Microsoft recently shed more light on their new identity project called the Identity Metasystem
. A core component of it is InfoCard. Actually InfoCard is composed of 2 elements:
- Identity selector: it will reside on the PC and will act as a sort of broker for the user by negotiating between the identity providers and the relying party. Note that the term identity provider has a quite different meaning that the one used in other identity framework (like Liberty). In Microsoft's Identity Metasystem, an identity provider issues digital identities that are relevant to the business it is in. For instance, a credit card provider would issue identities that enable payment (so credit card number info or whatever is needed for a payment). To me such identity provider is more of an attribute provider but maybe I sent too much time working on Liberty? The relying party is a service provider that is also InfoCard enabled.
- Self-issued identity provider: a PC will be able to store some of the user's personal information in a secure area of the operating system. The InfoCard client application (on the PC) can then provide these data to relying parties. Microsoft says that the data stored on the PC cannot be sensitive information (e.g. social security numbers...). While this is an interesting concept, storing locally personal attributes is raising the issue of availability: unlike digital identities stored on an identity provider the self-issued digital identities are only available when you're using your PC.
Gathering as much info as I could, I have created the following diagram to illustrate how InfoCard would actually work. I'd be happy to hear any comment on it (or corrections if I got something wrong).
Now an interesting question is how this is going to work with other identity frameworks? Microsoft called this architecture Identity Metasystem since it is supposed to be above (and play nicely with) existing systems.
I could imagine this being used on top of SAML2.0
or Liberty ID-FF1.2 but obviously this architecture is in direct competition with Liberty's ID-WSF
I'm sure I'll come back to this.