Authors: Vittorio Bertocci, Garrett Serack, and Caleb Baker
Publisher: Addison Wesley Professional (www.informit.com/aw)
Published: December 2007
ISBN-10: 0-321-49684-1
ISBN-13: 978-0-321-49684-3
Format: Soft cover, 384 pages
Price: $44.99
Protecting Digital Identities
Protecting people's identities whilst they're online has now become a major challenge for the IT profession. More people than ever before are now regularly using the Web, with the number of users continuing to grow exponentially on a daily basis. But not only have the number of users grown, those users too are now frequently going online to perform a diverse set of monetary transactions, ranging from managing their bank accounts and paying bills through to investing in shares and exchanging highly confidential financial information. Accompanying those changes in Web usage, there has unfortunately been a steady increase too in criminal activities, such as phishing, that are resulting in individuals' digital identities being compromised. To wrestle back control, the Windows CardSpace technology has been developed with the sole purpose of putting users back in full control of their identities.
According to the new book, "Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities", Windows CardSpace is "an expression of the new user-centered approach to identity management." This new approach, as outlined in the opening pages of the book, is "poised to solve many different problems of diverse natures: there are technological considerations, such as offering better authentication mechanisms than passwords; usability considerations, such as guaranteeing that the user has a clear understanding of what is going on; and even social-science considerations about how we can effectively leverage trust relationships and make obvious to the common user the identity of the web site being visited."
In the foreword to the book, Kim Cameron, Chief Architect of Identity, Microsoft, explains that the "Internet was built without any way of knowing who you are connecting to. This is now universally recognized as an architectural flaw." In reality, the situation is as "nonsensical as a house without a door or plumbing." The crux of the problem, as correctly pointed out by Cameron, is the "missing identity layer of the Internet."
"Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities" is about finding ways to rectify that technological shortcoming. By the way, when you get the opportunity, it is worth your time taking a look at Cameron's "Identity" Weblog (www.identityblog.com).
The introductory section of that blog explains that the content of the blog is about "building a multi-centered system of digital identity that its users control. All kinds of things pass themselves off as “digital identity”, so I want to start by pruning enough trees that we can see a forest." Vittorio Bertocci, Garrett Serack, and Caleb Baker, the three authors of "Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities", have extensive experience with both identity management and CardSpace. For instance, Bertocci is actively involved in creating business and enterprise solutions based on technologies such as Identity and Access Management, Windows CardSpace, Windows Communication Foundation, and Windows Workflow Foundation, while Serack sums up his professional role as helping to "build digital identity frameworks, tools, and standards that are shaping the future of Internet commerce and strengthening the fight against fraud."
For the last half dozen or so years, Baker has been working at Microsoft and is currently a member of the Microsoft Federated Identity team – the team that built CardSpace. "Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities" is one of the books in the "Independent Technology Guides" series. The purpose of the books in the "Independent Technology Guides" series is to provide a "big picture" of emerging technologies, with the emphasis in each of the books being two fold. Firstly, to explain where a particular technology should be slotted into a company's or organization's IT strategy; and secondly, how the technology actually carries out its role. Most importantly too, the books have been written to live up to the title of the series and be "vendor independent." At the time of writing this review, there were a total of five books in the series, with the book being reviewed here being the latest one published in the series. More information about the series can be found at http://www.informit.com/imprint/series_detail.aspx?st=61417.
The content of "Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities" has been divided into three major parts. The first of these parts sets the context on which the remainder of the book is based. It is here that the concept of user-centered identity management is introduced and discussed from different perspectives.
You can also read about the seven laws (principles) of identity. The importance of these laws is that an identity management system must comply with them before the system can be deemed "viable." Coming to terms with user-centered identity management is crucial because it is the model on which Windows CardSpace itself is based. But even people who have no prior knowledge or experience with the technology underpinning Windows CardSpace will quickly feel at ease reading the two chapters that make up this opening part of the book.
In the second part of the book, the actual technology is put under the spotlight and is thoroughly dissected, investigated, and discussed. This part of the book has been written for developers wanting to gain "first hand" experience of working with, and deploying, the technology. For example, the chapter that focuses on CardSpace implementation covers topics such as using CardSpace in the browser; CardSpace and Windows Communication Foundation; and CardSpace without Web services.
And the next chapter, the fifth in the book, provides the details of a common use of the technology. Such as enabling Personal Cards on an ASP.NET Web site.
The third, and final part, of the book, deals with design and business considerations, from a practical perspective, that are associated with creating solutions based on Windows CardSpace. This part of the book is comprised of a couple of chapters, with one dedicated to a discussion about identity consumers while the other chapter looks at identity providers. After reading these two chapters, you will have been exposed to the common misconceptions about becoming an identity provider, or using one, as well as have a clear understanding of what an identity provider should offer.
Summing up, the sorts of professionals, who are most likely to benefit from the information contained in this book, cover a wide spectrum. They include key decision makers in their companies and organizations, IT managers, business managers, system architects, administrators, analysts, project managers, security personnel, and developers. For example, managers reading the book will quickly get a feel for a specific technology without getting bogged down in the technical details, while more "hands-on" staff can use the book to implement technical solutions in regard to Windows CardSpace.
To get a feel for the style of the book for yourself, I recommend that you read the sample chapter that is available online on the site of the book's publisher, Addison Wesley Professional (www.informit.com/aw). The chapter in question is the second chapter from the book titled "Hints toward a solution", and it is there that you can read what the "ideal authentication system" would supposedly look like.
In closing, it is important to acknowledge that the field of digital identity management is much more complex than it may at first seem. Examples of just a couple of technological areas that need to be considered include network security and cryptography. Of course, one of the most complicated aspects of digital identity management is understanding the role that users play, or in other words, how humans interact with, and behave towards, the technologies specifically designed to protect digital identities. And it is because of all this complexity that a book such as "Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities" needed to be written.
The book's three authors, Bertocci, Serack, and Baker, firmly believe that "user-centered identity management has the potential to change for the better how everybody uses the Internet." They are also of the opinion that the "best way of reaping its benefits is to develop a deep understanding of the approach, complemented by hands-on knowledge of supporting technologies such as Windows CardSpace." Like them, I believe too, that by reading their book, you will not only gain invaluable insights into user-centered identity management, but also about what needs to be done within your company or organization in order to implement a practical solution based on that type of technology.