Wednesday, August 13, 2008

Information Card

Probably the new Buzzword in Security realm is going to be Information Card (InfoCard, CardSpace etc), This time from Microsoft!
Basically information Card is using Public key/private key for authentication (kind of Client_CERT authentication). Your key combination (is called card; you can have n number of cards) are stored in Identity Selector (Control Panel > Windows CardSpace; You need to install it in Windows XP as part of .NET Framework 3.0). When you sign up a account in a website, you will send this card first time to the website. In subsequent sign in you need to send the card for authentication. You can use either self signed cards (personal card) or cards signed by CAs (managed cards). You can optionally secure your cards in the machine using a PIN.
However roaming (using the card from some other machine) with Information Card is still not a viable option (you need to export and import)

No comments: