April 25, 2007

RunAs Radio interviews me about Cardspace

Recently I was interviewed by Richard Campbell and Greg Hughs on RunAsRadio. You might have heard of Richard... he's also the host of .Net Rocks!. Where .NET Rocks! is for developers, RunAsRadio is for IT Pros.

Anyways, if you would like to listen to the interview we did on Cardspace, you can download it here. Its about a half hour long, and is a simple introduction to the world of Cardspace, atleast for the client side perspective.

For those already versed in the subject, you will notice a few term definition problems in the interview. It went by so fast, and I didn't make it clear what I was getting at. For those that don't know, here is a primer that may help understand how I talk about digital identity:

  • InfoCard : An information card. The previous code name for Cardspace
  • Identity Card: Generic term to mean a piece of digital information that represents your identity
  • Identity Provider: As the name implies, a provider of one's digital identity.
  • Relying Party: A system/application that relies on a digital identity for authentication, and possibly authorization. It is up to this party to decide which Identity Provider(s) it is willing to trust. ie: Web site, LOB app etc
  • Claim: An assertion of a piece of information belonging to an identity. ie: username, password, age, phone number etc.
  • Wallet: A piece of software that holds Identity Cards. Vista ships with a wallet that holds Information Cards. You can also download it for XP.

In a couple of places I used the term "credential" where I was really talking about "claims". And in passing it may sound like I was saying its the Identity Providers (IdP) role to decide who to trust. That didn't come out right. It is up to the relying party to decide which IdP it wishes to trust. In some cases, it will trust you, because you act as the provider. How? Because when you create a a self-issued card and submit it, you are asserting you are who you say you are. It won't be as trusted as much as say... a government IdP. But you get the point. I hope Kim doesn't think about throwing a brick at my head if he hears the interview :)

Anyways, fun interview. Richard and Greg have asked me to come back and do another one where we can explore the server side of things... and discuss how Relying Parties and Identity Providers really work. We may even get into some discussion about Longhorn server and some of the interesting bits there that can be leveraged for the new digital identity ecosystem. Until then... enjoy!

Posted by SilverStr at April 25, 2007 03:46 PM | TrackBack
Comments

Whenever Microsoft talks of identity management im getting a bit "frightend" :). Im trying to get into this tpoic a bit, maybe it opens some new aspects for my software development in WinFX.

Posted by: netvance at April 29, 2007 08:15 AM