Lesson learned: From MS Passport to CardSpace
Interesting July 2006 paper by Martin Goldack of the Horst Gortz Institute for IT-Security, Ruhr University Bochum Germany.
Some years ago, Microsoft has already proposed a technology called .NET Passport to provide more convenient authentication, however, Passport did not proliferate because some protocol flaws were identified and users disliked a centralized authority that stores identitybased information.
This work presents and compares both technologies, and investigates the question whether CardSpace has solved the known shortcomings of Passport and is a promising candidate to introduce a novel paradigm of user authentication.
[via Caspar]