Playing with CardSpace Geneva Beta

There are two interesting new selector features to play with in the CardSpace Geneva beta.  The first is the idea of the card tile,  where (as I understand it, no guarantees of accuracy here) the browser interacts with the selector to discover, cache, and display the image of the last card you have used at a given RP as part of the context of the Relying Party page (rather than as a separate context).  The Relying Party never sees or can access the image of your card.  This mashup-like user interface is meant to be personalized and more inviting to users.

The second new feature is the “always use this card at this site” checkbox.  If you check this box while authenticating with a card, you will subsequently see your card tile, but after clicking that card tile, the rest of the process happens without further interaction.  Web site operators can veto this convenience if they wish, by adding a new parameter called ‘requireUserInteraction’ to the information card trigger object and setting the value to true.

I think the always use feature really works well in combination with card tiles, as the user retains context without having to push more buttons.  I don’t know how to non-destructively change my mind about always using a given card at a particular site though. I tried restarting the browser, restarting the machine, and clearing “private” data from the browser without effect.  I tried going to the control panel and opening CardSpace directly, but nothing there helps.  Short of deleting & reinstalling the card, one click of that checkbox and I become permanently committed to a silent transaction with the Federated Identity demo website forever more.  I’m sure this lack of choice is temporary (after all this is a beta) – but if possible, I would love to see more on the CardSpace blog about the planned persistence model for this feature, and about what the plans are for letting people manipulate it or even disable it.

When I first heard of card tile feature, I hated it.  Now that I see it in use, I understand the value proposition, but I still have to point out that this little picture represents a critical piece of user context information.  I can’t help but think that to allow the card tile image to be manipulated by the browser is to eventually serve it to the bad guys on a platter.   I hope I’ll be proven wrong.

Other thoughts:

  • Visually, I worry that the card tile feature lacks a strong enough branding consistency for people to easily identify where on a given page the information card trigger form is — if, for example, I happen to use a card which blends into the page, it might be confusing.  Even with the example site,  it isn’t immediately obvious that the picture placed front and center is also intended to be a control.
  • Along that same line, I wonder how much control the web designer has over the size, style, and placement of the card tile.  Is there a standard form factor or is the sky the limit?
  • I hope that a card provider could also have the power to disallow the “always use” feature for certain types of cards.
  • Will there be some kind of maximum limit to how long that little checkbox lasts?
  • Currently the beta card service and RP service appear to be a closed circle – I’m very excited to see the beta get to the point where I can start to play with these features using my own code base.

Check out the blog entry from the CardSpace Team:  http://blogs.msdn.com/card/archive/2008/11/18/the-cardspace-geneva-selection-experience.aspx Mike Jones also blogged on this: http://self-issued.info/?p=94

  • If you play with this beta,  remember YOU NEED TO GET THE CARD FIRST, as it is a managed card, and self-issued cards aren’t part of the beta yet.
  • If you aren’t seeing the card tile, check Mike’s blog entry above for a link that explicitly asks for that feature.
  • When you click on the card link to import the card,  nothing happens; the card installs, but the selector doesn’t open or even give you a popup.  I’m not sure if this is by design, or if the acknowledgement of successful install just hasn’t been put in yet — but I hope it is the latter, because without some kind of feedback, people like me assume that it either didn’t work or that it is still running and that I therefore have to wait.  I only discovered that my work was done when I clicked the link a second time & was asked if I really wanted to install a dupe.

4 thoughts on “Playing with CardSpace Geneva Beta

  1. ditto on the issue about getting confirmation that the card installed. But, for me, even though I get warned about duplicating if I try again, the installed card never shows up when I subsequently try to login …,.

    paul

  2. Hi Pamela,

    Thanks for your insightful feedback. It is always appreciated.

    I’d like to answer your question about how to “opt out” from using the card automatically – right now it is possible to do by clicking on a task link “Clear all card history” in the Control Panel applet.
    This is the “beta” behavior and there is some thinking about how to make it better.

    Also, can you, please, clarify you comment about not seeing a prompt on card import?

    Dan

  3. Hi Dan!

    Card history makes sense as a place to disable – but the delete all threw me, it seemed too broad.

    As for the prompt on card import — I saw multiple prompts – but they were “in the middle” prompts. I saw the big Yellow UAC Allow/Deny screen, I saw a ‘verifying’ screen with a progress bar that I assume meant that the file got to my machine – and then nothing. The second time I clicked the link to get the card, I saw an additional prompt, asking if I really wanted to put InformationCard[1].crd into CardSpace. At this point I actually knew that something had finished.

    I can email you screen shots if you want, as well as more info on the OS I’m using.

Comments are closed.