The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Java Community News
An Introduction to CardSpace Authentication in Java

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Frank Sommers

Posts: 2642
Nickname: fsommers
Registered: Jan, 2002

An Introduction to CardSpace Authentication in Java Posted: Apr 19, 2007 4:16 PM
Reply to this message Reply
Summary
Originally introduced by Microsoft, CardSpace is a new authentication technology aimed to make it easier to share user identities across administrative domains. A recent Sun Developer Network article describes how to integrate CardSpace with Java applications.
Advertisement

Almost every enterprise application includes some sort of user authentication: Privileged operations, such as posting on an online forum, requires users to create a user account and then authenticate themselves prior to performing the privileged action.

Many authentication systems rely on users supplying a user name and password, a solution that not only requires users to remember their passwords for each site they frequent, but one whose security is tied to users' ability to safeguard their passwords.

OpenID, Liberty, and most recently CardSpace, also known as InfoCard, are but the latest attempts to solve this problem. In each system, some form of user identity is shared between sites requiring authentication. Users moving from one site to another, or even from their local machines to a Web site, don't have to login anew, but can instead re-use their existing login sessions.

Martin Gee's recent Sun Developer Network article, Securing Site Access With CardSpace and OpenSSO: An Overview, shows how to integrate CardSpace authentication into Java applications, using the open-source java.net project, cardspaceauthn:

A major benefit of InfoCard is that it can store and supply common attributes, known as claims, such as email and shipping addresses. Typically, claims are nonsensitive data that enables CardSpace-aware sites to transact services according to the InfoCard values. As part of the card selection process, Web sites that support InfoCards can mandate that users specify their claims...

In CardSpace's CardSelector, a virtual wallet [is] filled with cards that users create or that are issued to them through trusted sites. Upon arriving at a CardSpace-aware site, a user is prompted by the CardSelector to choose the appropriate InfoCard that reflects his or her relationship—customer, employee, and such—with the entity.

Gee explains in the article that some InfoCards are self-generated, and are likely issued by a business, while others are managed by trusted identity providers that can vouche for a user's identify.

Which of the increasing number of shared authentication system do you plan to support in your Java applications?

Topic: JadeLiquid Releases WebRenderer, a Swing-Based Mozilla HTML Client Previous Topic   Next Topic Topic: Restlet 1.0 Released
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use