NZ: CardSpace – SAML interop
One of the two new projects that the Microsoft New Zealand Innovation Centre is funding involves integration of Windows CardSpace with SAML 2.0.
The project is to make the Authentication Programme’s all-of-government shared services, called “igovt”, accessible via CardSpace. According to Microsoft, “this technology will enable users to safely provide their digital identity to online services.”
Working on the project will be Microsoft’s Mark Rees together with Kiwi IT firm Datacom over the next four months. Igovt is based on SAML and the Microsoft-funded project will go some way in implementing CardSpace-SAML interoperability.
CardSpace and igovt make a great combination.
CardSpace provides an intuitive and natural user interface for people to manage their identity and authentication to online services. As CardSpace (and other identity selectors) progress towards the tipping point and CardSpace itself gets refined, a new paradigm for accessing secure online services is brewing.
On the other hand, igovt provides people with the option to verify their identity to NZ government agencies, online and in real-time, to a high level of confidence. In addition, igovt lets people use a single logon (password, token, etc.) to access all online government services. All of this with the highest levels of privacy protection.
When people verify their identity, one of the core design principles of igovt is for people to fully understand and view what identity information is being sent to the agency (Service Provider). In addition, active consent is a critical element of privacy protection. Currently this requires a browser re-direct to the igovt website, something that CardSpace will admirably eliminate, without any reduction in user control or privacy protection.