Using CardSpace software, a user controls a set of identities called Information Cards. Information Cards can be self-issued by users or downloaded from identity providers, such as credit card companies or government agencies. When a Web site requests a user's credentials, instead of entering a username and password, the user can choose the appropriate Information Card to present to the site. CardSpace then retrieves credentials from the identity provider and passes them to the Web site. For instance, a self-issued Information Card may be sufficient to log in to a blog site to post a comment, while an Information Card issued by a credit-card provider would be needed to make a purchase from an e-commerce site.
For users, Windows CardSpace capabilities are built into the Vista OS and can also be run on Windows XP. It works automatically with IE 7, while Firefox users must download an extension. Behind the scenes, CardSpace uses a variety of WS -* specifications, including WS-Trust and WS-SecurityPolicy.
This spring, Bill Gates announced that Microsoft would cooperate with the OpenID Foundation. This means both entities will work together to help third-party developers and service providers use both CardSpace Information Cards and OpenID. For instance, JanRain and Sxip, which offer open-source blogging and Web site code libraries, will add support for Information Cards in their OpenID code bases. Microsoft has also pledged to support OpenID in future products.
In addition, OpenID has been extended to support more robust authentication mechanisms, which was a key concern for Microsoft. The extension to the OpenID specification lets Relying Parties indicate authentication preferences, such as the use of phishing-resistant identity credentials, and lets Identity Providers help users meet those preferences, a capability that Microsoft wanted in the spec.
Of course, people get nervous when Microsoft embraces a technology. But David Recordon, a lead developer of OpenID and innovator for advanced products and research at VeriSign, is sanguine; he cites a good working relationship with Microsoft's identity team over the past two years.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
