InfoCard: Microsoft's NG Identity Metasystem

Leaning from the experiences of .NET Passport, Microsoft realizes that it's almost impossbile to create a unified digital identity system in the world with Internet scale authetication services. .NET Passport works fine in Microsoft sites and some close partners, but fails to persuade all customers to give out their privacy info and allow the participiance of Microsoft in their transactions. So Microsoft tries to work out a new identity management solution, namely Identity Metasystem, to combat more and more online identity theft, fraud and other privacy issues. InfoCard is essential to that system.

InfoCard dubuted in WinFX Beta 1 RC release. Instead of creating a unified indentity system, it manages to build an open framework that abstracts away from the differences and implementation details of ad-hoc identity systems, such as X.509, XAML, Kerboros, .NET Passport, etc. Every single indentity system is easy to be integrated into InfoCard as long as it embraces a set of common rules: The Law of Indentity. InfoCard doesn't store any privacy data by itself; instead the ad-hoc identity system decides where and how to store the data. When some indentity info are required (e.g., when you purchase a book on Amazon, when you log on your E-bank, etc), InfoCard talks to the particular identity system and then prompt a unified user interface to help users determine what infomation to be exposed and deal with the authentication process.

The InfoCard system has a two-fold motivation:

1. To bridge technology and organizational boundaries by building higher abstract layer. (just as IP protocol brigdes different LAN, DirectX conceals the details of different graphics cards)
2. To construct a uniform user experiences across multiple contexts, technologies and sevice provider. It helps user make informed and resonable identity decisions and keep them away from most security risks such as "phishing attacks".

Remember that InfoCard is an open system. It's designed to supply a unified indetity architecture that helps improve the interoperability between existing identity system rather than compete with them.

* Disclaimer: This post is provided "AS IS" without any warranties and confers no rights. It's totally my personal opinion and does not reflect any organization's point of view.