EU Identity project turns its back on Information Card
The EU Commission funded project STORK announced during its second Industry Group Meeting, that they have decided on SAML 2.0 as protocol for its technical architecture.
The STORK project is the primary pilot project assigned by the EU commission to test cross border electronic identification between citizens and electronic services across Europe.
The first Industry Group Meeting resulted in feedback suggesting that the proposed architecture have potential vulnerabilities with respect to man in the middle attacks.
The combination of the solution to this problem and the selection of SAML 2.0 as the protocol of choice effectively prevents the use of the Information Card technology developed by the Industry during the past years. The reason for this is that the Information Card model, which also use SAML assertions, uses WS-Trust as its primary exchange protocol instead of pure SAML.
Information Card was originally proposed and developed by Microsoft as Windows CardSpace but is now base for an industry wide effort to develop clients (selectors) as well as infrastructure component. The Higgins project is for example an open source project for development of Information Card components http://www.eclipse.org/higgins/, which provides code base for selectors like DigitalMe from the Bandit Project. The Industrywide effort to develop Information Card technology is supported by the Information Card Foundation.
The rationale of the STORK project to select an architecture that excludes, or at least makes it harder to use Information Card is claimed to be that pure SAML is closer to current deployment in member states with respect to deployed infrastructure. It is therefore more important to make minimal impact on current national ID projects rather than enabling new technology provided by the industry.
This message was a source of clearly expressed disappointment from present Industry Group members.
The STORK project is the primary pilot project assigned by the EU commission to test cross border electronic identification between citizens and electronic services across Europe.
The first Industry Group Meeting resulted in feedback suggesting that the proposed architecture have potential vulnerabilities with respect to man in the middle attacks.
The combination of the solution to this problem and the selection of SAML 2.0 as the protocol of choice effectively prevents the use of the Information Card technology developed by the Industry during the past years. The reason for this is that the Information Card model, which also use SAML assertions, uses WS-Trust as its primary exchange protocol instead of pure SAML.
Information Card was originally proposed and developed by Microsoft as Windows CardSpace but is now base for an industry wide effort to develop clients (selectors) as well as infrastructure component. The Higgins project is for example an open source project for development of Information Card components http://www.eclipse.org/higgins/, which provides code base for selectors like DigitalMe from the Bandit Project. The Industrywide effort to develop Information Card technology is supported by the Information Card Foundation.
The rationale of the STORK project to select an architecture that excludes, or at least makes it harder to use Information Card is claimed to be that pure SAML is closer to current deployment in member states with respect to deployed infrastructure. It is therefore more important to make minimal impact on current national ID projects rather than enabling new technology provided by the industry.
This message was a source of clearly expressed disappointment from present Industry Group members.