Tremendous innovation has occurred recently in developing systems to give individuals more control over how their personal identity information is distributed and used, particularly in a digital context. For example, Microsoft Corporation of Redmond, Wash., among others, has propagated a system sometimes referred to as the Information Card Selector—Microsoft's instantiation being referred to as Windows CardSpace. In a Windows CardSpace system, a principal obtains one or more digital identity representations, sometimes referred to as information cards. When the principal attempts to access a resource (a “relying party”) that requires a set of claims made about the principal, the principal employs a digital identity representation (hereafter called a “DIR”) to initiate communication with an identity provider that can assert those claims. In some cases, the identity provider may be controlled by a principal and run on the principal's own machine. In others it may be controlled by a third party. The identity provider returns an “identity token” that includes the required claims information.
Little attention has been directed, however, towards the creation and provisioning of DIRs. Currently, administrators of digital identity systems are forced to craft DIRs manually. For example, an administrator may manually use a software utility, such as an XML generator, to craft a DIR and save it to a particular location. The administrator might then send the principal a pointer to the DIR, and the principal would then go retrieve the DIR. This system is ad hoc, subject to errors and security vulnerabilities, and labor intensive for an administrator.