"There is a really wonderful new book out on digital identity and
Information Cards called "Understanding Windows CardSpace". Written
by Vittorio Bertocci, Garrett Serack and Caleb Baker, all of whom were
part of the original CardSpace project, the book is deeply grounded in
the theory and technology that came out of it... The presentation begins
with a problem statement: 'The Advent of Profitable Digital Crime'.
There is a systematic introduction to the full panoply of attack vectors
we need to withstand, and the book convincingly explains why we need an
in-depth solution, not another band-aid leading to some new vulnerability.
For those unskilled in the art, there is an introduction to relevant
cryptographic concepts, and an explanation of how both certificates and
HTTPS work. These will be helpful to many who would otherwise find parts
of the book out of reach. Next comes an intelligent discussion of the
Laws of Identity, the multi-centered world and the identity metasystem.
The book is laid out to include clever sidebars and commentaries, and
becomes progressively more McLuhanesque. On to SOAP and Web Services
protocols -- even an introduction to SAML and WS-Trust, always with
plenty of diagrams and explanations of the threats. Then we are introduced
to the concept of an identity selector and the model of user-centric
interaction. Part two deals specifically with CardSpace, starting with
walk-throughs, and leading to implementation. This includes 'Guidance for
a Relying Party', an in-depth look at the features of CardSpace, and a
discussion of using CardSpace in the browser. The authors move on to
Using CardSpace for Federation, and explore how CardSpace works with
the Windows Communication Foundation. Even here, we're brought back to
the issues involved in relying on an Identity Provider, and a discussion
of potential business models for various metasystem actors..."
No comments:
Post a Comment