News

Microsoft Kills CardSpace but Promotes U-Prove for Secure IDs

Microsoft confirmed last week that it will not release CardSpace 2.0, its claims-based identity solution for clients.

CardSpace 2.0 lagged behind the release of other Microsoft code-named "Geneva" identity products, including Active Directory Federation Services 2.0, which was released in May. Consequently, the news that Microsoft would not ship CardSpace 2.0 was not surprising. Microsoft's low-key announcement in a blog post indicated that the ability to use cloud-based identities, the lack of developer tools for CardSpace, plus feedback from beta testers, led to the demise of CardSpace as a product.

"The identity landscape has changed with the evolution of tools and cloud services. Based on the feedback we have received from partners and beta participants, we have decided not to ship Windows CardSpace 2.0," the blog stated.

Microsoft hasn't abandoned the idea of using claims-based identity, in which a user presents a set of claims (such as an e-mail address and user name) to an application. The company uses that approach in various solutions and services, such as Dynamics CRM, SharePoint, Office 365 and Windows Azure. Microsoft instead is putting its efforts behind U-Prove, according to the blog. U-Prove is a set of cryptographic and authentication technologies that Microsoft acquired about two years ago from Montreal-based privacy firm Credentica.

Microsoft announced a new community technology preview of U-Prove last week, noting that "in this Preview, Microsoft offers a U-Prove Agent running as an online service, accessible from any computing device with a web browser." Enhanced security and privacy protections will be offered as "optional client-side software," according to the announcement.

Microsoft is also working with a nonprofit organization called the "Identity Commons" to form a new working group that will shepherd "open source variants of a U-Prove Agent," according to the announcement. The working group will test the agent's "interoperability among common browsers and platforms." Microsoft has already released open source software development kits for C# and Java under the Free BSD license with the first CTP release of U-Prove.

Developers apparently weren't too interested in using cards for claims-based identity, according to Vittorio Bertocci, an evangelist on Microsoft's identity platform and author of a book on CardSpace.  He said in a blog post that "the requests for guidance [from developers] were overwhelmingly about passive single-sign on, authorization and customization, delegation and similar [matters] but not about cards." He described CardSpace as an early version of a claims-based identity solution that wasn't wholly flight worthy, comparing it to archaeopteryx, a bird-like dinosaur.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • New Office App Coming to Windows 10 Users

    Microsoft is delivering a new Office app for Windows 10 consumer and business users over the new few weeks, according to a Wednesday announcement.

  • Microsoft Warns .NET Core 1.0 and 1.1 Losing Support in June

    Microsoft gave notice this week that .NET Core 1.0 and 1.1 will fall out of support on June 27, 2019.

  • Microsoft Publishes Windows Deadlines on Upgrading to SHA-2

    Microsoft on Friday described its 2019 timeline for when it will start distrusting Secure Hash Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.

  • Performing a Storage Refresh on Windows Server 2016, Part 1

    To spruce up some aging lab hardware, Brien decided to make the jump to all-flash storage. Here's a walk-through of the first half of the process.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.