Improving the Security of CardSpace

Free registration required

Executive Summary

CardSpace (formerly known as InfoCard) is a digital identity management system that has recently been adopted by Microsoft. In this paper, the authors identify two security shortcomings in CardSpace that could lead to a serious privacy violation. The first is its reliance on user judgements of the trustworthiness of service providers, and the second is its reliance on a single layer of authentication. They also propose a modification designed to address both flaws. The proposed approach is compatible with the currently deployed CardSpace identity metasystem and should enhance the privacy of the system whilst involving only minor changes to the current CardSpace framework.

  • Format: PDF
  • Size: 761.09 KB