In my previous post about CardSpace (A lighthearted introduction to Windows Cardspace), I made an imprecise assertion that I would like to briefly reformulate here. In my example about tax application, I did mention that Self-issued cards were not “secure enough” for that type of applications. In fact, self-issued and managed cards have the same security. What we want to achieve for a tax application is a higher level of trust on the veracity of the information contained in the token. We want that a trusted third-party guarantees for this information. In other words, we want an “official identity provider” that we can use for “official purposes”.