the post I’ve made at the conclusion of the Otto project<\/A>, I can’t go in any details of the architecture here (beyond the obvious facts that you can figure out on your own). I will just walk you through the user experience, obfuscating the personal identifiable details. Also, take into account that you can’t perform the walkthrough yourself unless you are proper user of the application (with all the authentication factors).<\/P>
\n <\/P>
\n
The first step is, of course, landing on the main page.<\/P>
\n
![\"image\"](\"http:\/\/cloudidentity.com\/blog\/wp-content\/uploads\/2007\/10\/image_1.png\")
<\/P>
\n
Clicking on Login brings to this screen, where the user is prompted to insert his\/her hard token.<\/P>
\n
![\"image\"](\"http:\/\/cloudidentity.com\/blog\/wp-content\/uploads\/2007\/10\/image_3.png\")
<\/P>
\n
Pressing OK leads to the familiar Identity Selector:<\/P>
\n
![\"image\"](\"http:\/\/cloudidentity.com\/blog\/wp-content\/uploads\/2007\/10\/image_caf295ef-0b41-41ba-ac2a-4efa8b7b97db.png\")
<\/P>
\n
Selecting the card and clicking on retrieve starts the STS invocation; the user is prompted for the passphrase associated to the hard token.<\/P>
\n
![\"image\"](\"http:\/\/cloudidentity.com\/blog\/wp-content\/uploads\/2007\/10\/image_d462691a-a18e-4bc0-9603-41970b7be5e5.png\")
<\/P>
\n
..and we are in! After the strong authentication phase, the user can now access a number of high value services.<\/P>
\n
![\"image\"](\"http:\/\/cloudidentity.com\/blog\/wp-content\/uploads\/2007\/10\/image_604d94df-961c-4c3c-a09c-61aed0c20437.png\")
<\/P>
\n
<\/P>
\n
That’s it! The use of the application in itself after the authentication is out of scope for my blog so I won’t go further, however rest assured that it is really beautiful & functional at the same time.<\/P>
\n
I would like to stress even further the great value that CardSpace brings to this project. <\/P>
\n
Health care data are, perhaps even more than finance, among the most private data we own. Add to this that Singapore is one of the most security conscious countries I’ve ever visited: the level of knowledge of computer security matters among citizens, from the cab driver to the executive, never ceases to amaze me. For a security geek like me it’s paradise :-). it’s no surprise that in such an environment highly sophisticated initiatives like the N-factors DORIS hard token arise; it’s also no surprise that one would want to leverage that level of authentication for accessing high value data such as health care records.
CardSpace is the perfect mean of seamlessly blending the usage of DORIS, an already existing hard token, in the user experience of the application. The card provides a very handy metaphor for users of all levels of computer literacy; the software necessary for taking advantage of the cryptographic capabilities of the hard token is already in CardSpace itself (apart from the CSP); and the adherence to the identity metasystem roles ensures correct flow of the information and opens the door for future participation to the wider ecosystem.<\/P>
\n
For the time being I won’t go further, but there still a lot to be said on this project. Again congratulations to CGH, to Microsoft Singapore, to NCS and to RT!<\/P>
\n
Let me close with the same sentence I used in a similar post, some months ago:<\/P>
\n
Kim, here’s some energy for fueling the Identity Big Bang. How about that? \ud83d\ude42<\/EM>
\n V.<\/EM><\/P><\/p>\n","protected":false},"excerpt":{"rendered":"In short: few hours ago there was the launch of the a pilot for the web portal myhealth.sg, a platform for allowing individuals to manage information about health, fitness, nutrition and so on. For the time being, the pilot will be limited to a restricted number of users. Linda was there and sent me…<\/p>\n","protected":false},"author":1,"featured_media":1486,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[61,39,9,86,93,46,55],"tags":[],"class_list":["post-636","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-architecture-ws","category-cardspace","category-identity","category-infocard","category-ria","category-silverlight","category-windows-cardspace"],"_links":{"self":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/comments?post=636"}],"version-history":[{"count":0,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/636\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media\/1486"}],"wp:attachment":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media?parent=636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/categories?post=636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/tags?post=636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"image\"](\"http:\/\/cloudidentity.com\/blog\/wp-content\/uploads\/2007\/10\/image_4a83fe80-9ebb-41b7-87fe-a715891d805a.png\")
<\/P>