tags:

views:

51

answers:

1

I just heard about a technology/protocol called "information card", which apparently is an alternative to open-id. How widespread is this and how does it compare to open-id and cas-sso? Also, on what level is Microsoft involved in the standard?

+2  A: 

Microsoft invented the Information Card standard. Their own implementation of it is called Windows Cardspace. It has very limited adoption in the wild at present -- really almost no consumer-facing web site offers it, and most consumers have never heard of it.

InfoCard is virtually 100% phishing-proof, due to its built-in protections for phishing sites that warns the user and the fact that if the user does send their InfoCard to a phishing site, no credentials are sent to that site that are useful to gain access to any legitimate site.

That said, it complements OpenID quite well. Yes, they have similar use cases so they may appear to compete, but they actually work well together (one can use OpenID to log into a relying party web site, and then use InfoCard to log into their OpenID Provider due to the phishing-resistant nature of InfoCard).

If you're interested, you can check out http://openidux.dotnetopenauth.net/ which demonstrates a site that allows a user to log in using either their OpenID or their InfoCard. Note that the InfoCard support only appears in Internet Explorer browsers or other browsers with a [decent] InfoCard Selector plug-in installed (I'm not aware of any).

Andrew Arnott