Superpat postet here that there is now a new opensso extension that enables opensso to be an information card relying party. Patrick Petit (pictured) who wrote this extension uses the xmldap library to process the xmltoken. Great. Note to self: be carefull when changing the xmldap codebase. Don't break this opensso extension. Another (simpler) SUN access manager login module is described here . I am glad that Patrick improved my demo-grade login module to opensso quality. Thanks you.

I wrote an entry on Tuesday about CardSpace as a Password Manager . Kim responded with a request : "I’d like to hear Pat’s ideas about the user experience of bootstrapping the passwords into the Identity Provider." . Well, I see this happening at the relying party (RP) - if you already had an account there you would go to some 'change password' page containing the information card 'script' to invoke the identity selector and proceed as I detailed in the earlier post . When the identity provider (IP/STS)

You might have noticed the exchange between Ben and Kim over the past day or two... Ben made a point that CardSpace makes OpenID redundant - why not just send a password to the RP? Kim jumped all over him - somewhat misinterpreting what Ben later describes as one of my most diabolical hungover bits of prose ever . Ben goes on to clarify that maybe CardSpace can have a role in helping the user manage passwords; Kim says "Hmm... Food for thought" (okay, I'm paraphrasing); Ben admits he didn't explain