Posted by Charles // Mon, Apr 10, 2006 6:39 PM
Ever wonder what InfoCard is all about? Well, Nigel Watling, an InfoCard Technical Evangelist, and Andy Harjanto, an InfoCard Program Manager, sure can explain it all to you. Here, they discuss all aspects of InfoCard (with a lot of time spent on the whiteboard). We're joined by a special guest towards the end of the discussion, who you'll see more of as we cover InfoCard architecture and internals in an upcoming Going Deep episode.
Tags: InfoCard
|
| Clip Length: 00:51:37
|
|
Replies:
17
// Views:
13,639
|
 |
|
|
Great Explaination. Really good examples. This isn't passport 2.0 
|
yes, looks 'a bit' more capable than passport 2.0. passport was (is) a goot idea, though - that has been killed by licensing terms.
|
Great video. I'm really looking forward to this. I have two quick questions however:
(1) I understand the multiple users on a single computer scenario, but what about a single user across multiple computers? For instance, how would I check my mail at an internet cafe? How would I get my cards on that machine and make sure they're removed when I'm finished?
(2) Why .crd and .crds instead of .card and .cards, respectively? When will the computer industry's war on vowels come to an end?
Thanks. 
|
 | BryanF wrote:
(1) I understand the multiple users on a single computer scenario, but what about a single user across multiple computers? For instance, how would I check my mail at an internet cafe? How would I get my cards on that machine and make sure they're removed when I'm finished?
|
Yes, I am wondering about this as well... I'm assuming that there is a way to get limited-time (per session, etc.) cards? And for the moving across multiple comptuer scenario... do you always start out with a self-issued card that contains a password in the InfoCard system (this self-issued card being the gateway to some cryptographically strong card from some base identity provider)?
|
Maybe. But then... how would you log into Windows Live?
We may need some "special" brownies for this one.
|
OK so what happens when I log on to machine at home do I still have my infocard?
If not then is n't this flawed.
It would be cool if you could change infocards trusted storage subsystem to be a usb drive or web service
|
 |
dahat
Vist my homepage to help pay off my student loans
|
|
|
|
Great stuff! I look forward to this, as well as the impending cries of the OSS crowed when they think Microsoft is trying to take over the world and count them out again.
Of course... like many I’ve still got questions... What mechanisms are available for backing up ones own InfoCard? Are they simply files sitting on the HD that could be copied over to another machine?
I am one who is quite good at hosing my Windows install from time to time and before paving and reinstalling, I will boot up in to a secondary install and copy over files I can’t live without... which also makes me wonder: how you would go about replacing a lost InfoCard (likely far harder with self issues ones)?
|
 |
SlackmasterK
Its like when monkeys use tools for the first time
|
|
|
So if I wander around and use multiple computers, I'll have to carry my InfoCard around on a ThumbDrive?
|
|
Guys, these are great questions. Can you also go to Kim's blog site and post them there. I am sure he would like to hear them and respond.
http://wwww.identityblog.com/
|
Is Microsoft thinking at all about the interoperability aspect of the Infocard technology. I mean are you thinking at all how to enable the rapid and seemless adoption of this technology into other non-Microsoft operating systems and applications. To enable I mean how you are thinking to aleviate fears around any legal (eg. licensing) issues or not to create them in the first place. To enable I mean how to support 3rd parties in creating Infocard implementations onto other platforms and web servers. To enable I mean how to formalize and standardize the Infocard technology through a transparent standardization process. To enable I mean how to even give away some source code for such 3rd party effords.
If not, don't you worry that Infocard might have the fate of Passport concerning its interoperability aspect and that it might end up as a Windows only solution? After all, a universal authentication technology, as Infocard tries to be, should be above all ... universal!
Infocard is too good of a technology and it would be unfortunate to it to fail due to miss-handling of trust issues in this complex industry.
|
|
(1) The best solution for this scenario - making the not unreasonable assumption that the internet cafe machine you're using has been compromised and has a key logger installed (be careful out there folks e.g. Outlook Web Access) - is to use a "portable STS".
Imagine a device that holds personal data and allows you to authenticate. This could be something like a USB key or a mobile phone. You would select a card and be supplied a signed, encrypted security token to present to a site or service. You walk away with the device when you're done.
We showed a prototype of this at the PDC and are working on making it a reality.
(2) You have a good point. We're still recovering from the shock of moving from 8.3 and feel honour-bound to maintain the rich tradition of file-naming conventions on Windows. Hey, it could be worse: we might have chosen the developers' initials for application names.
|
Yes,
Or you could use group policy in an enterprise environment,
Or you could use a "cards in the sky" type service.
|
|
Don't worry, we fully appreciate the importance of interoperability and cross-industry adoption. You would be hard-pressed to find a stronger advocate of this than Kim Cameron.
The wire protocols we use, eg.
WS-Trust
WS-Security
WS-MetadataExchange
WS-SecurityPolicy
are open standards, submitted to standards bodies such as OASIS.
Our implementation of InfoCard and the Identity metasystem has been specifically designed for ease of adoption on other platforms and in other software. For example, we could have tied InfoCard to Internet Explorer but we have chosen an approach that allows Mozilla, Opera or whoever else to easily add InfoCard support.
We have published a guide for Integrating with InfoCard specifically to help people on non-MS technologies and they are building. We fully hope and expect to see identity selectors, identity providers and relying parties on other platforms.
Publishing source code is always a delicate topic in this company so I cannot promise anything there but we are doing our very best to get this technology adopted on other platforms. We'll know we've really succeeded when someone can use Firefox on a Mac with a Mac identity selector to access a security token service running on Linux and thereby authenticate to an Apache website.
Ultimately, this is a problem that we all want to solve. When you read reports such as one from Gartner where it says confidence in the Internet is impacting online purchasing behaviour and one from Harvard and Berkeley showing how incredibly effective phishing can be - even with savvy users - it makes you realize that something needs to be done. What's the point of Web 2.0 if people have no confidence in the Internet to begin with?
We're trying to provide a solution that everyone can use.
|
|
"(2) Why .crd and .crds instead of .card and .cards, respectively? When will the computer industry's war on vowels come to an end?"
If the crds wasn't 4 letters long I would say it had to do with the ISO 9660 CD filesystem. But I guess it doesn't.
|
In "InfoCard" v1.0, you'll be able to export/import cards to/from your hard-drive/USBkey etc.
We're currently working on a mechanism to allow you to safely store your cards on secure portable storage devices whilst still maintaining InfoCard's open extensible architecture. 
|
Nigel,
that sounds great.
Do you know if the portable STS will be available in the first Infocard release (in Vista)?
If not, any target date for a SP?
thanks
|
|
|