CardSpace (formerly known as InfoCard) is a digital identity management system that has recently been adopted by Microsoft. In\r\nthis paper we identify two security shortcomings in CardSpace that could lead to a serious privacy violation. The first is its reliance\r\non user judgements of the trustworthiness of service providers, and the second is its reliance on a single layer of authentication.\r\nWe also propose a modification designed to address both flaws. The proposed approach is compatible with the currently deployed\r\nCardSpace identity metasystem and should enhance the privacy of the system whilst involving only minor changes to the current\r\nCardSpace framework.We also provide a security and performance analysis of the proposal.
Loading....