Scott's Workblog

This blog has moved! Go to my new blog!

May 02, 2006

InfoCard for Firefox

You may or may not be aware of InfoCard - a meta-identity system developed by Microsoft that encompasses both self-asserted and federated identity management, and a big new feature for Windows Vista. The big news is, however, that there is now a version for Firefox on non-Windows platforms, potentially opening up this approach to be a truly widespread open infrastructure.

To try it out, check out the instructions over on Johannes Ernst's blog and have a go at accessing some of the infocard-aware sites mentioned by Chuck Mortimore (the author of the extension).

InfoCard is a potentially critical piece of technology as it spans the world of self-asserted lightweight identity (SXIP, LIP, YADIS) and also organisationally-asserted identity (Shibboleth, Liberty) offering the user a simple interface from which to choose the "cards" to provide access to by different sites and services.

This potentially also overcomes the "asymmetric assurances" problem of flat federations such as Shibboleth by supporting self-assertion (e.g., for non-critical services), and reserving the requirement to support institution-verified assertions only where necessary.

An issue with Shib and other federations is that their value is proportional to the number of available services, and yet the assurance level is inversely proportional once you go beyond the equivalent-peer community to encompass other types of organisation; for example, when schools or employers join a federation made up initially of universities. (This isn't a technical problem - its a human action and organisational policy problem).

So rather than diminish assurances within the federation as you extend it amoeba-like over the globe, you instead stop widening the federation and use InfoCard to enable a range of assertion types from multiple federations AND self-assertion instead.

The critical issue now, as Johannes points out, is how far Microsoft is willing to open up this technology for other platforms, and the IPR status of Chuck's implementation makes a very good test case. Clearly without it, InfoCard remains a Windows-IE only technology, not an Internet technology.

main archive