The CardSpace factor

Eric Norman ejnorman at doit.wisc.edu
Sat Feb 17 03:57:47 UTC 2007


On Feb 16, 2007, at 8:57 PM, Drummond Reed wrote:

> It appears to me that with OpenID and CardSpace, all four options for
> asserting a public personal identifier (PUBPID for this message) via an
> infocard are valid:
>
> 1) Self-asserted card, PUBPID validated via OpenID
> 2) Self-managed card[*], PUBPID validated via OpenID
> 3) Third-party asserted card, PUBPID validated via OpenID
> 4) Third-party asserted card, PUBPID validated via CardSpace signature
>
> [*] This is the option described by Eric where a user manages their own
> cards at a third party i-broker.

I don't think that's what I'm thinking.  I'm going
back to the beginning of this thread and thinking
about another option other than the analogy of
showing a business card with your OpenID URL on it.
PUBPID is not involved in what I'm thinking.

In a sense, I'm trying to come up with a trick to
do an end run around the fact that the self-asserted
claims of CardSpace seem to be cast in stone.

I'll elaborate a bit and hope that helps.  When
installing a managed card in your identity selector,
there comes a time when you have to fill in a URL
for an IdP, i.e. who will be supplying managed cards
for you.  I'm thinking that you could put your OpenID
URL in there.

 From what I understand, managed cards are much more
flexible regarding what claims are allowed.  So the
trick here is to use managed cards but the claims
that they supply are really self-asserted as far as
level of assurance is concerned.

Eric Norman





More information about the user-experience mailing list