CardSpace interoperability with PHP and Java

  • Article

Another note on PHP...  this time dealing with Information Cards and CardSpace.

This, like the SQL+PHP integration I mentioned previously, was also announced at ZendCon about 10 days ago.

Microsoft and Zend Technologies announced a collaborative effort to enable support for information cards by PHP developers through a component built for the Zend Framework. Using this as a stand-alone component or as part of the Framework, PHP developers will be able to specify a Web site’s security policy and accept information cards from trusted third parties. From the press release:

“Microsoft and Zend are making a commitment to deliver information card support to PHP developers, which will reduce development costs and help make the Web safer and more secure for people,” said Vijay Rajagopalan, principal architect for Platform & Interoperability Strategy at Microsoft.

Just what is an Information Card, you ask? Wikipedia calls it an i-card, and defines it like this:

a rectangular icon displayed in the user interface of an identity agent that represents a digital identity--a set of claims about a digital subject.

But of course the real value in an information card is what you can do with it: replace the username/password login paradigm.  I won't get into why using Information Cards has the potential to greatly increase the security of electronic interactions between parties; if you want the details, check out the overview of CardSpace here.  The key point is you no longer have to supply a name and a password to a site that wants to identify or authenticate you. Using information cards, you can provide one or more claims about yourself ("I'm an employee of Megacorp",  "I'm a student of the University of Transylvania"), and you need not provide all your private information.  The Information Card model allows people to stay much more in control of their own private information. 

CardSpace is the brand-name for the information card technology that is included in Windows operating systems.  As for CardSpace support within Windows, there is a CardSpace user interface that pops up, for example, when a website asks for an information card.  There is also a set of class libraries that allows server-side applications like ASP.NET web sites to examine the claims in the information card passed by the web browser or other authenticating application.

What's happening in the announcement I mentioned is that Microsoft and Zend are collaorating to enable PHP Websites to handle information cards with the same facility that is now possible in server-side .NET applications.

Just to be very clear, the term "information card' is a general one.  Windows CardSpace is the brand name for one specific implementation of information card.  Other operating systems will provide other implementations of information cards.  The whole thing will be quite interoperable. 

The PHP work on information cards extends Microsoft’s previous interoperability efforts in this area. Microsoft, in collaboration with Fraunhofer Institute FOKUS and ThoughtWorks, has developed open source interoperability projects on information cards for systems based on Java and Ruby, too!  This means a Web app built in Java and running in JBoss or Jetty or WebSphere can accept a digital information card for security-enhanced identity and authentication. A Web site built on Ruby on Rails can accept an information card. There is also an open source information card library project implemented in C, developed by Ping Identity. 

Lots of interop to go around here.

Information about these open source interoperability identity card projects can be found at:

ps: Kim Cameron had mentioned this previously.