Hi,
After nearly spending a week to quickly come up with a CardSpace demo, I realized that programming to inter-operate is not a great thing. Apart from broken links and completely non-technical documentation about the standard, I also found thought of some interesting add-ons to the existing windows Identity Selector CardSpace user interface. Coming for a SAML background, I obviously expected CardSpace to offer me Single sign on with logout service.
All investigations till now have not shown me any way in which the UI remembers my credentials for a card, and automatically fills them for me. This basically refers to the user name Password Authentication method. It would be a great addition to CardSpace Identity Selector UI to help me single sign on with cards that I select for different relying parties.
However, even if the feature is implemented, there could be a slight complication. The technical specifications do not indicate the way One Time Passwords (OTPs) to be used. The suggestion is to use them like the user name password profiles, substituting the password with the OTP. If the UI now starts remembering the passwords, the OTPs would definitely fail. Hence, I would love to see a "cache-password" attribute added if one does not already exists.
About the Logout service, I think that SAML 2.0 has taken a great leap by introducing the idea of global logout. WS-Federation followed the suite, but when I encountered, the entire feature is missing. I am still reading the documents again to ascertain if the logout endpoint and the use case are really missing.
To summarize, though Card Space provides a great UI for authentication (more like a password protection module ? ), I would love if they could singly sign me in, and globally log me out like the good old SAML 2.0 days.
For reference, here is the thread of cardpsace.