RIP, Windows CardSpace. Hello, U-Prove

RIP, Windows CardSpace. Hello, U-Prove

Summary: For a while, had been wondering when Microsoft would ship CardSpace 2.0, the last, un-delivered piece of its Geneva set of security wares. The answer, it turns out, is never.

SHARE:

For a while, had been wondering when Microsoft would ship CardSpace 2.0, the last, un-delivered piece of its Geneva set of security wares. The answer, it turns out, is never.

CardSpace, which got its start as "Windows InfoCard," attempted to represent an individual's digital identity that the user could use to communicate with a third party entity.

From a February 15 post on the Microsoft "Claims-Based Identity" blog (which I found via a tweet from @Carnage4Life):

"Windows CardSpace was initially released and developed before the pervasive use of online identities across multiple services. Perhaps more importantly, we released the user component before we and others had delivered the tools for developers and administrators to easily create claims-ready services. The identity landscape has changed with the evolution of tools and cloud services.  Based on the feedback we have received from partners and beta participants, we have decided not to ship Windows CardSpace 2.0."

According to the blog post, in spite of the elimination of CardSpace, Microsoft is still a big proponent of claims-based identity concepts, and the company has baked support for these identity solutions into SharePoint, Office 365, Dynamics CRM, and Windows Azure.

"Microsoft has been a leading participant in the identity community and an active contributor to emerging identity standards.  We have increased our commitment to standardization activities and added support into our products for the SAML 2.0, OpenID 2.0, OAuth WRAP and OAuth 2.0 protocols," the blog post noted.

Microsoft also is putting its weight behind a new Microsoft claims technology called U-Prove, according to the post. U-Prove is "an advanced cryptographic technology that, combined with existing standards-based identity solutions, overcomes this long-standing dilemma between identity assurance and privacy," according to the test page.

Microsoft has made available to testers for download a second Community Technology Preview build (via the Connect site) for its U-Prove Agent. The Agent is "software that acts as an intermediary between websites and allows sharing of personal information in a way that helps protect the user’s privacy," the U-Prove Frequently Asked Questions (FAQ) document explains. U-Prove is based on technology that Microsoft bought when it acquired Credentica in 2008.

“Geneva” was the codename for a number of Microsoft identity wares. It became the codename for the most recently delivered version of Active Directory Federation Services (ADFS) and Windows CardSpace, as well. The programming framework supporting the current version of ADFS originally was codenamed “Zermatt,” then, later, also took on the “Geneva” codename.

Topics: CXO, Operating Systems, Software, Software Development, Windows

About

Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • LOL!!

    U Prove? More like U-Loose! If you expect MS to stick with this dopey strategy. Just like the d.o.a. Zune, might as well skip that device right into tar pit with the rest of MS's dead services and products they give up on because they have no plan/strategy/future. They just cook up gimmicks to take your money then bail on you. Suckers!
    james347
    • So what do you suggest?

      Maybe we should stick to product such as Google Wave instead?
      LBiege
      • RE: RIP, Windows CardSpace. Hello, U-Prove

        @LBiege

        No, don't do that, big mistake.
        james347
    • RE: RIP, Windows CardSpace. Hello, U-Prove

      @james347

      You got the day off James or are you paid to be here?

      Starting to get crowded under that bridge
      tonymcs@...
      • RE: RIP, Windows CardSpace. Hello, U-Prove

        @tonymcs@...

        Stop typing now, your words hurt my eyes.
        james347
    • RE: RIP, Windows CardSpace. Hello, U-Prove

      @james347 - Riiiiight. Microsoft has been investing heavily in the claims based identity space since before CardSpace was first introduced at RSA 2006. That they acquired UProve's complementary technologies and have continued to improve and extend their support of open and standard authentication and authorization protocols is a pretty clear indicator of their continued and long-term investment in this space.

      The authentication and authorization problem is not solved until we can give-up our usernames and passwords.
      bitcrazed
  • RE: RIP, Windows CardSpace. Hello, U-Prove

    "The identity landscape has changed with the evolution of tools and cloud services. Based on the feedback we have received from partners and beta participants, we have decided not to ship Windows CardSpace 2.0."

    TRANSLATION: Google, Facebook, and many cloud service providers beat us to this...no point in making something nobody will buy.

    MS spread itself too thin and in light of a changing market they're sticking largely to big money markets or ones they are established in. Nothing big here, not really much reason to troll them.
    Socratesfoot
  • Message has been deleted.

    joeymaloney@...
  • RE: RIP, Windows CardSpace. Hello, U-Prove

    I really hope that the postmortems for Cardspace are more sophisticated that the recent analyses of OpenID. Already some tweeps are positioning this as 'another battle lost' in the Google vs Microsoft war. And others are bemoaning that Facebook Connect will now "win" top prize in identity.

    The lesson of the Identity Metasystem (more than Cardspace per se) and of OpenID is that there is no single prize to be won in identity!

    Siloed identity systems resist federation and are far harder to deconstruct than first appears. The spread of identities we each have today have evolved to fit specific niches in the business ecosystem. Taking a cell phone identity for instance and trying to federate it into a banking relationship is like taking a salt water fish and dropping it into a fresh water tank.

    The deep vital lesson to be learned from OpenID and Cardspace is that we already have a perfectly good identity ecosystem. And it has already created a diversity of robust evolved identities, which cannot be simply reengineered Frankenstein-like with fancy engineering tools like SAML and JSON to deliver utopian outcomes like web single sign on.

    So fear not, Frankenbook Connect has no chance of taking over the [real] world.
    swilson@...
    • RE: RIP, Windows CardSpace. Hello, U-Prove

      @swilson@... OpenID is lipstick on a pig.

      OpenID is little more than an end-user convenience. Because it's so easily spoofable and subvertible, it's HIGHLY unlikely you'll see it being used as the authn means for secure or sensitive sites such as banking, financial, medical, government sites and services.

      The IDMS (Identity Metasystem) is a good technology-agnostic framework for the exchange of authn/z claims and offers. CardSpace was a great first attempt at implementing a client agent for the IDMS, and helped identify the issues with providing cross-platform, cross-device, ubiquitous, open, standards based exchange of credentials and claims.

      UProve augments the client agent technology platform and resolves a number of the issues CardSpace alone was unable to resolve.

      Again, until we have a highly secure, very usable, ubiquitous replacement for usernames and passwords, we'll see continual development in this space.
      bitcrazed
      • RE: RIP, Windows CardSpace. Hello, U-Prove

        @bitcrazed One of the missteps of federated identity is that it tries to reengineer the way we transact -- inserting intermediary IdPs into otherwise simple bilateral relationships between service providers and customers -- at the same time as tackling the password problem. These are separate issues. It's better that we preserve most of the perfectly good identities we already have in the real world rather than mash them up into a vain web single sign on, and instead concentrate on protecting those IDs against replay when used online. See http://lockstep.com.au/blog/2011/02/02/tco-multiple-ids. I believe the username/password challenge is almost entirely a technology problem, but Cardspace and OpenID turned them into much more complex business and legal problems.
        swilson@...
  • CardSpace 2.0

    In the CardSpace forums, there was very high demand from testers for XP support for CardSpace 2.0 which they didn't have around that time.
    xp-client
  • RE: RIP, Windows CardSpace. Hello, U-Prove

    very nice work. pelt loved it. Thank you very much for this information<a title="kral oyun" target="_blank" href="http://www.yenioyun.net">kral oyun</a> | <a title="yeni oyun" target="_blank" href="http://www.yenioyun.net">yeni oyun</a> | <a title="oyun oyna" target="_blank" href="http://www.game.gen.tr">oyun oyna</a> | <a title="robot oyunlar" target="_blank" href="http://www.robotoyunlari.net">robot oyunlar</a> | <a title="ben 10,ben ten" target="_blank" href="http://www.game.gen.tr/kategori-4-32-Ben_10_Oyunlari.html">ben 10</a> | <a title="kral oyunlar" target="_blank" href="http://www.yenioyun.net">kral oyunlar</a> | <a title="3d oyun,3d oyunlar" target="_blank" href="http://www.game.gen.tr/kat-5-3d-oyunlar.html">3d oyunlar</a> | <a target="_blank" href="http://www.frivoyunlari.net">friv</a>
    solarizucar
  • RE: RIP, Windows CardSpace. Hello, U-Prove

    This is very like your writing. Have been descriptive and informative. They thank you for.<a href="http://www.altinoyunlari.net/">altin</a> | <a href="http://www.madenoyunlari.net/">maden</a> | <a href="http://www.ben10oyunlari.eu/">ben ten</a> | <a href="http://www.ben10oyunlari.us/">ben ten</a>
    edward25
  • RE: RIP, Windows CardSpace. Hello, U-Prove

    The majority of migration <a title="kral oyun" target="_blank" href="http://www.yenioyun.net">kral oyun</a> issues exist because some version of a 3rd party <a title="en yeni oyunlar" target="_blank" href="http://www.yenioyun.net">en yeni oyunlar</a> line-of-business application critical to operations is not <a title="robot oyun" target="_blank" href="http://www.robotoyunlari.net">robot oyun</a> supported on any <a title="oyun oyna" target="_blank" href="http://www.game.gen.tr">oyun oyna</a> other browser. A company can't upgrade off the version <a title="oyunlar" target="_blank" href="http://www.game.gen.tr">oyunlar</a> because they've modified it to hell, <a title="friv,firiv" target="_blank" href="http://www.yenioyun.net/friv/">friv</a> and the 3rd party that manufactured it has long moved <a title="ben 10,ben ten" target="_blank" href="http://www.game.gen.tr/kategori-4-32-Ben_10_Oyunlari.html">ben 10</a> past that version.
    Many people don't understand how incredibly <a title="3d oyun,3d oyunlar" target="_blank" href="http://www.game.gen.tr/kat-5-3d-oyunlar.html">3d oyunlar</a> widespread issue #3 is above and how difficult this issue is to resolve when you're talking about an application that is mission critical to a business. <a title="avatar oyunlar" target="_blank" href="http://www.game.gen.tr/kategori-4-33-Avatar_Oyunlari.html">avatar oyunlar</a> This is the singel greatest reason companies look at the issue and say, "Screw it. We'll live with the risk and run an N-3 version of the browser
    edward25