Written by Vittorio Bertocci, Garrett Serack and Caleb Baker, all of whom were part of the original CardSpace project, Understanding Windows CardSpace is deeply grounded in the theory and technology that came out of it... The presentation begins with a problem statement: 'The Advent of Profitable Digital Crime'. There is a systematic introduction to the full panoply of attack vectors we need to withstand, and the book convincingly explains why we need an in-depth solution, not another band-aid leading to some new vulnerability. For those unskilled in the art, there is an introduction to relevant cryptographic concepts, and an explanation of how both certificates and HTTPS work. These will be helpful to many who would otherwise find parts of the book out of reach. Next comes an intelligent discussion of the Laws of Identity, the multi-centered world and the identity metasystem. The book is laid out to include clever sidebars and commentaries, and becomes progressively more McLuhanesque. On to SOAP and Web Services protocols -- even an introduction to SAML and WS-Trust, always with plenty of diagrams and explanations of the threats. Then we are introduced to the concept of an identity selector and the model of user-centric interaction. Part two deals specifically with CardSpace, starting with walk-throughs, and leading to implementation. This includes 'Guidance for a Relying Party', an in-depth look at the features of CardSpace, and a discussion of using CardSpace in the browser. The authors move on to Using CardSpace for Federation, and explore how CardSpace works with the Windows Communication Foundation. Even here, we're brought back to the issues involved in relying on an Identity Provider, and a discussion of potential business models for various metasystem actors..."

Read the complete book review by Kim Cameron.