Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities

Windows CardSpace empowers organizations to prevent identity theft and systematically address a broad spectrum of security and privacy challenges. Understanding Windows CardSpaceis the first insider's guide to Windows CardSpace and the broader topic of identity management for technical and business professionals. Drawing on the authors' unparalleled experience earned by working with the CardSpace product team and by implementing state-of-the-art CardSpace-based systems at leading enterprises, it offers unprecedented insight into the realities of identity management: from planning and design through deployment.Part I introduces the fundamental concepts of user-centered identity management, explains the context in which Windows CardSpace operates, and reviews the problems CardSpace aims to solve. Next, the authors walk through CardSpace from a technical standpoint, describing its technologies, elements, artifacts, operations and development practices, and usage scenarios. Finally, they carefully review the design and business considerations associated with architecting solutions based on CardSpace or any other user-centered identity managementsystem. Coverage includes The limitations of current approaches to authentication and identity management Detailed information on advanced Web services The Identity Metasystem, the laws of identity, and the ideal authentication system Windows CardSpace: What it is, how it works, and how developers and managers can use it in their organizations CardSpace technology: user experience, Information Cards, private desktops, and integration with .NET 3.5 and Windows Vista CardSpace implementation: from HTML integration through federation, Web services integration, and beyond Adding personal card support to a website: a detailed, scenario-based explanation Choosing or becoming an identity provider: opportunities, business impacts, operational issues, and pitfalls to avoid Using CardSpace to leverage trust relationships and overcome phishing Whether you're a developer, security specialist, or business decision-maker, this book will answer your most crucial questions about identity management, so you can protect everything that matters: your people, your assets, your partners, and your customers.ForewordPrefacePart Ii¾ i¾ i¾ i¾ Setting the ContextChapter 1i¾ i¾ i¾ i¾ The Problem i¾ 3Chapter 2i¾ i¾ i¾ i¾ Hints Toward a Solution i¾ 87Part IIi¾ i¾ i¾ i¾ The TechnologyChapter 3i¾ i¾ i¾ i¾ Windows CardSpace 169Chapter 4i¾ i¾ i¾ i¾ CardSpace Implementationi¾ 223Chapter 5i¾ i¾ i¾ i¾ Guidance for a Relying Partyi¾ 269Part IIIi¾ i¾ i¾ i¾ Practical ConsiderationsChapter 6i¾ i¾ i¾ i¾ Identity Consumersi¾ 305Chapter 7i¾ i¾ i¾ i¾ Identity Providersi¾ 323Index 343i¾