An infrastructure that enables different Internet identity systems to work with a consistent user interface. The identity metasystem was designed to prevent identity theft, provide a secure authentication framework and also give users control over the data they share. It eliminates the myriad usernames and passwords for each user and replaces the browser password manager with a more secure system.
The identity metasystem was first developed by Microsoft and was embodied in the now-defunct CardSpace system (see Windows CardSpace
). Higgins was an earlier identity metasystem that was compatible with CardSpace (see Higgins project
). See identity management
Just as a driver's license and credit card serve as multiple forms of ID, the identity metasystem supports multiple authenticators. The user confirms which ones should be used.
The Wallet Metaphor - M-Cards and P-Cards
Organizations issue and store the data of managed cards (m-cards), such as credit cards and IDs. Self-issued personal cards (p-cards) hold the data typed into a registration form. A person can have multiple p-cards, with one card having more data than another. P-cards are stored in the user's computer along with the transaction history for both information cards. See Windows CardSpace
, Higgins project
, Web services protocols
and Identity 2.0
The Authentication Process
A compliant website is a relying party (RP) because it relies on an identity provider (IdP). When a user visits an RP, the site states its ID requirements, and the user's card selector highlights the likely cards. The user confirms the selection, and a request is sent to the IdP, which sends back a signed token the user can inspect and accept. With p-cards, the card selector functions as the IdP and sends a secure token to the RP.