identity metasystem

(redirected from identity system)

identity metasystem

An infrastructure that enables different Internet identity systems to work in a secure manner with a consistent user interface. The identity metasystem was first developed by Microsoft and was embodied in the now-defunct CardSpace system (see Windows CardSpace). Higgins is an open source identity metasystem that supports all platforms and is compatible with CardSpace (see Higgins project).

The identity metasystem is designed to prevent identity theft on the Internet by providing a secure framework for authentication as well as give users control over the data they share on websites. If and when fully implemented, it would provide a system that eliminates the myriad usernames and passwords for each user. It would replace the browser password manager with a more secure system.

Multiple Authenticators
The identity metasystem lets multiple organizations authenticate a user's identity just as a driver's license and credit card serve as two forms of ID in day-to-day life. The user confirms what should be used to satisfy a website's request for authentication.

The Wallet Metaphor - Information Cards
The metasystem uses "information cards," which are the digital counterpart to the plastic cards people keep in their wallets. The user is presented with a window full of card images to choose from, just like you might remove all your business, ID and credit cards from your wallet and lay them out on a table.

Personal cards (p-cards) are self-issued and hold the data users typically type into website registration forms. A person can create multiple p-cards, with one card having more data than another.

Managed information cards (m-cards), such as membership ID cards and credit cards, are issued by organizations. M-card data are stored on the managed card provider's site, while p-card data are stored on the user's computer. However, transaction history for all cards is stored on the client side.

The identity metasystem also supports the OpenID authentication system, and one of the cards in the card selector can be an OpenID card (see OpenID).

Relying Parties Rely on Identity Providers
A website that accepts information cards is known as the "relying party," because it relies on a third-party "identity provider" for authentication, rather than authenticate the user directly as is common today.

The software in the user's computer that orchestrates the interaction between the relying party (RP) and the identity provider (IdP) is the "card selector," also called the "identity selector." The CardSpace and Higgins software in the user's computer is the card selector.

When a user visits an information card-compliant site, the site (the relying party) states its identity requirements, and the user's card selector highlights the cards that meet those requirements. The user confirms the selection, and a request is sent to the identity provider. The identity provider sends back a digitally signed token that the user can inspect to be sure it is genuine before releasing it to the relying party for authentication.

In the case of a personal card, the card selector functions as the identity provider and sends a secure token to the relying party.

The identity metasystem uses the term "claims" to refer to any data that is captured in information cards. Although the term "assertion" has been traditionally used, "claim" implies that it has to be proven.

Web Services Protocols
An identity metasystem relies on the Web services protocols for interaction between the relying party (RP), the identity provider (IdP) and the card selector. See Windows CardSpace, Higgins project, Web services protocols and Identity 2.0.

The Authentication Process
The card selector highlights the card that satisfies the site's identity requirements and sends it to the identity provider (IdP) with the user's approval. The IdP returns a security token that is forwarded to the relying party, once again, via the user's confirmation. The PIN exchange in step 5 is optional.
References in periodicals archive ?
Mohamed Ali Al Khouri, Director General of Emirates ID said the launch of the award is in line with the Authority s quest to develop the advanced identity system in the UAE and thereby support a knowledge-based society and economy and boost the UAE s global competitiveness.
15, 2010 /PRNewswire/ -- Porter Novelli today unveiled a new brand identity system in offices worldwide, including a new logo and color scheme, retiring the former identity system that has been the hallmark of the global agency for more than two decades.
The DTC550 Card Identity System is designed for medium to large enterprises.
says, "Since CMC has grown larger and stronger over many years, offering more services in more places to more customers, the company needs a single, streamlined identity system that helps customers worldwide always know when they're doing business with CMC.
Among the many changes announced are a new logo and corporate identity system including new corporate colors, new print collateral and advertising, a new Web site, and a new tagline, "Come to expect it.
Mohamed Ali Al Khouri, Director General of Emirates ID said the launch of the award is in line with the Authority's quest to develop the advanced identity system in the UAE and thereby support a knowledge-based society and economy and boost the UAE's global competitiveness.
The winning design programs include: -- Restaging the Days Inn logo and identity system -- Creating the new Travelport brand and identity system -- Refreshing the Covenant House brand and identity design system -- Designing engaging internal communications for American Management Association -- Developing a compelling new interactive experience for Magiquest's web site
These systems do not need to be a component of the Bank, VISA, American Express, MasterCard or Discover process network or any electronic payments system to use National Authentication Identity System Secured Network.
Secure Identity System takes a four-pronged approach to identity fraud protection and recovery with a program that includes total identity monitoring, complete breach resolution, expense reimbursement insurance, and ongoing education services.
In Guyana De La Rue has supplied banknotes for over eighty years and also supplied the original national identity system in 1997.
DETROIT, July 29 /PRNewswire/ -- A Wayne State University task force has recommended, and the administration has approved, a name change and the adoption of a new athletic identity system.
NYSE: CBB), a leading transportation and logistics company, today unveiled its new corporate identity system, which involved renaming one of its subsidiaries and introducing a new graphic standard for the logos of all company operating units.

Full browser ?