InfoCard: A New WinFX API

I'm surprised not to have seen more buzz in the developer community around InfoCard, which is easily one of the coolest new technologies and an intriguing solution to the problem of federated identity management. The WinFX Beta 1 RC release that we shipped last week is the first public exposure of this technology, so if you want to be really ahead of the curve, you might want to explore the samples and limited documentation in this release.

At its heart, InfoCard attempts to solve the problem of trust on the web. When I visit my bank, how do they know that I'm really Tim Sneath, and how do I know that they are really my bank? The proliferation of user accounts and passwords today is an increasing security risk, as many people share their credentials across multiple parties or otherwise simply struggle to manage a collection of hundreds of different registration details. Furthermore, fraud is an increasing risk, with increasingly sophisticated spyware now gaining control over DNS host caches, international domain names and many other threats to casual users.

InfoCard provides an open, web service-based model for selectively sharing your digital identity with third parties. The goal is that you'll be able to have multiple certificate-backed identities issued by various trusted providers, that you can optionally make available to a website based on the level of trust and privacy you want to make available.

The main article that puts forward our vision can be found here on MSDN. At the high level, you can also read an article from Kim Cameron, one of the architects of InfoCard, on building better identity systems here (Kim's blog is here). One of the better external articles on InfoCard (to my mind) can be found on Johannes Ernst's blog; there are also news articles at ComputerWorld and CNet. In the May WinFX documentation, you'll find some details in the section Indigo -> Programming Indigo -> Managing Identities with InfoCard.

Look out for more on this topic at the PDC, of course...

Comments (2)

  1. Anonymous says:

    I wish to be able to connect to my bank etc from home/work/”public Internet PC” + others

    How can I use my “InfoCard” when I am on a machine that I do not trust and do not own? I do not want to have to copy my InfoCard files to a public PC.

    Often I will not even be allowed to plug a “smart card” into the USB port. I think a system like “Secure Id” is needed, so all I have to do is type in a one type short number that a “key sized” hardware identity store gives me.

    I don’t see this as a problem that can be solved as the OS level, I think it needs a solution that does not need ANY changes to the PC or the Software that is running on it. <- email address on web site

  2. Anonymous says:

    Почитав сегодня свежие блоги, нашел несколько интересных вещей:

Skip to main content