Under the Hood
CardSpace is installed by default on Windows Vista. It's available as a download for Windows XP and Windows Server 2003 via Windows Update. To confirm that Windows CardSpace is installed on your system, open Control Panel and look for the Windows CardSpace applet, or look for the Windows CardSpace service in the Services section of the Microsoft Management Console (MMC) Computer Management snap-in.
Windows CardSpace is also bundled with the .NET Framework 3.0 and later versions, which runs on Windows Server 2008, Vista, XP, and Windows 2003; .NET Framework 3.0 is bundled with—but not installed by default on—Server 2008. So, the easiest way to add CardSpace support to Server 2008 is to install .NET Framework 3.0 Features.
To use CardSpace, you also need a compatible web browser. Internet Explorer 7 (IE 7) supports CardSpace natively, and third parties provide support to integrate CardSpace functionality into other browser platforms. For example, you can find a CardSpace plug-in for Firefox at the CodePlex IdentitySelector page.
Microsoft built Windows CardSpace atop the Web Services protocol stack (WS-*), an open set of XML-based protocols for web service communication. Any application or platform that supports WS-* protocols can integrate with CardSpace. For more information about the WS-* specifications, see the Microsoft article "Web Services Specifications Index Page".
To accept InfoCards on a website, a developer must add specific HTML tags to the web content that specify the user claims that the site requires. The developer must also implement code on the web server that decrypts the InfoCards and extracts the user claims. A quick Internet search yields code examples to integrate InfoCard not only with Microsoft-based websites but also with other web application servers—for example, Apache.
If an identity provider wants to provide managed InfoCards to users, it must have a Security Token Service. An STS is a security authority that can create managed InfoCards. An identity provider that doesn't want to build its proper STS can buy one from vendors such as Ping Identity. Another option is to wait for the release of Microsoft’s Federated Identity Server (code-named Geneva), which will provide an Identity Metasystem-compliant STS that can interface with CardSpace. Consider Geneva as the next evolution of Microsoft’s Active Directory Federation Services (ADFS), which is bundled with Server 2008 and Windows 2003.
A little more about interoperability: CardSpace and the Identity Metasystem can deal with various security token formats, which explains why CardSpace shouldn't be considered a competitor to other Internet-identity architectures such as OpenID and Microsoft’s Windows Live ID. You can use CardSpace InfoCards to sign in with your OpenID or Windows Live ID account. To link an InfoCard to your OpenID account, visit SignOn.com. To link an InfoCard to your Windows Live ID account, go here.
Secure Alternative
Through its user-friendly interface and its secure architecture, CardSpace offers a valuable alternative to the classic username/password scheme and puts users back in control of their identity interactions on the Internet. The widespread adoption and success of CardSpace will largely depend on the number of websites and applications that support it.