Microsoft has set up a new web site for Windows CardSpace. It is geared to the end users and will be useful for people like my parents to help them understand what Windows CardSpace is and why it might be important to them. It doesn't have any technical information (although it does link to several useful sites) so I wouldn't expect it to be some place I visit daily but I hope it will help to grow the number of people who understand the advantages of Windows CardSpace.

Today I logged on to a government web site to fill out some forms. I was expecting this and was happy to see a post card with my customer id and a reminder to go to the web site. I was horrified when I was asked for the customer id or my social security number and my birth date to authenticate me. My social security number is not something that I give out but I am relatively free with my birth date as it seems to be pretty harmless to give out. Of course anyone could read the postcard and have that information. The page that displayed after I authenticated had my social security number, birth date, address, phone numbers including cell phone, and height, weight, hair and eye color. It seems this would be very useful to someone engaging in identity fraud.

I guess I will have to figure out who is the correct person to report the problem to and hope they fix it before I have to fill out the forms next year.

I just had to share this snippet from an e-mail I got.

I am not quite sure how they think that my privacy is assured when they are sending my user name and password in an unencrypted e-mail and anyone who can get it can then log in as me and see everything in my profile. I was especially surprised as the company that sent this is a "reputable survey company" and I signed up with them because they were running a survey for Microsoft and I felt that I had an opinion that should be heard. I am considering opting out of their service since they don't seem to know the implications of their e-mail.

Once again we see a case where username/password for login is not a good idea. On the plus side since I am using a program to store my password the one they sent out is unique to their site so I don't have to worry about someone getting into another account with the information. I am hoping for the day when I can start using my information card to log in to web sites like these so they won't feel the need to send me my user name and password.

I have been doing some looking at Microsoft's BizTalk Services hosted at http://biztalk.net. I was working on some of the sample applications and trying to write my own application last Saturday. I thought I had something working and was going to come back to it later to make sure it worked the way I think. I got the flu and didn't get back to it until tonight. I found that my code was failing with the error "ID3037: The specified request failed.". I tried some of the sample applications and one worked and one got the same error. I logged into the site and was told that the services had been updated. I needed to provide a secret question and answer as well as updating my password. I did that and while I was there I took advantage of the new feature to associate my Windows LiveID with the account. I thought that would have fixed the problem but it did not.

I tried a Live search and then a Google search for the error. I found some interesting entries like for obesity in Canada and women's scarves from Japan but nothing that even remotely looked relevant.

When all else fails I tend to RTFM so I looked at the What's New? page and saw that along with some updated services the SDK was updated on December 17. I guess that explains why some things worked and others didn't. Now I just have to go back through the new samples in the SDK and figure out what I need to change in my code to get it to work.

Oh the joys of working with CTP software :)

For those of you at the Utah .NET User Group last night I want to thank you for letting me come and speak to you. I am always amazed at the good questions I get and the way that people are thinking about using CardSpace. I have sent off the PowerPoint slides and the code to be uploaded on the web site.

I had mentioned that I was doing a series of video presentations on CardSpace. The first one has been posted on the MSDN Security Developer Center. The direct URL to the page hosting the downloads is http://msdn2.microsoft.com/en-us/security/bb968865.aspx. I would love to hear any feedback you might have.