Information card

Last updated January 26, 2024

An information card (or i-card) is a personal digital identity that people can use online, and the key component of an identity metasystem. Visually, each i-card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select one they want to use for any given interaction. The information card metaphor has been implemented by identity selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector.

An identity metasystem is an interoperable architecture for digital identity that enables people to have and employ a collection of digital identities based on multiple underlying technologies, implementations, and providers. Using this approach, customers can continue to use their existing identity infrastructure investments, choose the identity technology that works best for them, and more easily migrate from old technologies to new technologies without sacrificing interoperability with others. The identity metasystem is based upon the principles in "The Laws of Identity".^[1]

Overview

Information cards shown in DigitalMe Identity Selector DigitalMe.png — Information cards shown in DigitalMe Identity Selector

There are three participants in digital identity interactions using information cards:^{[ citation needed ]}

Identity providers issue digital identities for you. For example, businesses might issue identities to their customers, governments might vouch for the identities of their citizens, credit card issuers might provide identities enabling payment, online services could provide verified data such as age, and individuals might use self-issued identities to log onto websites.
Relying parties (RPs) accept identities for you. Online services that you use can accept digital identities that you choose and use the information provided by them on your behalf, with your consent.
Subject is yourself, the party in control of all these interactions. The subject can choose which of its applicable digital identities to use with the relying party.

Selectors

An identity selector is used to store, manage, and use their digital identities. Examples of identity selectors are Microsoft's Windows CardSpace, the Bandit Project's DigitalMe,^[2] and several kinds of Identity Selectors from the Eclipse Foundation's Higgins project.

An identity selector performs the following user-centric identity management tasks:

Provides a consistent user experience for authentication (and in some cases other kinds of interactions) with an RP (also known as a Service Provider).
Provides a user interface that displays a set of information card icons from which the user selects their preferred i-card when authentication is required by a local application or relying party (e.g. a website's login page).
Provides a user interface to create and manage personal (also known as self-issued) information cards.
Provides a local security token service that is used to issue the security tokens for personal i-cards.
Provides a user interface to import and export information cards in standard file formats.
Is invoked by a browser extension or by a local rich client application.

An identity selector may also allow the user to manage (e.g. create, review, update, and delete cards within) their portfolio of i-cards.

Identity metasystems

There are five key components to an identity metasystem:

A way to represent identities using claims. Claims are carried in security tokens, as per WS-Security.
A means for identity providers, relying parties, and subjects to negotiate. Dynamically negotiating the claims to be delivered and the security token format used enables the identity metasystem to carry any format of token and any kinds of claims needed for a digital identity interaction. Negotiation occurs using WS-SecurityPolicy statements exchanged using WS-MetadataExchange.
An encapsulating protocol to obtain claims and requirements. The WS-Trust and WS-Federation protocols are used to carry requests for security tokens and responses containing those tokens.
A means to bridge technology and organizational boundaries using claims transformation. Security token services (STS) as defined in WS-Trust are used to transform claim contents and formats.
A consistent user experience across multiple contexts, technologies, and operators. This is achieved via identity selector client software such as Windows CardSpace representing digital identities owned by users as visual i-cards.

Generic qualities

I-cards are created by an entity known as a issuer.
I-cards display the name of the issuer (issuerName) in a text string.
I-cards have a text string to identify the card (cardName) that is initially set by the card issuer. Typically this card name is user-editable.
I-cards may have a (GIF or JPEG) background image (cardImage) set by the card issuer (user-editable).
In most i-cards the user is able to see the value of the claims.

Sign-in capabilities

The graphic used to indicate information card support InfoCardIcon.png — The graphic used to indicate information card support

Using i-cards, users can authenticate without needing a username and password for every website; instead, at sites accepting them, they can log in with an i-card, which may be used at multiple sites.

Each information card utilizes a distinct pair-wise digital key for every realm where a key is requested. A realm may be a single site or a set of related sites all sharing the same target scope information when requesting an information card. The use of distinct pair-wise keys per realm means that even if a person is tricked into logging into an imposter site with an i-card, a different key would be used at that site than the site that the imposter was trying to impersonate; no shared secret is released.

Furthermore, many identity selectors provide a means of phishing detection, where the HTTPS certificate of the relying party site is checked and compared against a list of the sites at which the user has previously used an information card. When a new site is visited, the user is informed that they have not previously used a card there.

Types of i-cards

The Identity Selector Interoperability Profile v 1.5^[3] (or OASIS IMI v1.0 Committee Draft)^[4] specifies two types of information cards that an identity selector must support.

Personal Information Cards: (Also called self-issued) these cards allow you to issue claims about yourself to sites willing to accept them. These claims can include your name, address, phone numbers, e-mail address, web address, birth date, gender, and a site-specific key uniquely generated for each site where the card is used.
Managed Information Cards: These cards allow identity providers other than yourself to make claims about you to sites willing to accept them. These claims can include any information that an RP requests, an identity provider is able to provide, and you are willing to send between them.

The Higgins project is defining two new kinds of i-cards as well:

Relationship cards (or R-cards) are used to establish an ongoing relationship between multiple parties.
Zero-knowledge cards (or Z-cards)

However the Information Card format allows for custom types; The Bandit project demonstrated prototype managed cards backed by OpenIDs at the Novell BrainShare conference in March 2007.

Personal cards

The first kind of personal Information cards were also introduced as part of Microsoft’s Windows CardSpace software in November 2006. Their behavior is also defined by the same documents covering the Microsoft-defined managed cards (see above).

Summary of characteristics:

Data format an XML file containing: set of claim type URIs as well as the (user-defined) values of these claims, cardImage, a unique cardID, etc. This data format is defined in the ISIP documents.
Issuer: The user's own Identity Selector. Personal cards can be described as self-issued
Genesis: Created by the user's Identity Selector.
Claims: 15 pre-defined claim types (e.g. firstname, surname, email address, etc.) are defined in the Identity Selector Interoperability Profile v 1.5^[3] (or OASIS IMI v1.0 Committee Draft).^[4]
Authority: The user's Identity Selector is the authority for the issued token's set of claim values.
Data flow: On demand (e.g. as needed by a relying site), an STS local to the Identity Selector creates a security token with the current values.
Editability: The claim values are directly editable by the user.
Attribute data source: The personal card XML file contains claim values. When imported into an Identity Selector these data values are then managed internally by the selector.

Managed information cards

The first kind of managed card was introduced as part of Microsoft’s Windows CardSpace software in November 2006. The behavior, file format and interoperability characteristics of these kinds of managed cards are defined by Microsoft documents such as the Identity Selector Interoperability Profile v 1.5^[3] (or OASIS IMI v1.0 Committee Draft;^[4] see self-issued.info^[5] for a more complete list), in combination with open standards including WS-Trust^[6] and others.

Summary of characteristics:

Data format: an XML file containing: network endpoint of the STS, set of claim type URIs, name of the card, cardImage, issuerName, a unique cardID, etc. The XML file format is defined in the ISIP documents.
Issuer: An external, third party token service (representing an external person or organization).
Genesis: A managed card is generated by a Security Token Service running at an Identity Provider site and imported into the user's Identity Selector.
Claims: The list of supported claim types (claim type URIs) is defined by the issuer.
Authority: The issuer is the sole authority for the claim values contained within the token it issues.
Data flow: Managed cards contain a network endpoint reference to an STS that, when requested by the Identity Selector (using WS-Trust, etc.) generates/provides a security token containing the required claims.
Editability: Underlying attribute data is not directly editable by the user.
Attribute data source: Determined by the issuer, and generally managed by the issuer.

I-cards issued by third parties can employ any of four methods for the user to authenticate himself as the card owner:

a Personal Information Card (self-issued),
an X.509 certificate (which can either be from a hardware device such as a SmartCard or it can be a software certificate),
a Kerberos ticket, such as those issued by many enterprise login solutions, or
a username and password for the card.

Additional methods could also be implemented by future identity selectors and identity providers.

Managed i-cards can be auditing, non-auditing, or auditing-optional:

Auditing cards require the identity of the RP site to be disclosed to the Identity Provider. This can be used to restrict which sites the identity provider is willing to release information to.
Non-auditing cards will not disclose the identity of the RP site to the Identity Provider.
Auditing-optional cards will disclose the identity of the Relying Party site if provided by the RP, but do not require this disclosure.

Relationship cards

Relationship cards are under development by the Higgins project (see the report by Paul Trevithick).^[7]

Summary of characteristics:

Data format: A managed card that supports a resource-udi claim.
Supported Claims: Like all managed (or personal) cards, r-cards include a list of supported claim types (expressed as URIs) as defined by the issuer. This set defines the maximal set of claims that issuer will include in its generated security token. These claims are inherited from underlying ISIP-m-card upon which it is based and are used for the same purposes. Beyond managed cards the resource-udi "meta" claim provides a reference to a set of attributes.
Authority: The issuer is the authority for the issued token's set of claim values (as per a normal managed or personal card).
Editability: The values of underlying attributes (referenced by the resource-udi claim) may be editable by parties other than the issuer.
Supported Attributes: The value of an r-card's resource-udi claim is an Entity UDI^[8] (URI) that "points to" a data entity (representing a person, organization, or other object). The set of attributes of this data entity is distinct from (though usually a superset of) the "supported claims" mentioned above.

Reliance on the Higgins Data Model

Conceptually a managed card is essentially a human-friendly "pointer" to a Token Service—a web service (e.g. a STS) from which security tokens can be requested. A security token is a set of attribute assertions (aka claims) about some party that is cryptographically signed by the issuer (the token service acting as the authority). An r-card, contains a second "pointer" that points to a data entity whose attribute's values (i) shared by all parties to the r-card and (ii) form the underlying attributes that are consumed by the r-card issuer's STS and provide the values of the claims that this STS makes. By including this second "pointer" on the r-card, r-card holders have the potential to access and update some subset of these underlying attributes. The card issuer maintains an access control policy to control who has what level of access.

This second pointer is an Entity UDI^[8]—a reference to an Entity object in the Higgins Context Data Model.^[9] Entity UDIs may be dereferenced and the underlying Entity's attributes accessed by using the Higgins project's Identity Attribute Service.^[10] Once resolved, consumers of this service can inspect, and potentially modify the attributes of the entity as well as get its schema as described in Web Ontology Language (OWL).

In addition to basic identity attribute values like strings and numbers, the data entity referred to by an r-card can have complex attribute values consisting of aggregates of basic attribute types as well as UDI links to other entities.

Claims

Beyond being used to log into sites, Information Cards can also facilitate other kinds of interactions. The Information Card model provides great flexibility because cards can be used to convey any information from an Identity Provider to a Relying Party that makes sense to both of them and that the person is willing to release. The data elements carried in i-cards are called Claims.

One possible use of claims is online age verification, with Identity Providers providing proof-of-age cards, and RPs accepting them for purposes such as online wine sales; other attributes could be verified as well. Another is online payment, where merchants could accept online payment cards from payment issuers, containing only the minimal information needed to facilitate payment. Role statements carried by claims can be used for access control decisions by Relying Parties.

Interoperability and licensing

The protocols needed to build Identity Metasystem components can be used by anyone for any purpose with no licensing cost and interoperable implementations can be built using only publicly available documentation. Patent promises have been issued by Microsoft,^[11] IBM,^[12] and others ensuring that the protocols underlying the Identity Metasystem can be freely used by all.

The Information Cards defined by the Identity Selector Interoperability Profile v 1.5^[3] (or OASIS IMI v1.0 Committee Draft)^[4] are based on open, interoperable communication standards. Interoperable i-card components have been built by dozens of companies and projects for platforms including Windows, Mac OS, and Linux, plus a prototype implementation for phones. Together, these components implement an interoperable Identity Metasystem. Information Cards can be used to provide identities both for Web sites and Web Services applications.

Several interoperability testing events for i-cards have been sponsored by OSIS^[13] and the Burton Group,^[14] one was at the Interop at the October 2007 European Catalyst Conference in Barcelona^[15] and the most recent was at RSA 2008. These events are helping to ensure that the different Information Card software components being built by the numerous participants in the Identity Metasystem work well together.

The protocols needed to build Information Card implementations based on the Identity Selector Interoperability Profile v 1.5^[3] (or OASIS IMI v1.0 Committee Draft)^[4] can be used by anyone for any purpose at no cost and interoperable implementations can be built using only publicly available documentation. Patent promises have been issued by Microsoft,^[11] IBM,^[12] and others, ensuring that this Information Card technology is freely available to all.

In June 2008, industry leaders including Equifax, Google, Microsoft, Novell, Oracle, PayPal and others created the Information Card Foundation in order to advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity layer spanning both the enterprise and the Internet.

In his report on the Interop at the June 2007 Catalyst Conference in San Francisco,^[16] analyst Bob Blakley wrote:

The interop event was a milestone in the maturation of user-centric identity technology. Prior to the event, there were some specifications, one commercial product, and a number of open-source projects. After the event, it can accurately be said that there is a running Identity Metasystem.

History of the terminology

The term "information card" was introduced by Microsoft in May 2005 as a name for the visual information card metaphor to be introduced in its forthcoming Windows CardSpace software. Until early 2006, information cards were also sometimes referred to by the code-name “InfoCard”, which was not a name that was freely available for all to use. The name information card was specifically chosen as one that would be freely available for all to use, independent of any product or implementation. The name “information card” is not trademarked and is so generic as to not be trademarkable.

The term i-card was introduced at the June 21, 2006, Berkman/MIT Identity Mashup conference.^[17]^[18] The intent was to define a term that was not associated with any industry TM or other IP or artifact. At the time, Microsoft had not yet finished applying the Open Specification Promise^[11] to the protocols underlying Windows CardSpace and there was also a misunderstanding that the term information card was not freely available for use by all, so to be conservative, the term i-card was introduced.

Mike Jones, of Microsoft, explained to participants of a session at IIW 2007b^[19] that Microsoft always intended the term information card to be used generically to describe all kinds of information cards and to be freely usable by all, and tried to correct the earlier misunderstanding that the term might apply only to the kinds of information cards originally defined by Microsoft. He made the case that the industry would be better served by having everyone use the common term information card, than having two terms in use with the same meaning, since there remains no legal or technical reason for different terms. In this case the term i-card would become just the short form of information card, just like e-mail has become the short form of electronic mail.

Software implementations

DACS – open source RP & Information Card STS written in C
Higgins project – Identity Selector deployment configuration
Windows CardSpace – ran on Windows Vista, Windows XP, and Windows Server 2003

Related Research Articles

In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, information about the identity of its owner, and the digital signature of an entity that has verified the certificate's contents. If the device examining the certificate trusts the issuer and finds the signature to be a valid signature of that issuer, then it can use the included public key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer (SSL), is notable for being a part of HTTPS, a protocol for securely browsing the web.

Windows Management Instrumentation (WMI) consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF).

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Digital identity is the phrase referring to the data that computer systems use to represent external agents, which can be individuals, organizations, applications, or devices. For individuals, it involves an aggregation of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.

A credential service provider (CSP) is a trusted entity that issues security tokens or electronic credentials to subscribers. A CSP forms part of an authentication system, most typically identified as a separate entity in a Federated authentication system. A CSP may be an independent third party, or may issue credentials for its own use. The term CSP is used frequently in the context of the US government's eGov and e-authentication initiatives. An example of a CSP would be an online site whose primary purpose may be, for example, internet banking - but whose users may be subsequently authenticated to other sites, applications or services without further action on their part.

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

<span class="mw-page-title-main">Gemalto</span> International digital security company

Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

The Microsoft Open Specification Promise is a promise by Microsoft, published in September 2006, to not assert its patents, in certain conditions, against implementations of a certain list of specifications.

Information Card Foundation (ICF) is an independent non-profit organization created in June 2008. The ICF consists of Steering Community board members and Steering Business board members. Some of the businesses include Equifax, Google, Microsoft, Novell, Oracle Corporation and PayPal. The foundation was formed to promote Information Card technology, a user-centric, cross-platform, identity technology that shifts control over personal information to the individual. Information cards allow the user to the control release of self-asserted claims or claims made by a third-party identity provider represented using a card/wallet metaphor in a user interface called a "card selector", to relying parties

Active Directory Federation Services, a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement federated identity. Claims-based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication. It is part of the Active Directory Services.

Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

Claims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet. It also provides a consistent approach for applications running on-premises or in the cloud. Claims-based identity abstracts the individual elements of identity and access control into two parts: a notion of claims, and the concept of an issuer or an authority.

The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.

Verifiable credentials (VCs) are digital credentials which follow the relevant World Wide Web Consortium open standards. They can represent information found in physical credentials, such as a passport or license, as well as new things that have no physical equivalent, such as ownership of a bank account. They have numerous advantages over physical credentials, most notably that they're digitally signed, which makes them tamper-resistant and instantaneously verifiable. The security of verifiable credentials in the context of COVID-19 vaccination and test certificates has been questioned. Verifiable credentials have also been subject to usability concerns. Verifiable credentials can be issued by anyone, about anything, and can be presented to and verified by everyone. The entity that generates the credential is called the Issuer. The credential is then given to the Holder who stores it for later use. The Holder can then prove something about themselves by presenting their credentials to a Verifier.

References

↑ "The Laws of Identity". Microsoft. 5 June 2011. Archived from the original on 5 June 2011.
↑ "DigitalMe – Bandit – Trac". 13 October 2008. Archived from the original on 13 October 2008.
1 2 3 4 5 dentity Selector Interoperability Profile v 1.5 Microsoft
1 2 3 4 5 Specifications oasis-open.org
↑ "Mike Jones: self-issued » Updated versions of Information Card profile documents published". self-issued.info.
↑ WS Trust xmlsoap.org February 2005
↑ Webmaster. "Archived Projects". www.eclipse.org.
1 2 http://parity.com/udi%5B%5D
↑ "Context Data Model 1.0 - Eclipsepedia". wiki.eclipse.org.
↑ "Identity Attribute Service 1.0 - Eclipsepedia". wiki.eclipse.org.
1 2 3 "Open Specification Promise". www.microsoft.com.
1 2 "IBM Open Source Portal". 8 October 2007. Archived from the original on 8 October 2007.
↑ "OSIS Open Source Identity Systems". osis.idcommons.net.
↑ "Gartner for Technical Professionals - IT Research - Gartner Inc". www.burtongroup.com.
↑ Osis User Center ^{[ dead link ]}
↑ Recapping the C ^{[ dead link ]}
↑ "MIT Identity Mashup conference meeting notes". Archived from the original on 3 March 2009. Retrieved 25 September 2010.
↑ "More on I-Cards and I-Names". 28 July 2006.
↑ "Iiw2007b - IIW". iiw.idcommons.net.

Clique Space: another look at identity, Owen Thomas, November 2010.
Parity Provides Free Online Identity Management – Oct 2008 CNET article by Robert Vamosi
Microsoft's Vision for an Identity Metasystem, Michael B. Jones, May 2005.
The Laws of Identity, Kim Cameron, May 2005.
Design Rationale behind the Identity Metasystem Architecture, Kim Cameron and Michael B. Jones, January 2006.
7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, Ann Cavoukian, Information and Privacy Commissioner of Ontario, October 2006.

Additional resources

Technology Leaders Favor Online ID Card Over Passwords – New York Times article 24-Jun-08 announcing the Information Card Foundation
Identity Selector Interoperability Profile, Arun Nanda, April 2007.
Identity Selector Interoperability Profile v 1.5
OASIS IMI v1.0 Committee Draft
An Implementer's Guide to the Identity Selector Interoperability Profile V1.0, Microsoft Corporation and Ping Identity Corporation, April 2007.
A Guide to Using the Identity Selector Interoperability Profile V1.0 within Web Applications and Browsers, Michael B. Jones, April 2007.
Design Rationale behind the Identity Metasystem Architecture, Kim Cameron and Michael B. Jones, January 2006.
Patterns for Supporting Information Cards at Web Sites: Personal Cards for Sign up and Signing In, Bill Barnes, Garrett Serack, and James Causey, August 2007.
Microsoft Open Specification Promise, May 2007.
IBM Interoperability Specifications Pledge, July 2007.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "The Laws of Identity". Microsoft. 5 June 2011. Archived from the original on 5 June 2011.

[2] "DigitalMe – Bandit – Trac". 13 October 2008. Archived from the original on 13 October 2008.

[microsoft.com-3] 1 2 3 4 5 dentity Selector Interoperability Profile v 1.5 Microsoft

[oasis-open.org-4] 1 2 3 4 5 Specifications oasis-open.org

[5] "Mike Jones: self-issued » Updated versions of Information Card profile documents published". self-issued.info.

[6] WS Trust xmlsoap.org February 2005

[7] Webmaster. "Archived Projects". www.eclipse.org.

[parity.com-8] 1 2 http://parity.com/udi%5B%5D

[9] "Context Data Model 1.0 - Eclipsepedia". wiki.eclipse.org.

[10] "Identity Attribute Service 1.0 - Eclipsepedia". wiki.eclipse.org.

[microsoft.com1-11] 1 2 3 "Open Specification Promise". www.microsoft.com.

[archive.org-12] 1 2 "IBM Open Source Portal". 8 October 2007. Archived from the original on 8 October 2007.

[13] "OSIS Open Source Identity Systems". osis.idcommons.net.

[14] "Gartner for Technical Professionals - IT Research - Gartner Inc". www.burtongroup.com.

[15] Osis User Center ^{[ dead link ]}

[16] Recapping the C ^{[ dead link ]}

[17] "MIT Identity Mashup conference meeting notes". Archived from the original on 3 March 2009. Retrieved 25 September 2010.

[18] "More on I-Cards and I-Names". 28 July 2006.

[19] "Iiw2007b - IIW". iiw.idcommons.net.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

Information card

Contents

Overview

Selectors

Identity metasystems

Generic qualities

Sign-in capabilities

Types of i-cards

Personal cards

Managed information cards

Relationship cards

Reliance on the Higgins Data Model

Claims

Interoperability and licensing

History of the terminology

Software implementations

See also

Related Research Articles

References

Additional resources

External links