Web Hosting Articles

  Home arrow Web Hosting Articles arrow Page 2 - What is the Information Card Foundatio...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

What is the Information Card Foundation (ICF)?
By: Brian Sutherland
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 2

    Table of Contents:
  • What is the Information Card Foundation (ICF)?
  • Sound Familiar? Well, Not Exactly...
  • When In Doubt, Farm It Out!
  • Will it Spread?

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    What is the Information Card Foundation (ICF)? - Sound Familiar? Well, Not Exactly...

    (Page 2 of 4 )

    True, major player Microsoft has tried a few times to initiate (in a proprietary manner) this sort of advance into its operating systems. Even very recently, with the release of the Vista operating system, CardSpace emerged as Microsoft's latest digital ID project. Surrounded by initial Vista roll out problems, CardSpace was quickly overshadowed by growing industry disdain towards initial Vista issues. Previous to this, the Passport system from Microsoft employed many of the same concepts, only in a different manner, but with the same limited success. 

    As far back as 2001 Microsoft came under fire, in regard to alleged violations of Section 5 of the FTP act, privacy policy issues and firewall issues. It was charged that XP might disable programs used for security and privacy much like ZoneAlarm and Black Ice. More specifically, Microsoft ran into some problems with its Kids Passport policy that required the collection of what was said to be "more information on children than was determined necessary."

    Despite perhaps being a bit before its time, Passport boasted 40 million consumers harnessing more than 400 authentications per second. Passport opponents cited multiple platform problems, strange behavior with Netscape browsers and persistent cookies without any form of authenticator.

    CardSpace then, previously known as InfoCard, was the next attempt at digital ID cards from Microsoft. It was a much more hardened, "tamper resistant" mechanism designed to resist spoofing. Taking things a step further than Passport, CardSpace was designed as a piece of client software enabling users to provide digital identity to online services in a trusted, simple and secure fashion.

    This client software is known as an "identity selector," allowing the user to choose what information is sent to a requesting web site, while the issuing server is known as an "identity provider," accepting identifiable information being held on the users PC, or third party identity provider. CardSpace allows users to create personal, self-issued ID cards containing 14 fields of information, such as full name, address and phone number. This addition of an "authenticator" is the cornerstone of newer ID advancement, and according to Microsoft, the new solution to protecting sensitive information.

    Set to forge a new market space, picking up where Passport had left off, CardSpace most recently suffered a setback on May 30, 2008, when three researchers from the Horst Grotz Institute for IT security in Germany demonstrated how to intercept the authentication token from CardSpace. Once intercepted, they could use this token as if it were their own, gaining access to site or transmitting sensitive information.

    Now that's not to say the interception wasn't tricky, as said attack revolved around sending a user to a malicious server, modifying the user's DNS settings (a hacker trick called pharming) and then directing the user to said modified server where it's possible to grab CardSpace tokens. But it still left Microsoft with egg on its face, figuratively speaking.

    More Web Hosting Articles Articles
    More By Brian Sutherland


    - Top Wordpress Plugins for SEO
    - Top Drupal Evaluation and Rating Modules
    - Free Network Monitoring Programs for Max Per...
    - E-store Hosting: Free Options for Beginners
    - Dropbox: The Ultimate File-Sharing and Synci...
    - Reviewing the Best Free Web Hosting Sites
    - Businesses Turn to Reseller Web Hosting for ...
    - Multiple Data Center Hosting
    - Web Hosting Goes Green
    - Web Hosting Technology Overview
    - Collaborate: An Examination of Tools for Gro...
    - Social Networking Security
    - Domain Names 101
    - Top Software to Help Manage Your Websites
    - The Evolution of Phishing

    Developer Shed Affiliates


    © 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap