You might have heard about OpenID and Microsoft’s CardSpace. Both provide SSO functionality. I personally believe that OpenID is better because it works the way you want and not the way some third party wants it to work.
Few days back got into a big argument with one of my friends over whether OpenID is better than CardSpace. The outcome of the argument was that CardSpace was better because the Windows CardSpace client validates the consumer requesting the token and selects the identity; whereas in OpenID it the user that would choose which identity will be provided to the consumer.
Today I stumble upon VeriSign’s OpenID SeatBelt Firefox Plugin, it provides Windows CardSpace client like functionality for OpenID. SeatBelt has phishing detection as well. So I showed off SeatBelt to my friend and he was convinced.
To make this post complete why OpenID is better than CardSpace. To start with OpenID is better supported; it works in any operating system or platform not just Windows. Second OpenID is well documented. Third OpenID is decentralized, your machine has nothing much to do with signing in except for the session. Fourth to use OpenID the users do not have to download anything other than the browser it self, if they need protection against phishing they only have to download a tiny(224K) plug in for their browser.
If you think different please add your views to the comments, sorry Blogger doesn’t support CardSpace authentication for comments 😉
For me the fact that OpenID is decentralized and not locked to any vendor is reason enough to pick it over Cardspace.
Sure, there may be faults or more insecure parts (what system is completely secure?) but because it’s an open, documented standard it is more secure than cardspace.
I totally agree with masuran, I just hate vendor locks. +1 for OpenID