RSA 2007: Apache-hosted applications can now use Windows CardSpace Information Cards

Ping Identity Corporation today announced the immediate availability of an open source module that allows Apache-hosted applications to use Windows CardSpace Information Cards for authentication. The Apache Authentication Module for CardSpace can be downloaded from , the open source federated identity management site sponsored by Ping Identity.

The Apache Authentication Module for CardSpace allows applications using an Apache Web server to use Information Cards as an additional authentication mechanism. It allows LAMP-based Web applications written in Perl or PHP to act as CardSpace relying parties (RP) by means of simple configuration. The module is responsible for decrypting the token submitted by the CardSpace identity selector, retrieving the claims and making the claims available for the application’s use.

“This is an amazing new piece in the identity puzzle,” said Kim Cameron, Chief Architect for Identity and Access, Microsoft Corporation. “Now the benefits from Information Cards and Windows CardSpace can be extended to the full group of Apache users to enable increased security against phishing attacks.”

“Kim Cameron and Microsoft have done a fantastic job at identifying and tackling some of the toughest security issues surrounding Internet identity,” said Andre Durand, CEO, Ping Identity. “Today’s announcement is the first of several we will be making about adding Windows CardSpace and Information Card support to our product line.”

Share this