when you find the need to go beyond documentation.. IDentity EnAbled Services

Yes (to all those who were wondering on who is working on porting infocard to Solaris/Linux, I currently am working on integrating infocard with access manager and my next move would be to port infocard to Solaris/Linux. The process of porting infocard over is not a 1 week task. It may take me longer as i'm overloaded with work and hardly have time to spare for this development. But with me assigning an hour or two everyday I hopefully would complete this shortly. In the meantine I shall also blog my experiences in the process. and here's my first run at it. infocard in it's current form can be used on Window XP desktops  which have SP2 installed, Windows 2003 Server with SP1 installed and Windows Vista (February CTP). It require WinFX Runtime Components (for x86 or for x64). I currently am playing around with infocard on Window XP with SP2 and Windows 2003 Server with SP1. As soon as the WinFX CTP is installed on the system, the infocard components also get installed. You would also notice that your control panel would now have a "Digital Identities" component installed. This is the core component from which you can create, edit, import or delete your infocard's. You can create as many "Identities" as you choose. but what Bugs me is that I can create "any" Identity of my choosing. The screenshot below shows how I created Identities with Myself, Kim, Pat and Bill Gates as the "identities" "I" wish to be recognized as.
click to enlarge Here's the issue that bugs me. This issue has been bugging me for a while since the time "user-controlled" identities became the talk of the town oops web. The term "identity management" I believed was a step forward in preventing "identity theft" (someone, please correct me If i'm wrong here). With the volume of identity theives who exists on the web today, the ability of creating "identities" just faciliatates the process. I agree that the "identity" may be of no good is nobody accepts the identity. But however, Microsoft would succeed to enabling organization in adopting infocard and it's usage participation would rise. For Organizations (participants) who have their head over their shoulders, the organizations ("issuers") would issue users their "infocard"/"identities" which could be used to access a service. Users could import the "issued" infocard onto their desktops using the "Install a provider card" as in the screenshot below.
click to enlarge Here's my biased opinion. If the only infocard's that MATTER are the ones that are issued by a provider, What makes it different from "Liberty"? Liberty is built on the "identity-given" framework/concept. The ability of enabling a user to create his own "infocard" may sound appealing, but how does it help? Well, for a novice user, it may sound cool, because he/she can create several "infocards" of themselves and choose which one to provide a "requestor" based on the information he/she would want to provide a particular web service/application. But for the miscreants, it's a toolkit to spoof identities. Another issue is that the "infocard's" are stored on a users desktop (porting them from one system to another "may" be a pain to a novice user). Now, this makes it even worse. anybody who has access to the users machine has the ability to delete the infocard's that one may have created. What IF my son deletes my infocard'S intentionally or accidentally ? What If my infocard gets stolen ? If the infocard's are not protected, they could be exported from one machine to the other with ease. The only way to secure it it by password protecting it. (So where does no passwords required play a picture in this ?) One can come up (makeup) with numerous issues with this model. But whats important is the fact that the "only" infocard's that matter would be the ones that are issued by a service provider/identity provider. Well, we have another issue now, IF  each IDP/SP would start issuing infocard's to their users, the user ends up having tens of hundreds of infocard's to manage. How different is that from tens of hundreds of username/password combinations? As a infocard user am I supposed to store all my infocard's on a USB drive and carry it along with me just to enable me to use a service from any desktop? (the desktop additionally should be infocard enabled !!). AH!! I'm tired right now. I shall follow up on this again soon.. as my thoughts keep formulating and changing. PS: I personally like JavaCards. Please read Hubert's post on Liberty à la InfoCard. And think... "JavaCards and Liberty". You be the judge. So you decide for yourselves. UPDATE : This does not mean that I am not working on porting infocard to *nix and integrating it with AM. I am working on that too. Shall keep you posted on developments at my end periodically. UPDATE 2 : I am NOT against infocard. I'm just thinking out loud as I keep discovering new stuff. And thought processes change periodically. The only thing that has been constant in my discoveries so far has been "change"