Somehow, I was thinking of Windows 7 as being far far away, but apparently it could be here in as little as six months. Now that details of what will ship under which SKU are starting to come out, I am dying to try and get the skinny from the Federated Identity team on whether Windows 7 users will get the old CardSpace bundled with .NET 3.5 sp1, or whether they will in fact get a bright shiny new CardSpace Geneva Selector!
Kim? Mike? Don? Can you give us the scoop?
As an aside, I hear that both fax services and full-image backup will be included in Windows 7 home edition — thank HEAVENS. Whatever dim bulb removed those features from most/all of the the many and oh-so-confusing array of home versions in Vista caused me a WORLD of grief, in my capacity as reluctant amateur PC support for my family & friends.
Photo attribution: http://www.flickr.com/photos/marioraffin
I’ve finally had a chance to use Parity’s Azigo Identity Selector, and I have to say I’m impressed.
Azigo’s biggest differentiating factor is the fact that cards are stored in the cloud — Azigo uses an Adobe AIR front-end to talk to your cloud-based cardstore and submit your cards. Of course it doesn’t look any different to the user, until the user installs azigo on a second computer, and discovers that their cards are ready to go, no importing required.
Here’s what I loved about Azigo:
- Easy, beautiful installation script — Azigo is actually a really complex beast, right now there are several parts that have to be downloaded and configured, but the install script takes care of everything.
- Pretty prettiness — The design is beautiful, it is a joy to see the fonts and colors and rounded spaces.
- BEST PART: there is a simple mechanism to group and organize cards according to function. This is a feature I’ve been dying for for YEARS. I can now finally separate my OSIS interop cards from my PamelaWare Test Cards from my ICF & PamelaWare Admin cards from the cards I’m playing with at various IdPs.
Issues I found with Azigo:
- It takes a bit to initially understand the relationship between Azigo in the browser and Azigo the desktop application. It took only a tiny bit of exploration to get things straight in my mind, but that could be a problem for less adventurous souls. I understand that the desktop application will be going away in the future anyway, so this is a short-term issue.
- There is a checkbox when you send a card to a site that asks if you want to just automatically send that card every time that site asks for a card – but there is no persistence to that checkbox, it defaults to automatic submission every time you use the card. It drives me nuts to have to remember to click that checkbox every time. I’m assured that this checkbox will become persistent in the future.
- I found a few other bugs – which isn’t surprising, it just shows that Azigo will improve as people use the application in situations beyond initial testing parameters. The friendly identifier didn’t correspond to that of the RP, and I had trouble uploading a card image. Both of these have been reproduced now, and are on their way to being fixed.
- As a feature request, I am excited to see what the Azigo folks can do with card audit data. I can’t find any card usage/history data at this point, but hopefully it is coming.
Things I wonder about Azigo
- I worry about the fact that the cardstore itself is protected by a username & password. By putting the cardstore in the cloud, we end up having to protect the protection mechanism, and the one that we can’t use to do that are information cards…
- I wonder if Azigo would license the code to people so that they could run their own cardstores? I think there could be interesting possibilities in the Enterprise for something like this, perhaps you could do something wacky like combining existing privilege management products with Azigo. In that case, a short-term user that you don’t want to provision an account to could get limited access to a cardstore containing an elevated privilege card. This might be useful in the case for a real-life example where a given vendor has a rotating stack of 12 or more auditors, and you wish not to have to provision an account for this revolving door of people, but you want to retain contractual obligations and historical audit.
- Because this service is available anywhere, it would theoretically be a juicy target for remote attack. I would love to eventually see user-configurable additional security features in the case where the cardstore is accessed from new IP addresses or countries, or in the case where some threshold of acceptable authentications were exceeded. I know this is advanced, but I think it would improve confidence in the security of the cardstore.
Overall, I have to say that this selector greatly exceeded my expectations. Not only is the product really polished, but the people behind the product have been really responsive, making sure to address all of the issues I brought up to them. Azigo has really made good on the promise of information cards here. For those who don’t follow this area closely, I suggest keeping your eyes on the parent company, Parity. Parity has always been a leader with respect to mindshare in the area of information cards, but now their products are showing that they are not just up in the ivory tower. They mean business, and they are going to raise the stakes.
Whenever things are this quiet, you can be sure that there is a lot of work going on beneath the surface. Just in case you don’t believe me, check out the latest version of the Bandit DigitalMe Selector: I *love* the yellow band that displays the hostname of the Relying Party you are trying to interact with, it’s a great addition. Nice work Andy!