OpenID, Facebook Connect, and the Neglected CardSpace

As a developer of GroupServer, which shares many features with
social networking systems, the release of

caught my eye when it caused a buzz on
This follows on from the noise whenever a major
player — such as
— announces an OpenID
Unfortunately, I have more reasons to dislike Facebook Connect
than OpenID, and I am not a fan of OpenID.
All is not lost:
from Microsoft is an excellent federated identity and
authentication system, which provides all the gains of OpenID
with few of the drawbacks.

I have three issues with OpenID.
The main issue is with usability: to log into one
site (the service provider) you must go to another site (the
identity provider).
This mapping problem inherent in OpenID is a serious one;
in my experience Remember me confuses many, so I hold out
little hope for those users overcoming the mapping issue without
extensive training.
In addition, OpenID is not very open.
While Google, Yahoo! and MySpace implement OpenID, they only
implement the identity-provider side of the protocol —
locking people into their systems using an open protocol.
Finally, the use of a
url as an
identifier may confuse many, as they are not normally seen as

Facebook Connect is little different to OpenID.
It has a small advantage of using a Facebook ID rather than a
but without the virtue of being an open system.
Just like the OpenID implementations of Google, Yahoo! and
MySpace, Facebook is the only identity provider.

In many ways, Microsoft CardSpace system is very similar to
OpenID, except the identity provider is the
rather than a site.
This gets around the mapping problem, as the user is already
using the browser.
In addition the browser can provide a better user-experience
as it has access to a rich desktop user-interface toolkit, and
can gather existing data from external identity providers
(think LDAP, Active Directory, or even OpenID).
While Facebook and Yahoo! can claim millions of users, the number
must pale in comparison to the number of people who use Windows
and Active Directory.
This gives a far more corporate feel to the entire system:
imagine being able to add the workforce for an entire company to
a site and not have to worry about user data or authentication.
Instead the company can control all the identity and
authentication, as they need to anyway.

For once, Microsoft are being very open about a protocol,

And do not let the Windows put you off, as
DigitalMe Project
has an implementation of CardSpace for
Indeed, I suspect that Microsoft will have trouble locking the
protocol down, as most of the service providers will be on
non-Microsoft platforms, so anyone will be able to write a

One Response to “OpenID, Facebook Connect, and the Neglected CardSpace”

  1. =tc

    Actually, the Information Card protocol is very open – Microsoft is actually opening it up vs. locking it down. Information Cardss are promoted by the Information Card Foundation (, there is a vibrant open-source implementation at the Higgins Project (, a great commercial implementation of the I-Card wallet at Azigo ( and the specification have left the building at Microsoft, and are being ratified by OASIS (

Leave a Reply

You must be logged in to post a comment.