Implementing PassCard - A CardSpace-Based Password Manager

The recently-proposed PassCard scheme enables CardSpace to be used as a password manager, thereby both improving the usability and security of passwords as well as encouraging CardSpace adoption. However, this scheme does not work with websites using HTTPS, seriously limiting its practicality. In this paper the authors extend PassCard to support sites using both HTTP and HTTPS. Usernames and passwords are stored in CardSpace personal cards, and these cards can be used to sign on transparently to corresponding websites. PassCard does not require any changes to login servers, default browser security settings or to the CardSpace identity selector and, in particular, it does not require websites to support CardSpace.

Provided by: University of London Topic: Security Date Added: Dec 2010 Format: PDF

Find By Topic