Many of the problems facing the Internet today stem from the lack of a widely deployed, easily understood, secure identity solution. Microsoft’s “InfoCard” project and the Identity Metasystem vision underlying it are aimed at filling this gap using technology all can adopt and solutions all can endorse, putting users in control of their identity interactions on the Internet. The design decisions presented in this paper are intended to result in a widely accepted, broadly applicable, inclusive, comprehensible, privacyenhancing, securityenhancing identity solution for the Internet. We present them and the rationale behind them to facilitate review of these design decisions by the security, privacy, and policy communities, so that people will better understand Microsoft’s implementations, and to help guide others when building interoperating implementations.
[1]
Giovanni Della-Libera,et al.
Web Services Security Policy Language (WS-SecurityPolicy)
,
2002
.
[2]
BOARD OF GOVERNORS,et al.
TO THE OFFICER IN CHARGE OF SUPERVISION AND APPROPRIATE SUPERVISORY AND EXAMINATION STAFF AT EACH FEDERAL RESERVE BANK, AND TO BANKING ORGANIZATIONS SUPERVISED BY THE FEDERAL RESERVE SUBJECT: Interagency Guidance on Authentication in an Internet Banking Environment
,
2005
.
[3]
K. Cameron.
The Laws of Identity
,
2005
.
[4]
Giovanni Della-Libera,et al.
Web Services Trust Language (WS-Trust)
,
2002
.
[5]
Phillip Hallam-Baker,et al.
Web services security: soap message security
,
2003
.