A trio of computer security researchers say they’ve successfully compromised Microsoft’s CardSpace, a technology intended to strengthen the security of personal information on the Internet.
CardSpace ships with the Windows Vista operating system. It works in concert with a browser when someone uses a Web site that asks for information such as an address or a credit card number. That personal information can be stored on the user’s computer or with a third-party identity provider.
CardSpace keeps a set of virtual ID cards on the user’s computer. When a Web site asks for information, the user picks one of the cards. “Self-issued” cards store identity information on a user’s PC, while “managed” cards are stored by an identity provider.