Information Card
Encyclopedia
Windows CardSpace
Windows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
, DigitalMe or Higgins Identity Selector.
The Identity Metasystem is an interoperable architecture for digital identity
Digital identity
Digital identity is the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things...
that enables people to have and employ a collection of digital identities based on multiple underlying technologies, implementations, and providers. Using this approach, customers can continue to use their existing identity infrastructure investments, choose the identity technology that works best for them, and more easily migrate from old technologies to new technologies without sacrificing interoperability with others. The Identity Metasystem is based upon the principles in The Laws of Identity.
Overview
There are three participants in digital identityDigital identity
Digital identity is the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things...
interactions using Information Cards:
- Identity Providers issue digital identities for you. For example, businesses might issue identities to their customers, governments might vouch for the identities of their citizens, credit card issuers might provide identities enabling payment, online services could provide verified data such as age, and individuals might use self-issued identities to log onto web sites.
- Relying Parties accept identities for you. Online services that you use can accept digital identities that you choose and use the information provided by them on your behalf, with your consent.
- Subject is yourself, the party in control of all these interactions. The subject can choose which of its applicable digital identities to use with the relying party.
Selectors
Windows CardSpace
Windows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
, the Bandit Project
Bandit project
The Bandit project is an open source collection of loosely-coupled components to provide consistent identity services.It implements open standard protocols and specifications such that identity services can be constructed, accessed, and integrated from multiple identity sources. Portions of the...
's DigitalMe, and several kinds of Identity Selectors from the Eclipse Higgins Project.
An Identity Selector performs the following user-centric identity management tasks:
- Provides a consistent user experience for authentication (and in some cases other kinds of interactions) with a Relying Party (also known as a Service Provider).
- Provides a user interfaceUser interfaceThe user interface, in the industrial design field of human–machine interaction, is the space where interaction between humans and machines occurs. The goal of interaction between a human and a machine at the user interface is effective operation and control of the machine, and feedback from the...
that displays a set of Information CardInformation CardInformation Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
icons from which the user selects their preferred Information CardInformation CardInformation Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
when authentication is required by a local application or Relying Party (e.g. a web site's login page). - Provides a user interfaceUser interfaceThe user interface, in the industrial design field of human–machine interaction, is the space where interaction between humans and machines occurs. The goal of interaction between a human and a machine at the user interface is effective operation and control of the machine, and feedback from the...
to create and manage personal (also known as self-issued) Information CardInformation CardInformation Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
s. - Provides a local Security Token Service that is used to issue the security tokens for personal Information CardInformation CardInformation Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
s. - Provides a user interface to import and export Information CardInformation CardInformation Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
s in standard file formats. - Is invoked by a browser extension or by a local rich client application.
An Identity Selector may also allow the user to manage (e.g. create, review, update, and delete cards within) their portfolio of Information Cards.
Components of the Identity Metasystem
There are five key components to the Identity Metasystem:- A way to represent identities using claims. Claims are carried in security tokens, as per WS-SecurityWS-SecurityWS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
. - A means for identity providers, relying parties, and subjects to negotiate. Dynamically negotiating the claims to be delivered and the security token format used enables the Identity Metasystem to carry any format of token and any kinds of claims needed for a digital identity interaction. Negotiation occurs using WS-SecurityPolicyWS-SecurityPolicyis a WS* specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-SecureConversation by offering mechanisms to represent the capabilities and requirements of web...
statements exchanged using WS-MetadataExchangeWS-MetadataExchangeWS-MetaDataExchange is a Web Services protocol specification, published by BEA Systems, IBM, Microsoft, and SAP. WS-MetaDataExchange is part of theWS-Federation roadmap; and is designed to work in conjunction with WS-Addressing, WSDL and WS-Policy to allow retrieval of metadataabout a Web...
. - An encapsulating protocol to obtain claims and requirements. The WS-TrustWS-TrustWS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure...
and WS-FederationWS-FederationWS-Federation is an Identity Federation specification, developed by BEA Systems, BMC Software, CA Inc., IBM, Layer 7 Technologies, Microsoft, Novell, Ping Identity, and VeriSign...
protocols are used to carry requests for security tokens and responses containing those tokens. - A means to bridge technology and organizational boundaries using claims transformation. Security Token Services (STSs) as defined in WS-TrustWS-TrustWS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure...
are used to transform claim contents and formats. - A consistent user experience across multiple contexts, technologies, and operators. This is achieved via Identity Selector client software such as Windows CardSpaceWindows CardSpaceWindows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
representing digital identities owned by users as visual Information CardInformation CardInformation Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
s.
Generic qualities
- I-cards are created by an entity known as a issuer.
- I-cards display the name of the issuer (issuerName) in a text string.
- I-cards have a text string to identify the card (cardName) that is initially set by the card issuer. Typically this card name is user-editable.
- I-cards may have a (GIF or JPEG) background image (cardImage) set by the card issuer (user-editable).
- In most i-cards the user is able to see the value of the claims.
Sign-In with Information Cards
Using Information Cards, users can authenticate without needing a username and password for every web site; instead, at sites accepting them, they can log in with an Information Card, which may be used at multiple sites.Each Information Card utilizes a distinct pair-wise digital key for every realm where a key is requested. A realm may be a single site or a set of related sites all sharing the same target scope information when requesting an Information Card. The use of distinct pair-wise keys per realm means that even if a person is tricked into logging into an imposter site with an Information Card, a different key would be used at that site than the site that the imposter was trying to impersonate; no shared secret is released.
Furthermore, many Identity Selectors provide a means of Phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
detection, where the HTTPS certificate of the Relying Party site is checked and compared against a list of the sites at which the user has previously used an Information Card. When a new site is visited, the user is informed that they have not previously used a card there.
Types of Information Card
The Identity Selector Interoperability Profile v 1.5 (or OASIS IMI v1.0 Committee Draft) specifies two types of Information Cards an Identity Selector must support.- Personal (also called Self-Issued) Information Cards: These cards allow you to issue Claims about yourself to sites willing to accept them. These claims can include your name, address, phone numbers, e-mail address, web address, birth date, gender, and a site-specific key uniquely generated for each site where the card is used.
- Managed Information Cards: These cards allow Identity Providers other than yourself to make Claims about you to sites willing to accept them. These claims can include any information that a Relying Party requests, an Identity Provider is able to provide, and you are willing to send between them.
The Higgins project is defining two new kinds of Information Cards as well:
- Relationship Cards (or R-cards) are used to establish an ongoing relationship between multiple parties.
- Zero-Knowledge Cards (or Z-cards)
However the Information Card format allows for custom types; The Bandit project
Bandit project
The Bandit project is an open source collection of loosely-coupled components to provide consistent identity services.It implements open standard protocols and specifications such that identity services can be constructed, accessed, and integrated from multiple identity sources. Portions of the...
demonstrated prototype managed cards backed by OpenIDs
OpenID
OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities...
at the BrainShare conference in March 2007.
Personal cards
The first kind of personal information cardInformation Card
Information Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
s were also introduced as part of Microsoft’s Windows CardSpace
Windows CardSpace
Windows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
software in November 2006. Their behavior is also defined by the same documents covering the Microsoft-defined managed cards (see above).
Summary of characteristics:
- Data format an XML file containing: set of claim type URIÚriÚriis a village and commune in the comitatus of Pest in Hungary....
s as well as the (user-defined) values of these claims, cardImage, a unique cardID, etc. This data format is defined in the ISIP documents. - Issuer: The user's own identity selector. Personal cards can be described as self-issued
- Genesis: Created by the user's identity selector.
- Claims: 15 pre-defined claim types (e.g. firstname, surname, email address, etc.) are defined in theIdentity Selector Interoperability Profile v 1.5 (or OASIS IMI v1.0 Committee Draft).
- Authority: The user's identity selector is the authority for the issued token's set of claim values.
- Data flow: On demand (e.g. as needed by a relying site), an STS local to the identity selector creates a security token with the current values.
- Editability: The claim values are directly editable by the user.
- Attribute data source: The personal card XML file contains claim values. When imported into an identity selector these data values are then managed internally by the selector.
Managed Information Card Details
The first kind of managed card was introduced as part of Microsoft’s Windows CardSpaceWindows CardSpace
Windows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
software in November 2006. The behavior, file format and interoperability characteristics of these kinds of managed cards are defined by Microsoft documents such as the Identity Selector Interoperability Profile v 1.5 (or OASIS IMI v1.0 Committee Draft) (see here for a more complete list), in combination with open standards including WS-Trust and others.
Summary of characteristics:
- Data format: an XML file containing: network endpoint of the STS, set of claim type URIs, name of the card, cardImage, issuerName, a unique cardID, etc. The XML file format is defined in the ISIP documents.
- Issuer: An external, third party token service (representing an external person or organization).
- Genesis: A managed card is generated by a Security Token Service running at an Identity Provider site and imported into the user's Identity Selector
- Claims: The list of supported claim types (claim type URIs) is defined by the issuer.
- Authority: The issuer is the sole authority for the claim values contained within the token it issues.
- Data flow: Managed cards contain a network endpoint reference to a Security Token Service (STS) that, when requested by the identity selector (using WS-Trust, etc.) generates/provides a security token containing the required claims.
- Editability: Underlying attribute data is not directly editable by the user.
- Attribute data source: Determined by the issuer, and generally managed by the issuer.
Information Cards issued by third parties can employ any of four methods for the user to authenticate himself as the card owner:
- a Personal (Self-Issued) Information Card,
- an X.509X.509In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
certificate (which can either be from a hardware device such as a SmartCard or it can be a software certificate), - a Kerberos ticket, such as those issued by many enterprise login solutions, or
- a username and password for the card.
Additional methods could also be implemented by future Identity Selectors and Identity Providers (see #Futures).
Managed Information Cards can be auditing, non-auditing, or auditing-optional:
- Auditing cards require the identity of the Relying Party site to be disclosed to the Identity Provider. This can be used to restrict which sites the Identity Provider is willing to release information to.
- Non-auditing cards will not disclose the identity of the Relying Party site to the Identity Provider.
- Auditing-optional cards will disclose the identity of the Relying Party site if provided by the Relying Party, but do not require this disclosure.
Relationship cards
Relationship cards are under development by the Higgins project (see http://wiki.eclipse.org/R-Card)Summary of characteristics:
- Data format: A managed card that supports a resource-udi claim
- Supported Claims: Like all managed (or personal) cards, r-cards include a list of supported claim types (expressed as URIs) as defined by the issuer. This set defines the maximal set of claims that issuer will include in its generated security token. These claims are inherited from underlying ISIP-m-card upon which it is based and are used for the same purposes. Beyond managed cards the resource-udi "meta" claim provides a reference to a set of attributes.
- Authority: The issuer is the authority for the issued token's set of claim values (as per a normal managed or personal card).
- Editability: The values of underlying attributes (referenced by the resource-udi claim) may be editable by parties other than the issuer.
- Supported Attributes: The value of an r-card's resource-udi claim is an Entity UDI (URI) that "points to" a data entity (representing a person, organization, or other object). The set of attributes of this data entity is distinct from (though usually a superset of) the "supported claims" mentioned above.
Reliance on the Higgins Data Model
Conceptually a managed card is essentially a human-friendly "pointer" to a Token Service—a web service (e.g. a WS-Trust Security Token Service) from which security tokens can be requested. A security token is a set of attribute assertions (aka claims) about some party that is cryptographically signed by the issuer (the token service acting as the authority). An r-card, contains a second "pointer" that points to a data entity whose attribute's values (i) shared by all parties to the r-card and (ii) form the underlying attributes that are consumed by the r-card issuer's STS and provide the values of the claims that this STS makes. By including this second "pointer" on the r-card, r-card holders have the potential to access and update some subset of these underlying attributes. The card issuer maintains an access control policy to control who has what level of access.This second pointer is an Entity UDI—a reference to an Entity object in the Higgins Context Data Model. Entity UDIs may be dereferenced and the underlying Entity's attributes accessed by using the Higgins project's Identity Attribute Service. Once resolved, consumers of this service can inspect, and potentially modify the attributes of the entity as well as get its schema as described in Web Ontology Language
Web Ontology Language
The Web Ontology Language is a family of knowledge representation languages for authoring ontologies.The languages are characterised by formal semantics and RDF/XML-based serializations for the Semantic Web...
(OWL).
In addition to basic identity attribute values like strings and numbers, the data entity referred to by an r-card can have complex attribute values consisting of aggregates of basic attribute types as well as UDI links to other entities.
Claims
Beyond being used to log into sites, Information Cards can also facilitate other kinds of interactions. The Information Card model provides great flexibility because cards can be used to convey any information from an Identity Provider to a Relying Party that makes sense to both of them and that the person is willing to release. The data elements carried in Information Cards are called Claims.One possible use of claims is online age verification, with Identity Providers providing proof-of-age cards, and Relying Parties accepting them for purposes such as online wine sales; other attributes could be verified as well. Another is online payment, where merchants could accept online payment cards from payment issuers, containing only the minimal information needed to facilitate payment. Role statements carried by claims can be used for access control decisions by Relying Parties.
Interoperability and licensing
The protocols needed to build Identity Metasystem components can be used by anyone for any purpose with no licensing cost and interoperable implementations can be built using only publicly-available documentation. Patent promises have been issued by Microsoft, IBM, and others ensuring that the protocols underlying the Identity Metasystem can be freely used by all.The Information Cards defined by the Identity Selector Interoperability Profile v 1.5 (or OASIS IMI v1.0 Committee Draft) are based on open, interoperable communication standards. Interoperable Information Card components have been built by dozens of companies and projects for platforms including Windows, Mac OS, and Linux, plus a prototype implementation for phones. Together, these components implement an interoperable Identity Metasystem. Information Cards can be used to provide identities both for Web sites and Web Services applications.
Several interoperability testing events for Information Cards have been sponsored by OSIS and the Burton Group, one was at the Interop at the October 2007 European Catalyst Conference in Barcelona and the most recent was at RSA 2008. These events are helping to ensure that the different Information Card software components being built by the numerous participants in the Identity Metasystem work well together.
The protocols needed to build Information Card implementations based on the Identity Selector Interoperability Profile v 1.5 (or OASIS IMI v1.0 Committee Draft) can be used by anyone for any purpose at no cost and interoperable implementations can be built using only publicly-available documentation. Patent promises have been issued by Microsoft, IBM, and others, ensuring that this Information Card technology is freely available to all.
In June 2008, industry leaders including Equifax, Google, Microsoft, Novell, Oracle, PayPal and others created the Information Card Foundation
Information Card Foundation
In June 2008, industry leaders including Equifax, Google, Microsoft, Novell, Oracle Corporation, PayPal and others created the Information Card Foundation in order to advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity...
in order to advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity layer spanning both the enterprise and the Internet.
In his report on the Interop at the June 2007 Catalyst Conference in San Francisco, analyst Bob Blakley wrote:
The interop event was a milestone in the maturation of user-centric identity technology. Prior to the event, there were some specifications, one commercial product, and a number of open-source projects. After the event, it can accurately be said that there is a running identity metasystem.
History of the terms "i-card" and "information card"
The term information cardInformation Card
Information Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
was introduced by Microsoft in May 2005 as a name for the visual information card metaphor to be introduced in its forthcoming Windows CardSpace
Windows CardSpace
Windows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
software. Until early 2006, information cards were also sometimes referred to by the code-name “InfoCard”, which was not a name that was freely available for all to use. The name information card
Information Card
Information Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
was specifically chosen as one that would be freely available for all to use, independent of any product or implementation. The name “information card” is not trademarked and is so generic as to not be trademarkable.
The term i-card was introduced at the June 21, 2006 Berkman/MIT Identity Mashup conference. The intent was to define a term that was not associated with any industry TM or other IP or artifact. At the time, Microsoft had not yet finished applying the Open Specification Promise to the protocols underlying Windows CardSpace
Windows CardSpace
Windows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
and there was also a misunderstanding that the term information card
Information Card
Information Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select...
was not freely available for use by all, so to be conservative, the term i-card was introduced.
Mike Jones, of Microsoft, explained to participants of a session at IIW 2007b that Microsoft always intended the term information card to be used generically to describe all kinds of information cards and to be freely usable by all, and tried to correct the earlier misunderstanding that the term might apply only to the kinds of information cards originally defined by Microsoft. He made the case that the industry would be better served by having everyone use the common term information card, than having two terms in use with the same meaning, since there remains no legal or technical reason for different terms. In this case the term i-card would become just the short form of information card, just like e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
has become the short form of electronic mail.
Software Implementations
- Windows CardSpaceWindows CardSpaceWindows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
- runs on Windows VistaWindows VistaWindows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
, Windows XPWindows XPWindows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
, and Windows Server 2003Windows Server 2003Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005... - Higgins project web-based Identity Selector deployment configuration
- Higgins project client-based Identity Selector deployment configuration
- Higgins project eclipse-based Identity Selector deployment configuration
- DACSDistributed Access Control System (DACS)The Distributed Access Control System is a light-weight single sign-on androle-based access control system forweb serversandserver-based software.DACS is primarily used withApache web serversto provide enhanced access controlfor web pages,...
- open source relying party & Information Card STS written in C
See also
- Identity Selector
- Information Card FoundationInformation Card FoundationIn June 2008, industry leaders including Equifax, Google, Microsoft, Novell, Oracle Corporation, PayPal and others created the Information Card Foundation in order to advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity...
- Windows CardSpaceWindows CardSpaceWindows CardSpace , is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual...
- Higgins project
- Bandit projectBandit projectThe Bandit project is an open source collection of loosely-coupled components to provide consistent identity services.It implements open standard protocols and specifications such that identity services can be constructed, accessed, and integrated from multiple identity sources. Portions of the...
- Digital identityDigital identityDigital identity is the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things...
- OpenIDOpenIDOpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities...
- SAMLSAMLSecurity Assertion Markup Language is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider...
Additional resources
- Technology Leaders Favor Online ID Card Over Passwords - New York Times article 24-Jun-08 announcing the Information Card FoundationInformation Card FoundationIn June 2008, industry leaders including Equifax, Google, Microsoft, Novell, Oracle Corporation, PayPal and others created the Information Card Foundation in order to advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity...
- Identity Selector Interoperability Profile, Arun Nanda, April 2007.
- Identity Selector Interoperability Profile v 1.5
- OASIS IMI v1.0 Committee Draft
- An Implementer's Guide to the Identity Selector Interoperability Profile V1.0, Microsoft Corporation and Ping Identity Corporation, April 2007.
- A Guide to Using the Identity Selector Interoperability Profile V1.0 within Web Applications and Browsers, Michael B. Jones, April 2007.
- Design Rationale behind the Identity Metasystem Architecture, Kim Cameron and Michael B. Jones, January 2006.
- Patterns for Supporting Information Cards at Web Sites: Personal Cards for Sign up and Signing In, Bill Barnes, Garrett Serack, and James Causey, August 2007.
- Microsoft Open Specification Promise, May 2007.
- IBM Interoperability Specifications Pledge, July 2007.
External links
- Information Card Foundation
- Information Card Icon Announcement, June 2007.
- Microsoft's Vision for an Identity Metasystem, Michael B. Jones, May 2005.
- The Laws of Identity, Kim Cameron, May 2005.
- 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, Ann Cavoukian, Information and Privacy Commissioner of Ontario, October 2006.
- Azigo Identity Selector
- Bandit Project
- DigitalMe Identity Selector
- Eclipse Higgins Project
- Burton Group report on OSIS June 2007 User-Centric Identity Interop at Catalyst in San Francisco, August 2007.
- Burton Group report on OSIS October 2007 User-Centric Identity Interop at Catalyst in Barcelona, October 2007.
- Open-Source Identity System (OSIS)
- Avoco Secure Information Card and Identity Solutions