Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.

Abstract: A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.

Abstract: A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: When a user connects a pluggable card store to a machine, the machine plugs a pluggable card provider into a card provider registry. The pluggable card store can be an object portable to the user, or can be a remote store available via some connection, such as an FTP connection. The user can then use the information cards stored on the pluggable card store in a transaction.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: A system and method for dynamic rendering of information cards is provided. A card selector uses policies and rendering content to modify the presentation of information cards in the card selector. The policies and rendering content can be obtained from identity providers and relying parties. The rendering content can be obtained each time the card selector is invoked, just prior to rendering the information cards, or at other times specified in the policy. The rendering content can be displayed in a display area of the information card or in a content canvas outside the display area of the information card.

Abstract: A system and method for managing information cards using workflows is provided. A workflow manager in a card selector allows the user to initiate cardflows in the card selector. The workflow manager is extensible and programmable so that additional user-defined or industry-defined cardflows can be added to the workflow manager.

Abstract: A computer system accesses metadata about an information card. The metadata can be stored locally or remotely (for example, at an identity provider). A metadata engine can be used to generate data to be provided to the user from the metadata: this data can take any desired form, such as an advertisement, a state of the user's account, or a policy update, among other possibilities.

Abstract: A computer system accesses reputation information about a relying party. The reputation information can be stored locally or remotely (for example, at an identity provider or reputation service). A reputation information engine can be used to provide the reputation information to the user. The user can then use the reputation information in performing a transaction with the relying party.

Abstract: A user desires to select information about himself. The system uses policies applicable to the display of the user's information and metadata about the user and the information to determine modified presentations of the user's information. The modified information can include visual and non-visual cues (such as aural, olfactory, or tactile). The system then displays the modified information, presenting the user with the visual and non-visual cues about the information.

Abstract: A user engages in a transaction with a relying party through a computer system. The relying party requests identity information from the user using HTML extensions. The computer system includes a web browser having browser extensions. The HTML extensions cause the web browser to call a card selector invoker. The card selector invoker invokes a card selector to provide a security token. The card selector invoker extracts identity information from the security token and provides the identity information to the web browser. The computer system then returns the identity information to the relying party.

Abstract: When a user connects a pluggable card store to a machine, the machine plugs a pluggable card provider into a card provider registry. The pluggable card store can be an object portable to the user, or can be a remote store available via some connection, such as an FTP connection. The user can then use the information cards stored on the pluggable card store in a transaction.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit.