[OpenID] Microsoft and OpenID Q&A
Eric Norman
ejnorman at doit.wisc.edu
Thu Feb 22 23:19:56 UTC 2007
On Feb 22, 2007, at 9:43 AM, Dick Hardt wrote:
> One clear advantage of CardSpace is that it is a strong, phishing
> resistant method of authenticating to a website. How the user
> authenticates to an OpenID Provider is out of scope of the current
> draft of OpenID Authentication 2.0. CardSpace therefore is a good
> solution for how the user can authenticate to their OpenID Provider.
An alternative (but similar) idea was discussed recently on
the user-experience list.
An OpenID provider can be a supplier of managed cards. I.e.
the user is their own IdM, but the management is done (by
the user) on the server that is their OP. Self-asserted
claims are maintained on the OP server instead of the
desktop.
Eric Norman
More information about the general
mailing list