Business FAQ
Note: For user-related questions, please see our user FAQ. For technical questions, please see our technical FAQ.
Q: How much work is it to become a relying party and accept Ionformation Cards?
A: There are several shortcuts. If you use one of the CMS platforms covered in our Relying Party Solutions, you can plug in Information Card support in a few hours. Alternately, almost any website can add Information Card support usiing a cloud service provider - see Relying Party Solutions for details.
Q: Are there shortcuts to issuing Information Cards too?
A: Yes. Again, one of the very easiest options is to use a cloud service provider - with this option you can literally start issuing Information Cards in less than an hour. See Identity Provider Solutions for more details.
Q: How well do Information Cards really work with cloud services?
A: Several of the featured card projects on this site, including some demonstrated at RSA Security 2009, use cloud services to either issue or accept Information Cards or both. The Azigo selector has a hosted card store, and the Equifax Over-18 I-Card is powered by the hosted Azigo CardPress service.
Q: Can I (as a potential relying party) use Information Cards in conjunction with my existing username/password login or is this an all or nothing choice?
A: You can use both access methods at the same time, so that your customers that have Information Cards can use them, while your customers that don't can still login the traditional (albeit the harder and less secure) way. This also provides a clean path for your customers to migrate up to using an Information Card selector.
Q: What level of assurance do Information Cards provide?
A: Current belief is that the Equifax Over 18 card is capable of being certified at NIST level 2. Information Cards are also compatible with providing NIST level 3, and with a selector interface to an appropriate card reader, NIST level 4 assurance should also be possible.
Q: Is there a standard for Information Cards?
A: Yes. The Identity Metasystem Interoperability (IMI) Technical Committee at OASIS is the home of the standards for Information Cards. The Information Card Foundation and its Working Groups also help create additional interoperability specifications and documentation. In addition the ICF and its members participate in regular public interoperability events.
Q: Does an Information Cards protect a user from phishing?
A: Yes. First, an Information Card selector automatically checks the URL (and if applicable the SSL certificate) of any website that asks you for an Information Card. Your selector also warns you the first time you submit an Information Card to a site. So it is very hard to fool you into giving an Information Card to a phishing site. And even if a phishing site DOES trick you into giving them one of your Information Cards, each card is specially encrypted for the receiving site. So the card does not give them anything they can use to impersonate you at another legitimate site. That's how deeply phishing protection is built into Information Card technology.