go ahead and share
Even Microsoft with their design for Information Cards (which are the closest weâ€™ve ever come to full asymmetric key-based security infrastructure) never fully solved that problem.
Is that true?
No. It is not. Drummond, donâ€™t you remember? Kim told us how he solved this problem. It was just never talked about very much.
There is a solution to asymmetric key management that was included with the original release of the Identity Metasystem by Microsoft under the Open Specification Promise (OSP).
Here is how it works. The CardSpace IP included a mechanism for minting a public key pair (asymmetric keys) from a password. This happens at the endpoint, not the server. With this little algorithm, the user can generate their own key pairs. This totally solves the asymmetric key distribution problem.
Further, since it is licensed under the OSP, anybody can use the source with a guaranteed commitment (in writing) that Microsoft will never take legal action to stop its use or require remunerationâ€”forever.
What Kim Cameron did with the Identity Metasystem was brilliant and will be incredibly difficult to reproduce or replace. I shake my head and kick the dirt in disgustâ€”even shameâ€”when I think about how CardSpace fell victim to the petty personal fiefdom wars inside Microsoft.