Are banks just being slow to get on board or are they just reflecting a conservative realism about what might be achieved here. Since consumers’ PCs are a cesspit of trojans, viruses and worms, then how great is the Cardspace advantage? My Cardspace credentials are highly reliable only if my system is highly secure. If my system has been compromised, then the situation just looks worse for me when people start accusing me of misdeeds that were carried out in my name if the bank (in this case) is able to turn round and say “sorry, you did transfer that money, we know that because you used Cardpsace to log in.” This is not a complaint about Cardspace, but a plea for hardware-based authentication in the Cardspace framework. And since the only tamper-resistant hardware that most people have is their SIM, it also flags up a business opportunity for someone to integrate handset authentication into Cardspace. This line of thinking seems to suggest that it may not be worth banks doing much about Cardspace until they can get the hardware into the loop in some way.
My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]