When a Managed Card is used, the user must authenticate to the identity provider (IP), in order to get a token. The choices of authentication type are username/password, Kerberos, X509 certificate or a Self-Issued card. Each authentication type offers its own advantages and disadvantages. · Usernames and passwords are easy to deploy, and users are familiar with them, but because they employ shared secrets they are also subject to social engineering attacks. · Kerberos is great if your users are at

A useful, yet sparsely documented feature of Windows CardSpace is its support for resource side Security Token Services (STSs) – STSs that are used by relying parties rather than Identity Providers. Vittorio has done an excellent job helping to provide detail on this subject , and I highly recommend people interested in understanding more about what resource STSs are and why they are useful, read his post. In this post I want to fill out some of the technical details. That said, I'll start