Browse by Tags

• .net 3.5
• CardSpace
• http
• https
• ie
• orcas
• SSL

• All the bits to employ CardSpace without an SSL certificate are now available

  Hi, my name is Tariq Sharif and I am a program manager in the CardSpace team. After we released CardSpace V1 we received feedback from hobbyists, early technology adapters and site owners that getting/setting up a SSL certificate is hard and it is not needed for some set of their scenario and that this is blocking them from accepting information cards on their sites. Based on this feedback, the feature team decided to remove this requirement for the .Net Framework 3.5 release. In order to invoke Cardspace from a page that does not have an SSL connection you need two updated components. First you will need to install an updated browser specific extension that will work at an HTTP site . You can download the IE extension from here or if you have IE7 you probably already have it as part of the October security update . Second you will need to install an updated version of Cardspace that does the right thing when a website, the relying party, does not have a certificate. Latest version of Cardspace can be downloaded as part of .Net Framework 3.5 . You can read more technical details about this new functionally here in this post that Ruchi made a couple of weeks ago. Please feel free to drop us any comments on this, as we are always looking for feedback to help us refine this emerging technology. Thanks, Tariq Sharif Program Manager Read More... Posted Friday, October 26, 2007 2:24 AM from CardSpace: Behind The Code | 1 Comments Filed under: CardSpace, .net 3.5, orcas, ie, SSL, https, No SSL

• Deploy CardSpace on your site without a SSL certificate

  CardSpace in .Net Framework 3.0 required that sites deploying CardSpace always have a SSL certificate. This meant that every site that wanted to use CardSpace was forced to deploy an https site. Based on customer feedback, we have decided to relax this requirement for the next release of CardSpace (currently available in .NET Framework 3.5 Beta 2). We realize that there are some sites like blogs which would like to use CardSpace, but consider the SSL requirement to be a deployment blocker. Now, if you have a website that you want to add CardSpace support to, all you need to do is add the object tag to the page and you are done. In addition to requiring .Net Framework 3.5 beta 2 or later, a new version of icardie.dll is required to use this new feature. This will ship with Vista SP1 and an upcoming update to IE7. CardSpace does behave differently for http vs. https sites. When CardSpace is invoked from an http site, CardSpace will inform the user about the lack of an SSL connection and the security implication of this. (Also, note the new streamlined look of this window) In addition, managed card issuers can decide if the card they issued can be used on sites that do not support SSL. This can be done by adding the following element to the .crd file. <wsid:RequireStrongRecipientIdentity xmlns:wsid= ‘http://schemas.xmlsoap.org/ws/2007/01/identity’> If this element is specified then the card can only be used on a site that has a SSL certificate. The card will not ‘light up’ Read More... Posted Monday, September 24, 2007 8:36 PM from CardSpace: Behind The Code | 1 Comments Filed under: SSL, https, No SSL, http