Open-Source ID Project Awaits Microsoft's Blessing

← Back to Stories (view on slashdot.org)

Open-Source ID Project Awaits Microsoft's Blessing

Posted by ScuttleMonkey on Friday March 9, 2007 @06:23AM from the vacation-to-purgatory dept.

An anonymous reader writes to mention that an open-source alternative to Microsoft's CardSpace tool has been on hold for months while they await patent blessing from the Redmond software giant. "While CardSpace is available on Windows, one goal of the Higgins project is to cover other operating systems. Higgins wants to offer an open-source alternative that works on Windows and on alternatives such as Linux and Mac OS X. The application would work similarly to CardSpace."

1 of 45 comments (clear)

Min score:

Reason:

Sort:

As usual, clulessness abounds by notaprguy · 2007-03-09 11:44 · Score: 2, Informative

Folks, the whole intent of "InfoCards" is to provide an easy way for users to authenticate regardless of platform/OS. There is nothing proprietary about InfoCards."CardSpace" is a feature of Windows that will help Windows users manage their "InfoCards." MSFT hopes and expects that a variety of organizations (commercial, govt, non-profits etc.) will issue and accept InfoCards and that software developers will build tools/UI's/apps for managing InfoCards on a variety of platforms. The whole premise of InfoCards is to make it easier for users to manage their credentials in a secure way so they don't end up using low-security passwords (mymomsbirthday). It's fairly cool the way it works. The user doesn't actually send any personally identifiable information across teh wire. Here's an example of how it might work: 1. User goes to www.amazon.com. 2. User creates an Amazon account, creating a user name and a password. 3. Amazon asks user if they'd like to get an "InfoCard" which would make it easy and more securely log-on to Amazon next time. 4. User says yes. 5. Amazon sends (via Web standards, nothing proprietary to MSFT or Windows) the user an encrypted token. The token might come with an Amazon-branded digital "card" that visually represents the Amazon account and token. 6. The next time the user goes to Amazon he/she can log-on to Amazon using the InfoCard instead of user name and password. When this happens they send the token issued to them by Amazon where Amazon checks to see if it matches their records.If it does they can access their Amazon account. The advantage of this appraoch are several. Users no longer have to create/remember numerous passwords which is a big convenience. The Amazon's of the world like it because with encrypted tokens it is much harder to password guess to access accounts. No more simple/easy to guess passwords. Ultimately this reduces online fraud and saves us all money. No system is 100% secure but this would help. My understanding is that OpenID and others might create systems that interoperate with/support "InfoCards" which would be a great thing.