This post originated from an RSS feed registered with .NET Buzz by Vasanth Dharmaraj. Original Post: Longhorn Identity System Feed Title: Vasanth Dharmaraj's Blogs Feed URL: http://vasanthdharmaraj.com/feed/ Feed Description: my thoughts on dot net, java, linux, formula one, xbox gamming... (my dot net category) Latest .NET Buzz Posts Latest .NET Buzz Posts by Vasanth Dharmaraj Latest Posts From Vasanth Dharmaraj's Blogs

Ok, I just watched Passport get shot in the head and die right in front of me. Let me show you how it happened.

 

With Longhorn you have these things called iCards. They’re like vCards in Outlook. When you install Longhorn, you get an iCard. If you join the domain, the domain provides you with an iCard. However you get it, the iCard identifies you. It contains:

Display Name

Identity claims – things like e-mail address

Disclosed Information – things you want to open up. Phone number, home address.

Certificate – If home machine then it’s self signed (I issue it to myself). If I’m part of AD then it’s issued by a CA within that AD.

Use Policy – What do I want you to do with my information. I’ll give you my home address, but I don’t want you to give it to someone else.

 

So if you want access to a share on my system, you send me your iCard. I then add your iCard to my contact (stored in the OS, not Outlook). That doesn’t give you any rights on my system, it just says I know who you are and if it’s part of your iCard and you make it public, I know where you live.

 

Ok, so now I can make a share and grant you access to it, just like I could grant access to any other user. The cool thing is, you don’t have to be part of my domain. You sent me your iCard, I know who you are, and I can grant you rights.

 

Now, here’s the interesting thing. My system is completely firewalled by default. If anyone does a portscan, they won’t see jack. But, if you do a portscan, you’ll see ports open based on the permissions you’ve been granted.

 

Here’s the real FM. If you want to connect to my share, you use an address like me@3leaf.comshare. That’s right, you connect using an e-mail address which eventually gets resolved into an IP.

 

New scenario: I want to sign up with a web site. I just send them my iCard. I’ve now registered, and they can grant me permissions. That’s what the presenter said anyways. What I heard was a gunshot, and Passport fell over dead. With iCards, why would you ever need Passport?  You wouldn't.

 

There’s just so much of Hailstorm that’s resurfaced with iCards… If you change the address in your iCard, everyone you ever sent that iCard to is notified.

 

You can have your identity information stored up in the “cloud”. This lets you move your identity to other machines outside of your home/work network. You could also persist your identity as a file. This is a lot of what Groove has already.

 

[Sean 'Early' Campbell & Scott 'Adopter' Swigart's Radio Weblog]

Sounds very interesting. With all the talk about security lately, I hope this is properly secured. I don’t want anyone accessing my system with a fake iCard and getting complete access. :-)