Cardspace apace

[Dave Birch] It’s been a while since Microsoft’s Cardspace first began to obtain reasonable media attention, and it’s certainly true that it now figures on the potential technology roadmap in many corporate strategies, but it doesn’t yet seem to have crossed the chasm, so to speak. Early business model ideas — such as the scenario in which cardspace-style authentication would reduce fraud rates so that credit card issuers would be able to offer merchants a discount for using — haven’t yet materialised. Yet momentum does seem to be building (see, for example, the ACI presentation from Digital ID World) and I’m sure that some banks will become experimenting or piloting soon — but perhaps they are right to be cautious.

Technorati Tags: cardspace, identity, security

Are banks just being slow to get on board or are they just reflecting a conservative realism about what might be achieved here. Since consumers’ PCs are a cesspit of trojans, viruses and worms, then how great is the Cardspace advantage? My Cardspace credentials are highly reliable only if my system is highly secure. If my system has been compromised, then the situation just looks worse for me when people start accusing me of misdeeds that were carried out in my name if the bank (in this case) is able to turn round and say “sorry, you did transfer that money, we know that because you used Cardpsace to log in.” This is not a complaint about Cardspace, but a plea for hardware-based authentication in the Cardspace framework. And since the only tamper-resistant hardware that most people have is their SIM, it also flags up a business opportunity for someone to integrate handset authentication into Cardspace. This line of thinking seems to suggest that it may not be worth banks doing much about Cardspace until they can get the hardware into the loop in some way.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]