Thursday, June 28, 2007

CardSpace' Dimensions

While thinking about how Windows CardSpace could be used and extended I came up with this graphic.



Thus the dimensions of Windows CardSpace are:


  1. Cardstore: Where is the cardstore?
    Service Providers store the information cards and facilitate the use through different devices.

  2. CredentialStore: Where are the credentials?
    Storage of credentials and engine for cryptographic operations.

  3. UI Generation: Where is the UI generated?
    The UI could be generated on a server but be displayed on one of the user’s devices.

  4. Identity Selector (UI): Where is the UI displayed and where is the Information Card selected?

  5. STS: Where is the STS?

  6. STS Authentication: Authentication Technology

  7. Browser: On which device is the authentication needed?


Now imagine all the combinations of the coordinates which span "use case space". My colleague Jochen Klaffer designed and implemented a tool which helped us a lot to find relevant use cases in our "CardSpace for Telcos" project which we are doing for Deutsche Telekom Laboratories' Jörg Heuer.

This is of course only a selection of possible dimensions. Others were excluded for simplicity and because there are strong indications that they will never be relevant. Kim Cameron said e.g. about using different protocols instead of WS-*: "This will not happen".
So the "Trust Protocol" dimension is not shown in this graphic.

Other dimensions missing are new transport protocols like SIP instead of HTTP to transport the RST/RSTR. So the "Transport Protocol" dimension is not shown in this graphic.

You will probably notice that there are points on the axis that are not part of CardSpace version 1.0...
Let us look at CardSpace 1.0.




  1. Cardstore: local (secure desktop).

  2. CredentialStore: local (secure desktop).

  3. UI Generation: local (secure desktop).

  4. Identity Selector (UI): local (secure desktop)

  5. STS: local or network

  6. STS Authentication: fixed set of four technologies

  7. Browser: PC


So this the current state, but the universe is expanding, right?

Interpretation of the axes and the new points the axes is left to the reader ;-)

4 comments:

The Mad Scientist said...

The "wallet" in the center is likely to become the mobile phone regardless if you are using a mobile application or are using a PC. Card selection and PIN-input is then performed in the phone as well.

Unknown said...

you can interprete my previous post How to sign a J2ME midlet with a Verisign code signing certificate using EclipseME as a "yes, this is what I think will/should happen". But the interessting part is not the technical feasability but the business cases".

SimonOx said...

Nice graphic, carry on!

Unknown said...

Regarding the "niceness" of the picture I have to give credit to my colleague Andreas Lienicke who pepped up my sketch.