Printer Friendly
Dictionary, Encyclopedia and Thesaurus - The Free Dictionary
1,806,304,531 visitors served.
forum mailing list For webmasters
?
New: Language forums
Dictionary/
thesaurus
Medical
dictionary
Legal
dictionary
Financial
dictionary
Acronyms
 
Idioms
Encyclopedia
Wikipedia
encyclopedia
?

identity metasystem

   Also found in: Wikipedia 0.03 sec.

identity metasystem

An infrastructure that enables different Internet identity systems to work in a secure manner with a consistent user interface. The identity metasystem was first developed by Microsoft and is embodied in the CardSpace system (see Windows CardSpace). Higgins is an open source identity metasystem that supports all platforms and is compatible with CardSpace (see Higgins project).

The identity metasystem is designed to prevent identity theft on the Internet by providing a secure framework for authentication as well as give users control over the data they share on Web sites. If and when fully implemented, it would provide a system that eliminates the myriad usernames and passwords that prevail on the Internet for each user. It would replace the browser password manager that currently remembers users' passwords with a system that is more secure, flexible and consistent.

Multiple Authenticators
The identity metasystem lets multiple organizations authenticate a user's identity just as a driver's license and credit card serve as two forms of ID in day-to-day life. The user confirms which providers should be used to satisfy a Web site's request for authentication.

The Wallet Metaphor - Information Cards
The metasystem uses "information cards," which are the digital counterpart to the plastic cards people keep in their wallets. The user is presented with a window full of card images to choose from, just like you might remove all your business, ID and credit cards from your wallet and lay them out on a table.

Personal cards (p-cards) are self-issued and hold the data users typically type into Web site registration forms. A person can create multiple p-cards, with one card having more data than another.

Managed information cards (m-cards), such as membership ID cards and credit cards, are issued by organizations. M-card data are stored on the managed card provider's site, while p-card data are stored on the user's computer. However, transaction history for all cards is stored on the client side.

The identity metasystem also supports the OpenID authentication system, and one of the cards in the card selector can be an OpenID card (see OpenID).

Relying Parties Rely on Identity Providers
A Web site that accepts information cards is known as the "relying party," because it relies on a third-party "identity provider" for authentication, rather than authenticate the user directly as is common today.

The software in the user's computer that orchestrates the interaction between the relying party (RP) and the identity provider (IdP) is the "card selector," also called the "identity selector." The CardSpace and Higgins software in the user's computer is the card selector.

When a user visits an information card-compliant site, the site (the relying party) states its identity requirements, and the user's card selector highlights the cards that meet those requirements. The user confirms the selection, and a request is sent to the identity provider. The identity provider sends back a digitally signed token that the user can inspect to be sure it is genuine before releasing it to the relying party for authentication.

In the case of a personal card, the card selector functions as the identity provider and sends a secure token to the relying party.

Claims
The identity metasystem uses the term "claims" to refer to any data that is captured in information cards. Although the term "assertion" has been traditionally used, "claim" implies that it has to be proven.

Web Services Protocols
An identity metasystem relies on the Web services protocols for interaction between the relying party (RP), the identity provider (IdP) and the card selector. See Windows CardSpace, Higgins project, Web services protocols and Identity 2.0.

The Authentication Process
The card selector highlights the card that satisfies the site's identity requirements and sends it to the identity provider (IdP) with the user's approval. The IdP returns a security token that is forwarded to the relying party, once again, via the user's confirmation. The PIN exchange in step 5 is optional.



How to thank TFD for its existence? Tell a friend about us, add a link to this page, add the site to iGoogle, or visit webmaster's page for free fun content.
?Page tools
Printer friendly
Cite / link
 Email
Feedback
? Mentioned in ? References in periodicals archive
 
InfoCard, a user interface to the Identity Metasystem (http-.
Windows Vista by Software World
We believe the Information Card support will help improve the consumers' online experience by extending the security and convenience benefits of the Identity Metasystem to SignOn.
Ping Identity Announces SignOn.com by Business Wire
With the recent general release of Windows Vista, we look forward to further customer adoption of the technology and support in our overall vision of an Identity Metasystem.
Corillian Supports Integration of Microsoft Windows CardSpace by Business Wire
More results
 
Encyclopedia browser? ? Full browser
 
 
Encyclopedia
?

Disclaimer | Privacy policy | Feedback | Copyright © 2009 Farlex, Inc.
All content on this website, including dictionary, thesaurus, literature, geography, and other reference data is for informational purposes only. This information should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional. Terms of Use.