Making CardSpace and OpenID Interoperable


Microsoft, JanRain, Sxip, and VeriSign have agreed to work together to make OpenID and CardSpace interoperate. This isn't totally unexpected since the community has been moving forward in this direction. Kim Cameron has been discussing the details of how it might work in recent weeks. Here are the specifics from the press release:

  • As part of OpenID's security architecture, OpenID will be extended to allow relying parties to explicitly request and be informed of the use of phishing-resistant credentials.
  • Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure. Kim Cameron, Chief Architect of Identity at Microsoft, will work with the OpenID community on authentication and anti-phishing.
  • JanRain, Sxip, and VeriSign recognize that Information Cards provide significant anti-phishing, privacy, and convenience benefits to users. Information Cards, based on the open WS-Trust standard, are available though Windows CardSpace.
  • JanRain and Sxip, leading providers of open source code libraries for blogging and web sites, are announcing they will add support for the Information Cards to their OpenID code bases.
  • JanRain, Sxip and VeriSign plan to add Information Card support to future identity solutions.
  • Microsoft plans to support OpenID in future Identity server products.

The Bill Gates keynote at the RSA conference today also contained commitments to support OpenID in some Microsoft products (I'm not sure which), I'm told. Very good development for everyone, I think.