I’m surprised not to have seen more buzz in the developer community around InfoCard, which is easily one of the coolest new technologies and an intriguing solution to the problem of federated identity management. The WinFX Beta 1 RC release that we shipped last week is the first public exposure of this technology, so if you want to be really ahead of the curve, you might want to explore the samples and limited documentation in this release.
At its heart, InfoCard attempts to solve the problem of trust on the web. When I visit my bank, how do they know that I’m really Tim Sneath, and how do I know that they are really my bank? The proliferation of user accounts and passwords today is an increasing security risk, as many people share their credentials across multiple parties or otherwise simply struggle to manage a collection of hundreds of different registration details. Furthermore, fraud is an increasing risk, with increasingly sophisticated spyware now gaining control over DNS host caches, international domain names and many other threats to casual users.
InfoCard provides an open, web service-based model for selectively sharing your digital identity with third parties. The goal is that you’ll be able to have multiple certificate-backed identities issued by various trusted providers, that you can optionally make available to a website based on the level of trust and privacy you want to make available.
The main article that puts forward our vision can be found here on MSDN. At the high level, you can also read an article from Kim Cameron, one of the architects of InfoCard, on building better identity systems here (Kim’s blog is here). One of the better external articles on InfoCard (to my mind) can be found on Johannes Ernst’s blog; there are also news articles at ComputerWorld and CNet. In the May WinFX documentation, you’ll find some details in the section Indigo -> Programming Indigo -> Managing Identities with InfoCard.
Look out for more on this topic at the PDC, of course…