Vittorio on the team has been working with the CardSpace product group and the local Singapore office on an eID ( Electronic ID ) project with the Singapore health service. This solution offers citizens with a high level of security to a portal using a Hard Token and open standard technologies ( WS-* ). The project uses CardSpace to gain access to these services and was launched in Singapore today together with its partners. The most exciting piece is that fact that they are using “hard token” to add more security to the solution in an open way.
Think about the implications for other verticals? Imagine high value services in finance, retail, ecommerce, banking. Username and password look a little weak..
Vittorio has more details on his blog about the solution, but below is a quick snippet of the details.
When the user is logging onto the system there are a few steps
1) They are first asked to present a hard token through a custom dialog
2) The enter a connecting CardSpace Information Card using the standard dialog.
3) Once the user selects the correct card, this starts a conversation with a Security Token Services on the back end, which then asks the user for a password.
4) They have access to the services on the site.