Information Cards

Applies To: Active Directory Federation Services (AD FS) 2.0

Information Cards are a key client-side component of the identity metasystem vision at Microsoft. For this reason, Active Directory Federation Services (AD FS) 2.0 includes an issuance engine for Information Cards that administrators can use to issue cards to employees or customers. For more information about how you can use AD FS 2.0 to issue Information Cards, see Configure the Information Card Issued by AD FS 2.0.

Information Cards, which a claims provider can issue, represent a user's digital identity. Each card is an artifact containing metadata that represents the token issuance relationship between a claims provider and a user. An Information Card provides a user with a visual representation of a digital identity. Users can also obtain a collection of Information Cards from various claims providers.

Each Information Card represents a digital identity that the user can present to a relying party. By selecting a particular card, the user requests a security token with a specific set of claims that a claims provider can issue according to its policy. Every Information Card that a claims provider issues must include the following lists:

  • Claims provider endpoint URLs

    Claims provider endpoint URLs are used for locating the servers that host the policy where the security tokens must be acquired.

  • Supported authentication mechanisms

    Supported authentication mechanisms are necessary for requesting tokens from the appropriate claims provider that is defined in the claims provider endpoint URL value.

Identity selectors

An identity selector is an essential component in the identity metasystem. It is the processing engine that determines which of a user’s Information Cards are capable of meeting a relying party’s requirements. An identity selector also provides a consistent and highly secure user interface (UI) for users to visualize, examine, understand, and select a digital identity for use. The identity selector puts users in control of the use of their identities by applications in various contexts.

Windows CardSpace 2.0 is one example of an identity selector. When the user clicks a particular Information Card, CardSpace 2.0 issues a request, as described earlier, to the claims provider that is associated with that card. The claims provider then returns a security token that is passed to the relying party.