One of the interesting things about writing a book on an emerging technology, is that you rev the chapters several times before they're released.  With the WCF book, this was because we were dealing with CTPS where the object model was changing, with the Information Cards/CardSpace book it's a much better reason. The industry is coming together and collaborating in a most excellent way.

One chapter I'm happy to update this week is the one that looks at information cards outside of Microsoft.

If you haven't heard, some signficant announcements came out of the RSA conference.

#1 JanRain, Microsoft, Sxip and Verisign will collaborate on interop between OpenID and CardSpace

As reported on Kim Cameron's Identity Blog:

JanRain, Microsoft, Sxip, and VeriSign will collaborate on interoperability between OpenID and Windows CardSpace™ to make the Internet safer and easier to use. Specifically:

• As part of OpenID’s security architecture, OpenID will be extended to allow relying parties to explicitly request and be informed of the use of phishing-resistant credentials.

• Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure.  Kim Cameron, Chief Architect of Identity at Microsoft, will work with the OpenID community on authentication and anti-phishing.

• JanRain, Sxip, and VeriSign recognize that Information Cards provide significant anti-phishing, privacy, and convenience benefits to users.  Information Cards, based on the open WS-Trust standard, are available though Windows CardSpace™.

• JanRain and Sxip, leading providers of open source code libraries for blogging and web sites, are announcing they will add support for the Information Cards to their OpenID code bases.

• JanRain, Sxip and VeriSign plan to add Information Card support to future identity solutions.

• Microsoft plans to support OpenID in future Identity server products

• The four companies have agreed to work together on a “Using Information Cards with OpenID” profile that will make it possible for other developers and service providers to take advantage of these technology advancements.

Dick Hardt, Sxip Identity
Kim Cameron, Microsoft
Michael Graves, VeriSign
Scott Kveton, JanRain
 

http://www.identityblog.com/?p=668

#2 Ping Identity has released an open source module for Apache:

Ping Identity Corporation today announced the immediate availability of an open source module that allows Apache-hosted applications to use Windows CardSpace Information Cards for authentication. The Apache Authentication Module for CardSpace can be downloaded from http://www.SourceID.org, the open source federated identity management site sponsored by Ping Identity.

The Apache Authentication Module for CardSpace allows applications using an Apache Web server to use Information Cards as an additional authentication mechanism. It allows LAMP-based Web applications written in Perl or PHP to act as CardSpace relying parties (RP) by means of simple configuration. The module is responsible for decrypting the token submitted by the CardSpace identity selector, retrieving the claims and making the claims available for the application’s use.

http://www.pingidentity.com/about/show/165

This is important as it will increase the potential universe of sites secured with phishing-resistant mechanisms and provide a consistent user experience for consumers in CardSpace.