.NET 3.0 Roadshow: An introduction to Windows CardSpace

By Brian Eastwood, Site Editor 23 Oct 2006 | SearchVB.com

Office Development Channel Digg This!     StumbleUpon     Del.icio.us

End users can have a rough time managing their identity. They use passwords that are too simple, they use complex passwords but write them on notes taped to their machines, they forget passwords and lock themselves out of important applications, and so on.

It's an identity metasystem, independent of technology or platform. Michele Leroux Bustamante chief architect, IDesign

In the upcoming .NET 3.0 and IE 7, Microsoft hopes to put an end to this. The company has introduced Windows CardSpace, which lets users store different forms of their identity and deploy them when needed. "It's an identity metasystem, independent of technology or platform," Michele Leroux Bustamante, chief architect at IDesign, told attendees at the .NET 3.0 Roadshow, a Dr. Dobbs seminar that came to the Boston area last week. Code samples from her presentation are available here.

CardSpace offers two types of cards. Users can create personal cards for tasks like playing games online or giving someone a business card. On the other hand, managed cards are issued by an associated identity provider, like a bank or credit card company. With managed cards, Leroux Bustamante said, a user's information stays with the identity provider.

Each card represents a set of claims about a person, a company or even an application itself -- stuff like name, date of birth and phone number. The actual claims are not on the card, she said. Instead, the card indicates which identity provider must be accessed to retrieve the claim.

To retrieve the claim, a card requests a security token from the identity provider. That token, which is an XML-based token called a SAML token, contains the actual claims and is signed with the identity provider's private keys.

Once the request for a token is made, the GetToken call locks down the entire process, Leroux Bustamante said: "Users can only interact with the CardSpace UI. Other code cannot run." The token is encrypted, so it must be decrypted, and its signature validated, before its claims can be extracted.

More on this topic Tip: What's up with Windows CardSpace

CardSpace can be used in both browser- and client-based applications. In the former case, developers can trigger the CardSpace UI with OBJECT or XHTML tags. Only IE 7 supports CardSpace, so an application with potential users in IE 6, Firefox, Safari and Opera should also support the standard username and password system, Leroux Bustamante said.

As for smart clients, Windows Communication Foundation services can trigger CardSpace, she said. Claims-based authorization is not part of WCF v1.0 but should be included in future versions.

Tags: Windows Vista security and .NET Framework 3.0,  .NET Framework 3.0 design and architecture tools,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Vista security and .NET Framework 3.0 User Account Control (UAC): How to develop code for standard users How to write installers in Vista that work correctly under UAC How to elevate programs' privileges correctly using Vista's UAC Introduction to Vista's user account control (UAC) for developers Beginning Windows CardSpace development Five Windows Vista security tips .NET developers should know Windows CardSpace standards, user controls sway online banker .NET 3.0 Roadshow: Instance management, security in WCF What's up with Windows CardSpace Get your code ready: Windows Vista is just around the corner .NET Framework 3.0 design and architecture tools WPF application speeds development, back-end integration Printing in Windows Presentation Foundation Designing Windows Communication Foundation service contracts ILOG Rules for .NET integrates with Office 2007, .NET 3.0 .NET development in the trenches Microsoft developers balancing age-old issues, barrage of new technology SearchVB.com's Podcast Page Visual Studio 2008 Learning Guide: Multi-targeting Introduction to the Web Service Software Factory Beginning Windows CardSpace development

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary .NET 3.0  (SearchWinDevelopment.com) IronRuby  (SearchWinDevelopment.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary