Where are the InfoCard sites?

Published 06 September 07 02:53 PM | andarno 

InfoCard is the greatest invention since the web browser!  In my opinion anyway.  If you don't agree or you haven't heard of InfoCard, please read from the www.identityblog.com, and in particular the post on the Laws of Identity.  It's really quite impressive what engineering problems InfoCard has been able to solve.

I'm just getting impatient with web sites to start accepting InfoCard.  It's not that hard to accept InfoCard on your site.  Microsoft has released tools to help.  There are also 3rd-party implementations already available for ASP.NET, Ruby, PHP, Python, and Java.

But what's really scary...

But what is really scary (to me), is this tendency that is picking up for web sites to say "Log in with your Google Account" or "Log in with your PayPal account" or Amazon account, or Windows Live ID or whatever.  What assurance do we have when we pass our private credentials to some rogue site that those credentials are being safely passed to the site they claim? 

If I'm logging into blogger.com, I'm asked for my Google Account username and password.  Ok, so I happen to know Google owns Blogger, so I'm going to feel comfortable (mostly) passing my Google credentials to Blogger.  But if phishing is so successful already, what's to stop me from putting up an impressive-looking site and putting up a login that says "Don't create another account to manage!  Log in with your Google Account now!"  How many people will just assume I have a partnership with Google? 

Amazon is going to be sharing their login system, and Windows Live ID recently shared out theirs as well.  This problem is just getting bigger.

The solution is already here

Now if we just switch to InfoCards, we can completely safely pass our cards to any web site.  Since they are encrypted, we could even pass our card encrypted for PayPal to eBay.com for eBay to pass onto PayPal to verify our identity for payment without eBay ever knowing our PayPal credentials.  (Again, eBay happens to own PayPal but you get the idea... other sites use PayPal in the same way).

Let's get to adding InfoCard logins to our web sites, people.  Let's build a safer community for everyone.

Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Rajiv Nair said on September 6, 2007 10:11 AM:

The reason this isn't catching on is that the Infocard infrastructure on the client isnt that widespread - not everyone uses (or wants to use) Vista or install .NET 3.0 on their PCs. And what about Macs/Linux/etc?

# MSDN Blog Postings » Where are the InfoCard sites? said on September 6, 2007 11:23 AM:

PingBack from http://msdnrss.thecoderblogs.com/2007/09/06/where-are-the-infocard-sites/

# Kim said on September 11, 2007 11:54 AM:

Does LiveID play any role in the comments-vetting process for Microsoft blogs?

In other words, now that LiveID supports Information Cards, will this have any effect on the experience of Microsoft bloggers and blog readers?

Great piece,

Kim Cameron

# kim said on September 11, 2007 11:56 AM:

Ah - I see the answer to my own question.  Would it be useful to allow auto-posting for registered LiveID users?  Does this capability already exist?

Kim

Leave a Comment

(required) 
(optional)
(required) 

  
Enter Code Here: Required

Search

This Blog

Interesting blogs

Related sites

Syndication

Disclaimer

All posts on this blog are provided "AS IS" with no warranties, and confer no rights.

License

All source code snippets are released under the Ms-PL license.

Page view tracker