol specification, published by BEA Systems, IBM, Microsoft, and SAP. WS-MetaDataExchange is part of the WS-Federation roadmap; and is designed to work in conjunction with WS-Addressing, WSDL and WS-Pol ...

and

WS-SecurityPolicy WS-SecurityPolicy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-SecureConversatio ...

. This means that any technology or platform that supports these protocols can integrate with CardSpace. To accept information cards, a

web developer A web developer is a programmer who develops World Wide Web applications using a client–server model. The applications typically use HTML, CSS, and JavaScript in the client, and any general-purpose programming language in the server. is used ...

needs to declare an

HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScri ...

<OBJECT> tag that specifies the claims the website is demanding and implement code to decrypt the returned token and extract the claim values. If an identity provider wants to issue tokens, it must provide a means by which a user can obtain a managed card and provide a Security Token Service (STS) which handles

requests and returns an appropriate encrypted and signed token. During the 2000s, identity providers that didn't wish to build STS could obtain one from a variety of vendors, including PingIdentity,

BMC BMC may refer to: Business and organizations * Beard Miller Company, a US public accounting firm * BioMed Central, a UK-based scientific publisher * BMC Software, an American business service management software vendor * BMC Switzerland, a Swiss b ...

Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, ...

, or Siemens. Because CardSpace and the identity metasystem upon which it is based are token-format-agnostic, CardSpace did not compete directly with other Internet identity architectures like

OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provid ...

and

SAML Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based m ...

. These three approaches to identity can be seen as complementary, because during the 2000s, information cards could be used today for signing into OpenID providers,

Windows Live ID A Microsoft account or MSA (previously known as Microsoft Passport, .NET Passport, and Windows Live ID) is a single sign-on Microsoft user account for Microsoft customers to log in to Microsoft services (like Outlook.com), devices running on ...

accounts, and SAML identity providers. IBM and

Novell Novell, Inc. was an American software and services company headquartered in Provo, Utah, that existed from 1980 until 2014. Its most significant product was the multi- platform network operating system known as Novell NetWare. Under the l ...

planned to support the

Higgins trust framework Higgins is an open-source project dedicated to giving individuals more control over their personal identity, profile and social network data. The project is organized into three main areas: #Active Clients - An active client integrates with a br ...

to provide a development framework that includes support for information cards and the Web services protocol stack, thus including CardSpace within a broader, extensible framework also supporting other identity-related technologies, such as SAML and OpenID.

Release

Microsoft initially shipped Windows CardSpace with the

.NET Framework 3.0 Microsoft started development on the .NET Framework in the late 1990s originally under the name of Next Generation Windows Services (NGWS). By late 2001 the first beta versions of .NET 1.0 were released. The first version of .NET Framework was ...

, which runs on

, and

. It is installed by default on Windows Vista as well as

and is available as a free download for XP and Server 2003 via

Windows Update Windows Update is a Microsoft service for the Windows 9x and Windows NT families of operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Wind ...

. An updated version of CardSpace shipped with the

.NET Framework 3.5 Microsoft started development on the .NET Framework in the late 1990s originally under the name of Next Generation Windows Services (NGWS). By late 2001 the first beta versions of .NET 1.0 were released. The first version of .NET Framework was r ...

. The new Credential Manager in Windows 7 uses Windows CardSpace for the management and storage of saved user credentials.

Discontinuation

On February 15, 2011, Microsoft announced that Windows CardSpace 2.0 would not be shipped. Microsoft later worked on a replacement called

U-Prove U-Prove is a free and open-source technology and accompanying SDK for user-centric identity management. The underlying cryptographic protocols were designed by Dr. Stefan Brands and further developed by Credentica and, subsequently, Microsoft. Th ...

References

External links

;Software development
Windows CardSpace on .NET Framework documentation site
– Developer articles and technical documentation on Windows CardSpace
Microsoft Information Card Kit for ASP.NET 2.0
– ASP.NET Relying Party (RP) code to support CardSpace
Microsoft Information Card Kit for HTML
– platform-independent JavaScript and CSS code that detects if the client can use i-cards and provides the corresponding UI support * Open sourc
Ruby
RP code for accepting information cards * Open sourc
Java
RP code for accepting information cards * Open sourc
C and PHP
RP code for accepting cards * Open sourc
C
RP code for accepting information cards and

STS STS, or sts, may refer to: Medicine * Secondary traumatic stress, a condition which leads to a diminished ability to empathize * Sequence-tagged site, a gene-reference in genomics * Soft-tissue sarcoma * Staurosporine, an antibiotic * STS (gen ...

code for managed i-cards * Open sourc
PHP
Security Token Service code for managed cards * Open sourc
C#
STS code for managed information cards ;Identity selectors
Digital Me
– an open-source Identity Selector for

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...

and

Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

A plug-in
for Apple's

Safari A safari (; ) is an overland journey to observe wild animals, especially in eastern or southern Africa. The so-called "Big Five" game animals of Africa – lion, leopard, rhinoceros, elephant, and Cape buffalo – particularly form an importa ...

implementing an Information Card identity selector
A plug-in
for

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...

to activate CardSpace and other identity selectors ;Blogs
''Kim Cameron's Identity Weblog''
– Blog from Microsoft's architect for identity
''Mike Jones: Self-Issued''
– Blog on CardSpace, cards, and digital identity from Microsoft's Director of Identity Partnerships
''Vittorio Bertocci'' (archived)
– Blog on designing and developing with CardSpace from Microsoft's architect evangelist for Windows Server 2008
''Claim-Based Identity Blog'' (archived)
– Blog on CardSpace from its development team {{Windows Components CardSpace CardSpace Web services Federated identity Discontinued Windows components

Overview

Release

Discontinuation

See also

References

Further reading

External links