Windows Cardspace是新一代的统一身份验证解决方案。它与微软之前的Passport是有相似之处,但也有不同之处的。这篇博客简要地对其进行介绍
1. 运行机制
- Vista和Win 7自动具有该功能。XP需要安装SP3才有。
- 隔离的进程(Session隔离)
- 背景其实是一个图片,灰色的,不会有任何变化(包括时钟),用一个图片只是为了减少用户的疑虑。
- infocard.exe(wcs引擎),icardagt.exe(代理程序)——它们之间通讯
2. 标识提供着(identity provider)
- 负责验证身份信息的一方
3. 个人卡和托管卡
- 个人卡其实是存储在本地的,它的信息是有限的(是规定的那么几项),个人卡其实是自己充当验证提供者。
- <Drive>:\Users\<username>\AppData\Local\Microsoft\CardSpace\CardSpace.db on Windows Vista.
<Drive>:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\
CardSpace\CardSpace.db on Windows XP and Windows Server 2003 - 托管卡则是存在在特定的第三方提供商处的。它的信息不存在本地
- 本质上,它们是一样的。只是信息提供方不一样。
4. 个人卡的信息
Given Name = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";
Email Address = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
Surname = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname";
Street Address = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress";
Locality = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality";
State/Province = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince";
Postal Code = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode";
Country = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country";
Home Phone = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone";
Other Phone = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone";
Mobile Phone = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone";
Date of Birth = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth";
Gender = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender";
PPID = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier";