Windows CardSpace(WCS)

Windows Cardspace是新一代的统一身份验证解决方案。它与微软之前的Passport是有相似之处,但也有不同之处的。这篇博客简要地对其进行介绍

1. 运行机制

    • Vista和Win 7自动具有该功能。XP需要安装SP3才有。
    • 隔离的进程(Session隔离)
    • 背景其实是一个图片,灰色的,不会有任何变化(包括时钟),用一个图片只是为了减少用户的疑虑。
    • infocard.exe(wcs引擎),icardagt.exe(代理程序)——它们之间通讯

2. 标识提供着(identity provider)

    • 负责验证身份信息的一方

3. 个人卡和托管卡

    • 个人卡其实是存储在本地的,它的信息是有限的(是规定的那么几项),个人卡其实是自己充当验证提供者。
    • <Drive>:\Users\<username>\AppData\Local\Microsoft\CardSpace\CardSpace.db on Windows Vista.
      <Drive>:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\
      CardSpace\CardSpace.db on Windows XP and Windows Server 2003
    • 托管卡则是存在在特定的第三方提供商处的。它的信息不存在本地
    • 本质上,它们是一样的。只是信息提供方不一样。

4. 个人卡的信息

Given Name = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";
Email Address = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
Surname = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname";
Street Address = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress";
Locality = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality";
State/Province = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince";
Postal Code = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode";
Country = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country";
Home Phone = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone";
Other Phone = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone";
Mobile Phone = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone";
Date of Birth = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth";
Gender = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender";
PPID = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier";

posted @ 2010-02-28 23:37  陈希章  阅读(1228)  评论(0编辑  收藏  举报