A developer diary on implementing Windows Cardspace
Do you know Windows Cardspace? A new feature of .NET framework that allows authentication over the internet.
It is designed to be convenient and secure (avoiding phishing).
Nowadays authentication is application-centric. This means that which website has it's own authentication system, stores information and the credentials of the users.
This design has some problems. People are registered in many sites. And they don't want to memorize many passwords, so they tend to use the same password in almost all of them. If a hacker discovers one of them it can be a big big problem. By the other hand, many websites stores personal information, almost like a business card. But a year or so after the registration many informations can change (such as address, phone number and so on).
Windows Cardspace has a user-centric design. The information is stored in user's computer. There is no need for a password. Windows Cardspace can also store information about the user (like a business card). When a user uses a card in a website, this website can refresh information about the user in their database.
This system can be used side-by-side with a old fashion way.
This system has a problem with mobility... To access websites from different computers you must backup a card into a disk or pen (protected by a password) an temporarily import it into the computer you want to use.
Alcides has told me about OpenID. I will have a look at it soon.
If you have Windows Vista try Windows Cardspace in SignOn.com