[OpenID] Microsoft and OpenID Q&A

Eric Norman ejnorman at doit.wisc.edu
Thu Feb 22 23:19:56 UTC 2007


On Feb 22, 2007, at 9:43 AM, Dick Hardt wrote:

> One clear advantage of CardSpace is that it is a strong, phishing 
> resistant method of authenticating to a website. How the user 
> authenticates to an OpenID Provider is out of scope of the current 
> draft of OpenID Authentication 2.0. CardSpace therefore is a good 
> solution for how the user can authenticate to their OpenID Provider.

An alternative (but similar) idea was discussed recently on
the user-experience list.

An OpenID provider can be a supplier of managed cards.  I.e.
the user is their own IdM, but the management is done (by
the user) on the server that is their OP.  Self-asserted
claims are maintained on the OP server instead of the
desktop.

Eric Norman





More information about the general mailing list