The History of Tomorrow’s Internet: Identity (iCards, pt 3)

It’s been over a week since I last posted for a number of reasons, but one of them is because in this post I wanted to explain how it feels for a regular person to use Cardspace. This poses a few challenges as we’ve used Macs exclusively in my work with angel investors at  Angelsoft since we began three years ago, and I’ve had a Mac at home for nearly as long. Little did I know this was only the beginning of my struggles.Now let me preface this post by saying that I’ve never been a big participant in the Mac vs. PC war. I ran a NetOps business back in the Web 1.0 days, and we managed high-volume Windows, Unix, and Linux environments successfully. More importantly, as someone who’s business it is to build great software, I KNOW how hard good UI is. Believe me, I work with a GREAT product team and we try REALLY hard to make intuitive software and we fail EVERY day. Having said that, this post isn’t going to paint a real pretty picture.My story begins in what I used to think of as my office. I USED to think of it as such because now my 5 month old rules the room, and I work out on the kitchen counter. I still keep my PC in the office though, so in between naps I sneaked back to play with Cardspace. The first thing you will note if you are one of the many people with a slightly older PC still running XP and IE 6.x is that you don’t HAVE Cardspace. In order to get Cardspace, you need to download IE 7.x and the .NET Framework 3.0 Runtime Components. has a nice sandbox that will walk you through this process [Note: They link to the 3.0 .Net Framework, but 3.5 has been released and may have some UI improvements]. I hadn’t installed anything on Windows for years, but boy did this bring back memories–total download and install time: 1 hour, 15 minutes.Okay… now that you HAVE Cardspace, it’s time to create an iCard. An iCard is a visual representation of identity data. Cardspace has two kinds of iCards: Managed and Personal. A Managed card is issued to you by someone else (what I call a “Claim Provider”) who supposedly has “official” data about you, like the fact that you have a certain credit limit or are a citizen of a particular country. Since none of these exist, I decided to create a Personal card. To do this, I went to my Control Panel and opened up Cardspace.This is where I experienced the first slightly annoying thing about Cardspace. When you open Cardspace, for whatever reason, it takes over your entire computer. What do I mean by this? Your entire computer screen is dimmed except for the Cardspace light box and no keys function outside of Cardspace. Why was this annoying? Because I wanted to take screenshots! Nothing works for this. PrintScreen is disabled [Note: Mike Jones pointed out this is in fact NOT true. While all SCREEN elements are frozen, and PrintScreen APPEARS to do nothing, it actually does copy the screen–damnit!]. I had even gone to the trouble to install a better screenshot capture plugin–also disabled. I resorted to the 1970s solution of taking photos of what I was doing and they sucked so bad, I couldn’t use them. Fortunately, the Window’s geniuses at figured out how to get screenshots, so I’m using them. So let’s create our first Personal iCard!Cardspace CreateNow as you can probably tell from the screenshot above this is actually what pops up when you try to use an iCard using Cardspace. They guys at Nethacker had already created one, but you’ll see essentially the same screen the first time, but with just the “Add” feature. Annoying UI feature 2: Click on the “Add a Card” icon and you will NOT be taken to an iCard creation screen. Instead the button at the bottom of the screen changes to “Add Card”. Click that, and then you’re taken to the iCard creation screen.Card create dialogOnce you get there, you will note the second shocker when it comes to Cardspace. The Personal card, which you can create, is limited to your most basic contact information. You CANNOT even add a picture of yourself (the upload pic dialog is for the image that YOU see to identify the card). There is no ability to add additional fields, so you are limited to your name, address, email address, phone numbers, and URL. This is pretty disappointing because I can think of all sorts of self-issued cards you might want to create, but apparently that’s not part of Cardspace.Alright, so anytime you touch Cardspace it locks the rest of your windows, the creation process is a little clunky, and you have no choice as to what kind of data to add–once it’s created though, it must be a pleasure to use right? To test this, I decided not to tax my new iCard too much and just use it to leave a comment on a blog. To do this, I chose Mike Jones’ cool blog, Self Issued, since I knew I’d seen the Cardspace login logo on it. After navigating to the blog, I easily identified the Cardspace login logo. When I clickd on it, I was taken to this screen (note I can use screenshots here because I haven’t entered Cardspace land yet):picture-4.pngSo this looks promising. I see Mike’s using the Pamela Project, which is a very cool project to help sites become relying parties for any kind of iCard (not just Cardspace). The natural thing felt like to click the Cardspace logo again, but when I hovered over it, my cursor failed to turn into a hand. The buttons at the top were hot, but those didn’t seem like something I wanted to click on. The words “Use your Card Now”, though equally tempting, also failed to register as hot. After about 20 seconds I decided to click on the icon even though it gave every indication of being dead–Bingo!Cardspace CreateOnce I clicked on the Cardspace logo, I saw my newly created iCard (note, the borrowed screenshots again, since my computer is now frozen). It actually looked a little different on my screen as it noted the site wasn’t verified as a bank or financial institution and also showed me Mike’s SSL cert. I was a little surprised about this, as most people have no idea what an SSL cert is and the primary purpose of Cardspace is to fullfill the UI requirements of the Laws of Identity. Regardless, I then chose my new personal iCard and selected “Send”.cardspace2_005.jpgInstead of sending my card and getting down to the business of commenting, I got the following screen (or actually one that looked basically the same). Apparently if you haven’t sent your iCard to THAT site before, even if you select to send it, you will be taken to preview. This is probably a good security feature, but annoying nonetheless (why even give me the option?). If I’ve created my personal card and KNOW what it contains, why do I have to preview it EVERY time I send it to a new site? Imagine every time you pay for something on a new site using your new Visa iCard. When you click send you will be required to look at all the information–I KNOW what’s on the credit card iCard, that’s the point.picture-1.pngReady to post? Not yet. Since my iCard is self-issued, Mike’s site (yes, the site is called ironically enough) doesn’t trust me and has now decided that I need to verify my email address. This is obviously a little annoying, but it brings up a good use-case for the first Claim Provider–one that has verified my email address, home address, and phone numbers, so I NEVER have to respond to an email or text message like this again.picture-2.pngAfter I got the email and clicked on the verification link in it, I was taken to the screen above. I don’t really know what it means, but I figured I should probably click on the (still dead-appearing) Cardspace icon again and it might let me post.picture-3.pngThe screen above signaled that my journey might finally be over. I clicked on the “Go to Blog” link and I was logged in and ready to post. The posting went very smoothly and my name and URL showed up as I would have expected. A comment well-earned!So what’s the final analysis? Well, as I stated in the beginning, the purpose of this post isn’t to bash Microsoft or Cardspace. Like I said, I build software and when I actually see a normal person use it for the first time, I’m inevitably embarrassed at how difficult it is. Software is hard and Cardspace is brand new. Nonetheless, this does show how far the technology has to go before Mom and Dad are going to be using it. Usernames and Passwords are UBIQUITOUS. We’ve been trained on the visual metaphors for at least a decade. Replacing that with ANY other paradigm is going to rough. To have any chance of success, the Cardspace workflow will need to be much improved.

Be Sociable, Share!
  • drstarcat

    Btw… Mike pointed out that Kim Cameron has a number of Cardspace videos on his Identity Blog.

  • Pamela

    I couldn’t agree more, we have a HUGE amount of work to do on the user ceremony around card use.

    I in fact had a session at last December’s IIW to ask people what they *want* to see when they come to a relying party. I’m almost at a place where I can show some improvement based on people’s suggestions. Almost…

    Cheers :)


  • drstarcat

    I’ll look forward to seeing the new workflow. Will it be ready for IIW this spring? Either way, I’ve got a couple of posts on Higgins I want to do and then I was planning on writing about your project. I’ll be in touch.

  • Pingback: Mike Jones: self-issued » The History of Tomorrow’s Internet

  • Mike Jones

    I wrote a piece extolling the virtues of the “History of Tomorrow’s Internet” series at Thanks for writing it.

    One thing I’d be curious about though. A number of the problems you had in getting through the first-time user experience (buttons not doing what you expected them to do, unexpected extra UI steps required, etc.) were actually already addressed in the .NET Framework 3.5 release of CardSpace. I’d be curious to have you download the current version and make a follow-up post detailing what improvements you saw and what remained the same. See for a link to the download site.

  • Pingback: Cardspace Community Bloggers

  • drstarcat

    Hmm… I had no idea that 3.5 was available. How cool is it to have some fixes released BEFORE I even publish the review? I’ve made note in the post that 3.5 is available and I’ll try to do a follow up on it as soon as I have some time to update.

  • Kim Cameron

    Yeah, a bunch of things already fixed, a bunch in progress, a bunch still to do.

    Seems like you are mixing a few issues, though. Your mom and dad probably wouldn’t do a print screen (and if they did, they’d probably just use the print screen key, and it would work!).

    Mom and dad wouldn’t feel the outrage you do about having their attention focussed while selecting a card, either.

    I personally think there’s an advantage to system modal when the decision to establish a relationship is being made. It does cause you to pause and think. You should have the option to turn this behavior off.

    Certainly sytem modal is not justifiable when visiting a site with whom you ALREADY have a relationship, since you are not in danger at that time. In this sense the current version goes too far.

    Distinguishing between initial relationship establishment and repeat visits is a key goal of the technology and helps prevent phishing (since fake site always appears to be a new site within CardSpace).

    I agree with everyone this is a v1 product and we are need to get to v3.

    But one thing to keep in mind, please: we chose to release this technology very early in the cycle so everyone in the industry could participate in the evolution of the overall technology components and produce COMPETITIVE PRODUCTS. Does it really make sense to complain that we released it early in the cycle?

    FYI, to make a video, do a remote desktop connection from one machine to the other, and run the video capture software on the machine from which you initiate the connection.

    Good to see you writing about these issues – all the best!


  • Pingback: Oh for crying out loud « The view from my window

  • Pingback: Oh for crying out loud « The view from my window

  • Pingback: Becoming an RP with the Pamela Project (pt. 2) |

  • lacoste polo

    I'd be curious to have you download the current version and make a
    follow-up post detailing what improvements you saw and what remained the

  • polo ralph lauren online shop

    Amazingly awesome list. I have been giving it some rep on twitter as well as some floats! Cheers,