|
Information Cards (also known as i-cards or InfoCards) are the digital equivalent to physical identification documents such as driver licenses, bank cards and loyalty cards.
Information Cards can contain a varied range of details on users, such as their name, job, hobbies, gym membership number, address, age range, credit limit or any other attribute you can think of. The cards can be one of two types, depending on who provides the values of these attributes. They can be:
- Personal cards: the user provides the information.
- Managed cards: a trusted third-party (or Identity Provider) registers the information on the user adhering to a defined procedure that guarantees to the service provider (or Relying Party) that all the user data is true.
In user-authentication processes, it is the service provider that decides what type of Information Card is to be used depending on the level of trust required of the user data.
The user experience is based on managing the Information Cards in the graphical interface of a Card Selector; i.e., users manage the visual references of each of the digital identities registered with the different Identity Providers. When users want to use one of their identities to identify themselves during an online interaction, they simply select the identity they want by clicking on the Information Card for that identity (1). The Card Selector then requests that the Identity Provider's Security Token Service for the Information Card selected (2, 3) issues a Security Token containing the requested identity data (4, 5 and 6).
Information Cards are used for:
- Authenticating users in web applications and portals.
- Authorizing using a small number of attributes (e.g., age, without having to know the user's name).
- Filling out forms using the information returned from the Identity Provider.
Safelayer's Interidy Identity Provider demonstration application can be used to generate managed Information Cards.
Read more on Interidy Identity Provider. |
