Windows

How do I . . . create Microsoft CardSpace personal digital identification card?

Digital identification and, more importantly, the ability to exchange certified digital information, is the mantra of many network security strategies. Microsoft's solution to digital identification is CardSpace. Mark Kaelin shows you how to create one.

Digital identification and, more importantly, the ability to exchange certified digital information is the mantra of many network security strategies. With the proliferation of open communications networks, access to systems and data boils down to whether the system recognizes who is connected to the network more than whether that person can be granted access in the first place.

Many companies are vying to establish a standard way to create, authenticate, and transmit digital identification, but no solution has been able to establish control of the market. Microsoft's solution to digital identification is CardSpace. The company has begun rolling out this identification scheme to many of its Web sites. An individual using Windows Vista can create a personal CardSpace card that they can use to identify themselves to Web sites. This How do I... shows you how create a personal card and then how to pass it on to a Web site requesting the information.

This blog post is also available as a TechRepublic download and gallery.

CardSpace is also available for Windows XP users with a free download from Microsoft.

Create a CardSpace personal card

To start Windows CardSpace in Vista, click the Start button and type cardspace in the search box (Figure A). Alternatively, you can navigate to the Control Panel and click the CardSpace icon (Figure B).

Figure A

Desktop search -- CardSpace

Figure B

Control Panel -- CardSpace
The first screen you will see is the Welcome to Windows CardSpace information screen, shown in Figure C.

Figure C

Welcome to Windows CardSpace
Figure D shows you the Windows CardSpace page before any cards are entered. In theory, there will be several cards listed on this page -- some will be personal and some will be sent to you by Web sites and other authentication sites. Identification cards received this way are called managed cards.

Figure D

Windows CardSpace
To add a card, click the Add a Card icon and then click the Add button (Figure E). Alternatively, you can click the Add a Card link located on the right-hand navigation menu.

Figure E

Add a Card
Click on the Create a Personal Card link to start entering your personal data (Figure F). If you had received a managed card, you would install it from this screen.

Figure F

http://b2b.cbsimg.net/gallery/164308-500-363.jpg
Create a Personal Card
Fill in the information requested and click the Save button when you are done (Figure G). Note: you cannot Alt-Tab out of these screens -- you have to save or quit the process.

Figure G

Enter personal data
You can modify your new personal CardSpace card any time from the Edit screen (Figure H).

Figure H

Edit screen
Over time, some of the most important information about your personal Windows CardSpace card is going to be found on the View Card History screen (Figure I). To get to this screen, click on the View Card History link in the navigation menu on the right side of the main CardSpace screen.

Figure I

View Card History

Send your personal card to a Web site

If you spend much time on Web sites sponsored by Microsoft, you are likely to already have a Passport or Live account. In some cases, you can now use your newly created Windows CardSpace personal card to sign in to these Web sites. Figure J shows the login screen for Windows Live.

Figure J

Windows Live login
The first time you log in to one of these sites you'll enter your password as part of the process to add your personal Windows CardSpace card to the login system (Figure K).

Figure K

Adding your personal CardSpace card
When you do, you will see a screen similar to the one shown in Figure L. The screen is asking you to confirm that you want to send a personal card to a particular Web site. This is where you can see certificate information for the Web site in question.

Figure L

Sending the card
After sending your personal card, the Windows Live site notifies you that the card has been accepted (Figure M).

Figure M

http://b2b.cbsimg.net/gallery/164315-500-375.jpg
Your personal card
The next time you visit the Web site, it will recognize you and ask you to log in using CardSpace (Figure N). You no longer need to remember your username and password -- Windows CardSpace takes care of that for you.

Figure N

Easy login
The only thing you have to remember is which card to send (Figure O).

Figure O

Picking the right card

The future

This may seem like a lot of extra work just to log in to a Web site, especially a marginally important site like Windows Live. But you have to consider the future of digital identification and network security. Microsoft is just one of the companies trying to establish a simple yet robust certification, identification, and authentication standard. In the not-so-distant future, you will be required to identify yourself in a digital form that can be assured with authority. The only variable at this point is how that will be accomplished.

Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!

About

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.

17 comments
TLCTECH
TLCTECH

You lost me at "An individual using Windows Vista"... Sorry but I am sticking with Windows XP Pro until something better comes along.

theolog
theolog

I don't tend to be an alarmist, but my privacy is more important than having my personal information widely disseminated to the world. Thanks, but no thanks.

jdarling
jdarling

Yeah, the article is categorized as related to XP (an error?) but applies only to Vista. Looks like a nice feature for some Vista users and is valuable information for those. I assume there is no parallel in XP?

dlstaats
dlstaats

Why is this posted under XP when all the instructions are for Vista?

Mark W. Kaelin
Mark W. Kaelin

There are plenty of "solutions" floating around these days regarding digital identification and authentication. While I understand the basics of Windows CardSpace I am having difficult time seeing this technology becoming an adopted standard. How do you see digital identification shaking out? Do you think a certain strategy works better than the rest and therefore has the upper hand? Do we really need a digital identification and authentication system? P.S. I asked this question last year when this How do I originally published, but received very little response. I found that to be very revealing. Has this issue become more important since then?

Mark W. Kaelin
Mark W. Kaelin

As it states in the blog post and in this discussion thread several times, CardSpace is not just for Vista -- it works the same in Windows XP.

jonvesi
jonvesi

We use XP sp3 and have Cardspace on all of them. It's available from Microsoft as a Download app. Once installed, you access it through Control Panel. Basic use instructions are the same as Vista. See the Cardspace home page at MS.

Mark W. Kaelin
Mark W. Kaelin

I apologize for any confusion - I blame the painting being done in the office this week. This blog post was supposed to be supplemental to another Windows XP tip, but yours truly flip flopped them. However, you can use CardSpace in Windows XP - it is a free download from Microsoft.

davidt
davidt

We have only 1 Vista system, everyone else is XP. Do we just copy cardspace.exe over to the XP system32 directory? Will it work? I will try this later if someone hasn't already....

GBot
GBot

Convince me that I should use this instead of KeePass :)

cellerd
cellerd

You answered the question I had. I run a small network, under 200 users and 15 remote sites and vpn's. I will not upgrade to Vista or office 2007. I have neither the time nor resources for training. Thanks.

davidt
davidt

That should have been included in the article, of course, but thank you for clearing it up. I'll be putting it in the script for distribution.

Mark W. Kaelin
Mark W. Kaelin

This is purely an informational tip. In fact, what I would really like is for you to explain why KeePass is better. That way readers can make up their own mind.

apatterson
apatterson

I agree with Bruce, this issue of identity management is so important and yet so misunderstood. Case & Point: I had one user scan their written signature as a .bmp and then used it as a "digital signature" in any email that she wanted to sign - AGGHHHHH!!!! Yet, to implement a PKI and integrate and into the email digital signature is such daunting task that you don't want to pursue it haphazardly.

bruce
bruce

The problem with digital identification is the security of the source of the ID. I think IBM and others were on to something with fingerprints. Adobe and others have digital ID solutions that appear to be fairly secure, but you have to remember passwords, etc. Somebody needs to make a decision here and get everybody on board. It has to be simple, secure, and easy to remember. Digital ID is going to become more and more important. For instance, you need to sign a contract in Seattle and get it to Raleigh right away. Digital ID will handle that cheaper and easier than UPS Overnight, but how do they know that the ID is OK? Legal matters are being handled over the internet more and more and need secure ID. I'm open to suggestions.

GBot
GBot

Well, maybe I don't get the concept of a card that lets you in to multiple websites. What advantages does that provide over a secure, cross-platform (i.e. more than just Windows) password manager like KeePass? It seems that the only benefit is that it's easier. But easy leads to lazy, which leads to less secure via social engineering hacks. For anyone who's interested in KeePass, check out this article, and decide for yourself. http://lifehacker.com/5042616/five-best- password-managers

Editor's Picks