IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft announces OpenID support in CardSpace

Two of the most prominent identity technologies come together to deliver a "phish-proof internet".

Microsoft has announced plans to support the OpenID authentication platform as part of its CardSpace digital identity technology.

Speaking at the RSA Conference in San Francisco, Microsoft co-founder Bill Gates outlined the company's refreshed identity strategy - including support in Windows CardSpace for the OpenID 2.0 identity standard. As part of an interoperability agreement OpenID will also be extended to handle phishing-resistant credentials, adding a new layer of trust to ecommerce sites.

Originally designed by Brad Fitzpatrick, chief architect at blogging platform developer Six Apart for use in cross-blog authentication, OpenID has rapidly become a key digital identity technology, allowing identity assertions to be shared across multiple systems. While other identity systems work well in closed enterprise networks, OpenID has been designed from the ground up for handling identity on the public internet. Microsoft's collaboration with the OpenID project will add support for strong credentials. As many sites and services already use OpenID, this approach will open up much more of the web to Microsoft's fledgling CardSpace.

Key open source developers have welcomed the news; Fitzpatrick described Microsoft's involvement in the project as "great". OpenID can already use Kerberos, voiceprints, and Jabber JID as authentication components, and he sees CardSpace as another authentication technology. CardSpace authentication will bring OpenID support for the WS-Trust web service standard, and Microsoft will be supporting OpenID in future identity server products.

Microsoft's Chief Architect of Identity Kim Cameron calls OpenID "a really great technology for doing public identities - the simplicity is stunning" and suggests that "It's one of the things that will really drive us towards the identity Big Bang. And the whole world will benefit."

Sxip Identity's Dick Hardt agrees that this is a major endorsement of OpenID, and Sxip will be working with Microsoft to add CardSpace Information Card support to their existing OpenID products. These include an open source distributed identity plug-in for any web site, and a range of identity appliances that provide identity management and integration tools for businesses. Other partners include JanRain, which supplies the code many web sites use to work with OpenID, and Verisign.

Kim Cameron has described the solution to the problem of identity as a metasystem, where different technologies cooperate to share assertions and authentications. OpenID is part of this identity metasystem, and has already converged with technologies like Yadis, XRI and Sxip. Its strength lies in its wide adoption by so many different platforms and technologies There have been concerns about Microsoft's involvement with the OpenID specification, but Cameron and the OpenID are both convinced that Microsoft will not exert undue influence.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Should you take your password manager off the internet?

Should you take your password manager off the internet?

28 Jul 2022