Now Supporting CardSpace

I decided it would be fun to integrate Windows CardSpace into my site as an alternative authentication mechanism.  If you're running Windows Vista, or XP/2003 with .NET 3.0 installed, you can log into the site using a self-issued infocard.  (This also includes setting up a WorldMaps account.)

One very cool way CardSpace can be utilized is in the noncorroborative authentication space.  As some of you may know, I require registration on my site to view family pictures and what not.  Much like on many discussion forums on the internet, the authentication is designed to be lightweight.  CardSpace -- and self-issued cards, in particular -- offer a great way to solve this problem.

Integrating it into the site was easy.  One big challenge: CardSpace must be used over SSL.  While normally this is a good idea, let's face it: many forums and similar sites do not use SSL, and nor do they need to.  Hopefully in a future version, we'll see this capability.

As an aside, I also think CardSpace can potentially solve a lot of comment SPAM problems for blogs.  In this case, the site can request the PID of an infocard (referred to as a "claim").  In this way, the infocard doesn't reveal any personal information (not even a name, though, that could be optional instead of having a textbox for the user to type into). 

If the user chooses to send the card, the comment is marked as active and avoids all the SPAM/moderation/false positive schemes.  If the user chooses not to send a card, the standard rules apply.  It would be a simple matter to block certain PIDs, so this may be a good method to stop SPAM without having a full blown authentication scheme.