identity metasystem

(redirected from managed card)

identity metasystem

An infrastructure that enables different Internet identity systems to work in a secure manner with a consistent user interface. The identity metasystem was first developed by Microsoft and was embodied in the now-defunct CardSpace system (see Windows CardSpace). Higgins is an open source identity metasystem that supports all platforms and is compatible with CardSpace (see Higgins project).

The identity metasystem is designed to prevent identity theft on the Internet by providing a secure framework for authentication as well as give users control over the data they share on websites. If and when fully implemented, it would provide a system that eliminates the myriad usernames and passwords for each user. It would replace the browser password manager with a more secure system.

Multiple Authenticators
The identity metasystem lets multiple organizations authenticate a user's identity just as a driver's license and credit card serve as two forms of ID in day-to-day life. The user confirms what should be used to satisfy a website's request for authentication.

The Wallet Metaphor - Information Cards
The metasystem uses "information cards," which are the digital counterpart to the plastic cards people keep in their wallets. The user is presented with a window full of card images to choose from, just like you might remove all your business, ID and credit cards from your wallet and lay them out on a table.

Personal cards (p-cards) are self-issued and hold the data users typically type into website registration forms. A person can create multiple p-cards, with one card having more data than another.

Managed information cards (m-cards), such as membership ID cards and credit cards, are issued by organizations. M-card data are stored on the managed card provider's site, while p-card data are stored on the user's computer. However, transaction history for all cards is stored on the client side.

The identity metasystem also supports the OpenID authentication system, and one of the cards in the card selector can be an OpenID card (see OpenID).

Relying Parties Rely on Identity Providers
A website that accepts information cards is known as the "relying party," because it relies on a third-party "identity provider" for authentication, rather than authenticate the user directly as is common today.

The software in the user's computer that orchestrates the interaction between the relying party (RP) and the identity provider (IdP) is the "card selector," also called the "identity selector." The CardSpace and Higgins software in the user's computer is the card selector.

When a user visits an information card-compliant site, the site (the relying party) states its identity requirements, and the user's card selector highlights the cards that meet those requirements. The user confirms the selection, and a request is sent to the identity provider. The identity provider sends back a digitally signed token that the user can inspect to be sure it is genuine before releasing it to the relying party for authentication.

In the case of a personal card, the card selector functions as the identity provider and sends a secure token to the relying party.

Claims
The identity metasystem uses the term "claims" to refer to any data that is captured in information cards. Although the term "assertion" has been traditionally used, "claim" implies that it has to be proven.

Web Services Protocols
An identity metasystem relies on the Web services protocols for interaction between the relying party (RP), the identity provider (IdP) and the card selector. See Windows CardSpace, Higgins project, Web services protocols and Identity 2.0.


The Authentication Process
The card selector highlights the card that satisfies the site's identity requirements and sends it to the identity provider (IdP) with the user's approval. The IdP returns a security token that is forwarded to the relying party, once again, via the user's confirmation. The PIN exchange in step 5 is optional.
References in periodicals archive ?
Focused on financial strength, we have successfully originated and managed card assets for more than 670,000 accounts from numerous financial institutions.
During his career with American Express, Lewis managed card marketing and business relationships with several airlines and hotels in the U.
9 billion in managed card receivables will produce the nation's third-largest card operation with 32.
Unisys-deployed and managed card readers and supporting technology quickly communicate RFID-stored traveler information to CBP, whose systems can confirm a WHTI document's validity and assist in determining a traveler's true identity.
That's why Hallmark Business Expressions recently announced an expansion to its Managed Card Program, a solution designed to make it easy to build and strengthen business relationships using business greeting cards, such as business birthday cards, business thank you cards and corporate holiday cards, whether a company's employees are located on a single campus or spread across the country.
Our Managed Card Program gives anyone in an organization easy access to a pre-approved collection of business greeting cards and customization options designed to reflect the company's brand and strengthen business relationships with its most important contacts," said Marc Wagenheim, product marketing director for Hallmark Business Expressions.
During the first quarter, the company modestly grew its managed card receivables to $23.
The company's continued success in attracting credit card customers, including WaMu retail customers, contributed to an increase in managed card receivables and higher credit card fee income.
Through the partnership, SchlumbergerSema will integrate Falcon into its Essentis system for fraud protection and also market Falcon to its customers in Europe and Asia as part of its evolving third party provider services, which include business consulting and managed card services to the payment cards industry.
Normalized credit quality measures for the bank's managed card portfolio, following 4Q98 policy and accounting adjustments, have been solid, as they must be for PBCT to generate competitive returns from the low rate, high quality customer strategy that the bank employs.
In this release, CA intends to provide an Information Card Authentication Scheme within CA SiteMinder Web Access Manager that enables it to manage access to Web sites that accept self-issued or managed cards for access.

Full browser ?