I'm doing some funky authentication work (and yes, I know, open id is awesome, but then again myopenid doesn't work right at this moment!).
Stumbling across Windows CardSpace I was wondering if anyone has used it in a real production system. If you have, what were the pros and cons for you?
Umm no you don't; you can accept information cards on a web site using a cheap and cheerful certificate (but not self signed) or no certificate at all.
And yes, I've used it as part of a production system which grew out of a proof of concept I did at Microsoft.
Cons: If you don't have an EV SSL certificate you get warnings. The code for parsing a card is incomplete at best (you have to hack it around for no-SSL), you have to explain to users what one is.
Pros: Well that's more interesting; I was using managed cards and issuing them and then having 3rd parties use those to check claims; but for self issued cards; well, it's stronger than username password and doesn't have the same vulnerabilities OpenID has.