Programming Books C Java PHP Python Learn more Browse Programming Books
Understanding Windows CardSpace and over one million other books are available for Amazon Kindle. Learn more
  • List Price: $49.99
  • Save: $14.33 (29%)
Only 1 left in stock.
Ships from and sold by
Gift-wrap available.
+ $3.99 shipping
Used: Very Good | Details
Sold by Value Promenade
Condition: Used: Very Good
Comment: Very good overall with light to moderate wear; No dust jacket;
Access codes and supplements are not guaranteed with used items.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities Paperback – January 6, 2008

ISBN-13: 978-0321496843 ISBN-10: 0321496841 Edition: 1st

Buy New
Price: $35.66
13 New from $1.94 21 Used from $0.01
Amazon Price New from Used from
"Please retry"
"Please retry"
$1.94 $0.01
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Shop the new
New! Introducing the, a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 384 pages
  • Publisher: Addison-Wesley Professional; 1 edition (January 6, 2008)
  • Language: English
  • ISBN-10: 0321496841
  • ISBN-13: 978-0321496843
  • Product Dimensions: 7 x 0.9 x 9.1 inches
  • Shipping Weight: 1.2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.2 out of 5 stars  See all reviews (5 customer reviews)
  • Amazon Best Sellers Rank: #4,222,194 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Vittorio Bertocci is an Architect Evangelist in the service of Windows Server Evangelism for Microsoft. He is based in Redmond, Washington. He works with Fortune 100 and major G100 enterprises worldwide, helping them to stay ahead of the curve and take advantage of the latest unreleased technologies. In the past two years, he helped many customers all around the world to design and develop solutions based on technologies such as Identity and Access Management, Windows CardSpace, Windows Communication Foundation, and Windows Workflow Foundation. He frequently serves as a speaker at international conferences such as IDWorld, Gartner Summit, TechEd, and the like. His blog, located at, focuses on identity and distributed systems architecture; it is periodically translated into Chinese at


Vittorio has more than 13 years of experience in the software industry. He worked in the fields of computational geometry, scientific visualization, usability, business data, and industrial applications and has published articles in international academic industry journals. Vittorio joined Microsoft Italy in 2001 in Consulting Services. Before falling hopelessly in love with identity, he worked with Web Services and Services Orientation from its very inception, becoming a reference and a trusted advisor for key industry players nationwide and at the European level. In October 2005, he answered the call of Microsoft headquarters and moved to Redmond, where he lives with his wife, Iwona. Vittorio holds a Master’s degree in Computer Science from the Universita’ di Genova, Italy.


Garrett Serack worked as an independent software development consultant in Calgary, Canada, for 15 years, with clients in fields such as government, telecom, petroleum, and railways. Joining Microsoft in the fall of 2005 as the Community Program Manager of the Federated Identity team, Garrett has worked with the companies and the Open Source community to build digital identity frameworks, tools, and standards that are shaping the future of Internet commerce and strengthening the fight against fraud. In the summer of 2007, he transitioned to be the Community Lead in the Open Source Software Labs at Microsoft.


Garrett lives in Bothell, Washington, with his fantastic wife, Brandie, and their two amazing daughters Tea and Indyanna. Catch up on CardSpace and begin to learn more about Microsoft Open Source efforts on his blog at


Caleb Baker has been at Microsoft for the past seven years and is part of the Federated Identity team. In addition to building CardSpace, the team is working on the other pieces needed to build the Identity Metasystem. Caleb has been on the CardSpace product team since 2004 (InfoCard at the time). Since the first release of CardSpace, he has continued to work on future CardSpace products as well as various Identity Metasystem interoperability projects.


Before working on CardSpace, Caleb gained experience in the identity and security space by working on Active Directory and the Active Directory Migration Tool (ADMT). Caleb is a Seattle-area native, having graduated from the University of Washington with a degree in Physics and Political Science and has also earned a Master’s degree in Computer Science.

Excerpt. © Reprinted by permission. All rights reserved.



In the past few years, identity has finally been receiving the attention it deservers.

With rampaging phishing and widespread cybercrime as the forcing functions, the industry as a whole is reacting with a concerted effort to understand what the best practices are and is getting there fast. We had the privilege of being among the first people concretely working on one of the key efforts of the identity renaissance: Windows CardSpace.

Windows CardSpace is an expression of the new user-centered approach to identity management. The new approach is poised to solve many different problems of diverse natures: There are technological considerations, such as offering better authentication mechanisms than passwords; usability considerations, such as guaranteeing that the user has a clear understanding of what is going on; and even social-science considerations about how we can effectively leverage trust relationships and make obvious to the common user the identity of the website being visited.

That is the reason why explaining Windows CardSpace in just a few words is so challenging. Depending on your background and your role, you will be interested in a different angle of the story. We experienced this fact countless times in the past two years: with customers and partners, at conferences, with the press, with colleagues from other groups, and even with spouses, trying to explain what was that super important thing that kept us in the office until late.

We believe that user-centered identity management has the potential to change for the better how everybody uses the Internet. We also believe that the best way of reaping its benefits is to develop a deep understanding of the approach, complemented by hands-on knowledge of supporting technologies such as Windows CardSpace. The book you are holding in your hands has the goal of helping you to gain such insights.

We live in exciting times. The entire industry is moving toward a common solution, with a true spirit of collaboration and strong will to do the right thing. The discussion is open to anybody who wants to participate. We hope that you will join us!

Book Structure, Content, and Audiences

Windows CardSpace is part of a comprehensive solution, the Identity Metasystem, which tries to provide a solution to many security-related bad practices and widespread problems. CardSpace is also a very flexible technology that can be successfully leveraged to address a wide range of different scenarios and business needs. Finally, Windows CardSpace enables new scenarios and radically new ways of dealing with known problems. Given the sheer breadth of the areas it touches, it comes as no surprise that people of all positions and backgrounds are interested in knowing more about it.

To address so many different aspects and such a diverse audience, we divided the book into three parts.

Part I: Setting the Context

The first part of this book introduces you to user-centered identity management, the model on which Windows CardSpace is based. This part lays the foundation for understanding the context in which CardSpace is meant to operate and the problems it has been designed to overcome. Architects, analysts, and even strictly nontechnical folks will get the most from this part. There are practically no assumptions of prior knowledge; the text introduces the necessary concepts and technologies as needed. Note that in the first part CardSpace is barely mentioned, because the focus is on the underlying models and considerations that are purely platform agnostic.

Chapter 1, "The Problem," explores the problems with identity management today. It explores how authentication technologies evolved to the current practices, showing the historical reasons for current widespread problems. The chapter introduces basic concepts such as Internet protocols, types of attacks, introductory cryptography, authentication technologies, and so on.

Chapter 2, "Hints Toward a Solution," presents the current thinking about what the ideal authentication system would look like. The seven laws of identity are described in great depth. The Identity Metasystem is introduced, and its compliance with the identity laws is explained in detail. This chapter also provides a basic introduction to advanced web services and highlights how the abstract concepts in the Identity Metasystem map to concrete features in the web services set of specifications.

By the end of Part I, you will have a comprehensive view of the situation: what the problems are we are wrestling with, why they are here, and how the Identity Metasystem can solve them. You will also understand the role of Windows CardSpace in the big picture.

Part II: The Technology

Part II focuses on Windows CardSpace from a technological standpoint. It describes the technology, the elements and artifacts it entails, the operations and development practices, and the most common usage scenarios. This part is for the developer or whoever wants to have hands-on experience with Windows CardSpace.

Chapter 3, "Windows CardSpace," introduces the technology. This includes the user experience, Information Cards and the different card types, the private desktop, and the canonical usage scenario.

Chapter 4, "CardSpace Implementation," describes the usage of CardSpace in the most common scenarios. From the HTML integration syntax to token manipulation, going though federation, integration with web services and CardSpace invocation via native APIs, this chapter covers all the basic development tasks.

Chapter 5, "Guidance for a Relying Party," presents a detailed example of a common scenario: enabling Personal Cards on an ASP.NET website.

Part III: Practical Considerations

The last part of this book is devoted to design and business considerations that come in handy when architecting a solution based on Windows CardSpace (or on user-centered identity management technologies in general). The chapters in this part will prove useful for architects and project managers. Business decision makers and IT managers will probably be interested in some of these considerations, too. Hints for developers are spread throughout the text.

Chapter 6, "Identity Consumers," presents some thoughts about deciding to be or to use an identity provider. It also looks at things from the viewpoint of being a relying party: for example, the main effects on your business and operations of accepting identities in form of tokens and from third parties, and the opportunities you want to take advantage of and the caveats you want to avoid.

Chapter 7, "Identity Providers," lists some considerations to keep in mind when becoming an identity provider.


This book follows the conventions of the Independent Technology Guides series. Analysis sections appear in boxed sidebars and give you added perspective on the issues and technologies being discussed. Also, margin notes are included throughout the chapters summarizing or pointing out the most important points.

More About the Author

Vittorio Bertocci is a Senior Architect Evangelist in DPE and a key member of the extended engineering team that produces Microsoft's claims-based platform components (e.g. Windows Identity Foundation, ADFS 2.0). He is responsible for identity evangelism for the .NET developers community and drove initiatives such as the Identity Developer Training Kit and the IdElement show on Channel 9.

He is lead author of Understanding Windows Cardspace (Addison-Wesley, 2008), of the upcoming Programming Windows Identity Foundation (MSPress) and a prominent authority/blogger on Azure, "Geneva" (the code name for Windows Identity Foundation), .NET development, and related topics.

Customer Reviews

4.2 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 5 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

3 of 3 people found the following review helpful By Lynn Langit on March 8, 2008
Format: Paperback
The 'identity problem' is one of the more challenging areas for developers - particularly web developers. The book echoes what I have found when presenting information about CardSpace to developer communities. That is, a larger-than-normal amount of context is needed, prior to delving into the technical implemenation details. The book includes an appropriate amount of technical detail as well.

Even if you are familiar with the scope of the problem, I encourage you to be patient with the first section of the book - it will add to your arsenal of context - which you will find useful when 'explaining' the business reasons for moving toward the CardSpace identity selector and the greater Identity 2.0 space (including Identity Providers and Relying Parties).

The identity problem is important, if you haven't taken a look at CardSpace, this book is very useful start for you. The book also gives useful context arount the greater Identity 2.0 space.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 6 people found the following review helpful By Vince Lombardi on March 10, 2008
Format: Paperback
I am sick and tired of collecting passwords for each website I register: a password manager is making my life easier but deep inside myself I was wondering how long we have to live with the current system.
Then I got to know about this effort about building an identity meta-system started by Kim Cameron; the topic is not easy so that is why I followed Kim's suggestion and I bought this book. It is great! I now understand more and I'm just hoping that more Companies would start implementing this new technology on their systems (especially websites).
The book if full of technical details but also very easy to understand: do yourself a favor by not skipping the first "historical" part which explains why are we "here" and what are now the options.
Highly recommended.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback
This book, though is a decent introduction to the concepts of cardspace, fails to give a technical peek inside of cardspace implementation.
There is so much text devoted to reason why WS-* are the right tools for the requirements - but, the book fails to explain how cardspace itself uses them.
Chpater 4 - Cardspace implementation - covers just one leg - token validation. Where is the discussion of how a .crd is actually obtained, how the login credentials are sent to IP, how is the token actually given to cardspace, how is the metadata exchange used, etc.?
More specifically, the book must have covered how each of the legs of communication in Figure 2-7 maps to a cardspace implementation.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback
CardSpace is an interesting offering from Microsoft that improves on their earlier, much unlamented Passport. Essentially a refactoring of user information. So that instead of a website asking for it and keeping it, especially where this is the (username, password), it can seek out an authoritative site on the Internet that has what information about the user is relevant. There's more to CardSpace. But one gist is to minimise the effort by users to maintain username and password across many websites.

Another motivator is to reduce the danger of phishing. In part by letting a user detect if a website is pretending to be a good website which she has visited before. This is done through her having several Cards, and having earlier chosen a particular Card to use at that good website. A fake website [pharm] simply won't have this information, and the lack of it can be a telltale warning to her.

Indeed, phishing appears in many parts of the text. A driving force in explaining why we should adopt CardSpace.

Unfortunately, efficacy is limited. Much phishing consists of emails, with links to pharms controlled by the phisher. Nothing in CardSpace attacks those emails directly, giving the recipient or her email provider a lightweight and objective means of detecting phishing messages and deleting or disabling them. Absolutely zero discussion of this in the text.

Nor does CardSpace attack another type of phishing. Instead of the message pretending to be from a bank at which you already have an acount, it asks you to submit an application to open an account at a bank. Or to apply for a credit card, say. In these cases, the pharm is not pretending to be a place you've been to before. So you don't have any Card history usage there.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 4 people found the following review helpful By Francis Shanahan on March 26, 2008
Format: Paperback
The Foreword is by Identity luminary Kim Cameron and if I'm keeping it real, rather than describe the book's contents, I wish he'd shared more thoughts around the problem space, the approach to the solution and the roadmap BEYOND cardspace.

The book itself is an easy read. Not a tome by an means. Easy to pickup as a reference or to sit with and read chapter by chapter.

It succeeds at describing Identity Federation from a conceptual level as well as from a technical level (as it pertains to Cardspace). It even addresses some of the less obvious issues such as the notion of auditing and non-auditing IdPs.

Be warned, this book focuses on Cardspace fairly exclusively. There isn't a lot on interoperability here between things like OpenID and Cardspace for example. That's a topic for another book and could not easily be incorporated without devoting a lot of pages to OpenID.

The technical section is navigated through use cases that tackle things from an end-user experience as well as from the developer angle. This is effective as often it's hard to understand one without the other. At every point the reasoning behind the solution is presented also. This worked well.

For me personally, I wish they'd spent a little more time on things like GetToken() although using this directly will likely not be of interest to 90% of folks out there.

Unique to books of this type is a section devoted to Practical Considerations. Why one would want to setup an IdP or simply play the role of Identity Consumer for example. In today's environment the business value of establishing yourself as an IdP is questionable and I was glad to see this point addressed head on.

Vittorio, Garrett and Caleb have done an terrific job of describing and grounding one of the most compelling and abstract problems faced by the internet today. This an excellent book and for many will serve as a one-stop-shop for all your Cardspace questions.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again