Information Cards V2
10 views
Skip to first unread message
Anders Rundgren
Nov 18, 2012, 4:40:17 AM11/18/12
to icf-m...@googlegroups.com, Kim Cameron Personal
Hi "Information Card Lovers"
It was indeed sad that Microsoft shelved this project because the core idea was actually very good.
In the meantime I have continued to work on the scheme I wrote about several years ago (I don't represent a mega-corporation so unfortunately things doesn't run at warp-speed here):
http://webpki.org/papers/keygen2/sks-keygen2-exec-level-presentation.pdf
http://openkeystore.googlecode.com/svn/trunk/resources/docs/sks-api-arch.pdf
The SKS/KeyGen2 scheme is now running in Android (albeit in a proof-of-concept mode because a platform-level implementation would be fairly ridiculous without Google's blessing):
http://code.google.com/p/openkeystore/source/browse/trunk/webpkisuite-4-android
The whole concept was from the very beginning meant to be powering Information Cards as well.
However, I won't build on the original information card definition because it can't be integrated in mobile browsers without introducing native support for "Object" which nobody (today) think is a workable idea.
In addition, I will remove things that became redundant by using SKS/KeyGen2 like:
- Different key options. X.509 certificates covers all needs
- Card images. SKS already have icons associated to keys
- Encrypted assertions. This seems to be slightly over the top for most usages so I dropped it to simplify deployment
- Complex IdP requests. SSL client-cert-auth is a more logical choice when you standardize on X.509
My hope to have this running 1Q next year.
A major advantage over previous Information Cards schemes is that enrollment of (managed) information cards now is a part of a generic credentialling architecture which means that an enterprise can mix and match between PKI, OTP and information Cards V2 using a single issuing service.
Anders
It was indeed sad that Microsoft shelved this project because the core idea was actually very good.
In the meantime I have continued to work on the scheme I wrote about several years ago (I don't represent a mega-corporation so unfortunately things doesn't run at warp-speed here):
http://webpki.org/papers/keygen2/sks-keygen2-exec-level-presentation.pdf
http://openkeystore.googlecode.com/svn/trunk/resources/docs/sks-api-arch.pdf
The SKS/KeyGen2 scheme is now running in Android (albeit in a proof-of-concept mode because a platform-level implementation would be fairly ridiculous without Google's blessing):
http://code.google.com/p/openkeystore/source/browse/trunk/webpkisuite-4-android
The whole concept was from the very beginning meant to be powering Information Cards as well.
However, I won't build on the original information card definition because it can't be integrated in mobile browsers without introducing native support for "Object" which nobody (today) think is a workable idea.
In addition, I will remove things that became redundant by using SKS/KeyGen2 like:
- Different key options. X.509 certificates covers all needs
- Card images. SKS already have icons associated to keys
- Encrypted assertions. This seems to be slightly over the top for most usages so I dropped it to simplify deployment
- Complex IdP requests. SSL client-cert-auth is a more logical choice when you standardize on X.509
My hope to have this running 1Q next year.
A major advantage over previous Information Cards schemes is that enrollment of (managed) information cards now is a part of a generic credentialling architecture which means that an enterprise can mix and match between PKI, OTP and information Cards V2 using a single issuing service.
Anders
Reply all
Reply to author
Forward
0 new messages