Here's the scenario. I'm using myopenid for, among other things, StackOverflow. When I initially set up my openid account with myopenid, I decided to try out Cardspace because they had support. I later wanted to access Stackoverflow from another machine so I chose to back up my card. I gave it a password and a filename and successfully ...
Hi, I like the idea of CardSpace but unlike OpenID it seems like a real PITA to support it in your ASP.NET web application. I've found many examples, even a tutorial in one of the books I own... but it would seem a lot more is required than what they suggest. Changes to the server and such? Can someone tell me: What I need to confi...
I'm interested to know if there's any sites out there that has implemented CardSpace as an alternative authentication. I certainly like to see how different it is from, say, using OpenID. ...
Is it possible to replace Microsoft Cardspace UI with your own? Or use Cardspace without any UI? ...
What changed in IE8 that makes detecting InfoCard Selector support in javascript stop working unless IE8 is put in Compatibility Mode? And more to the point, what is the new JavaScript code to detect the presence of InfoCard support? Here is the script that worked up through IE7, including FireFox with a plug-in in some cases: functio...
I am seeking examples of how others have modified LDAP schemas to support Cardspace and/or OpenID. Links to LDIFs or other documentation is greatly appreciated. ...
Currently, the XACML specification defines a protocol for request / response but leaves it up to interpretation as to how it can be integrated into an enterprise application. I believe that the value of XACML won't be realized unless there is the creation of a new open source project that attempts to develop/standardize around a set of c...
Stackoverlow decided to use OpenID probably due to its simplicity while others believe that Information Cards (e.g. cardspace) is a better strategy in that it is backed by major industry vendors and is known to be more secure. Are there libraries that a developer can drop into a Java web application that will easily support both? ...
I'm maintaining an Intranet website for my company that they want to expose to the big, bad outside World. Right now, it has no authentication or authorisation whatsoever. My idea to manage user accounts is by using existing technologies to validate user accounts and build an authorisation model on top of this. Existing techniques would ...
Very simple problem. I have a Delphi application and I want to restrict access to this by requiring users to log on using CardSpace. Basically, I need to extract the ID, name and address information from the cardspace card. The use of CardSpace is a requirement from a customer and I just want to know if: Can CardSpace be easily used f...
Microsoft has this nice little feature called CardSpace. This is a Microsoft implementation of InfoCards. Microsoft has a nice document which explains how it can be used, which is useful. And doing a Google search doesn't provide me many useful answers but it does provide an enormous amount of noise. (Mostly because people wonder what it...
I would like to add my own authentication mechanism to the Windows CardSpace Client. Currently I see four authentication mechanisms: X.509 certs Kerberos Username/Pass Personal Card Is there a way to add other authentication mechanism and use some type of handler? This seems weird to me that it is not available. I think I may be a...
A simple scenario: Let's say we have a Web Application up in the cloud that let users sign up using OpenID. (I'm open to use Windows Live ID as alternative) They can log in and update some meta data, for example what their favorite color is. If I now want to get this information from a desktop client, how do I do that? I will probably ...
I need to discuss and know the possible seucruity issues in Microsoft CardSpace. I have been reading the official guide for CardSpace. So far, one of the concern that I see is that it is plain XML information which is being communicated. Solution to that is SSL or some certificates. But besides that, what are known issues in Microsoft ...