Slowly but surely more website are starting to support CardSpace. I’ve recently blogged about using Cardspace in conjunction with an OpenID from MyOpenID.com to log on to http://dev.aol.com/. Just the other day I discovered that that my hosting provider has started a beta program allowing me to sign on to my website’s control panel using CardSpace. Never one to shy away from a beta program I gave it a swirl.

After logging in to the website using my regular username/password I proceeded to my account page. Here a new button has been added ‘Bind card to account’, after clicking the button the CardSpace cardselector on my Vista machine opened up and I was allowed to select a card. Press OK and all was good. Time for a little test. Log out of the website. Then go back to the logon page and now instead of using my username/password I can use my CardSpace card to logon. And sure enough it worked!

Next came the real test. Since I also have DiscountASP hosting the website for our user group (Maine Developer Network) I tried to logon to this account using my CardSpace card. While doing so I discovered that this did not work. I could not bind the same card to two different accounts. I had to dive in a little deeper, but soon discovered this not to be a limitation of CardSpace, but rather, the website does not support multiple accounts to one card.
The way to solve this would be to implement an account selector which would become available after logging using the CardSpace card. The same would be true if DiscountASP would support OpenID. Then one ID would have to be attached to multiple accounts.

Moral of the story: We’re a long way away from the ‘one ID to rule them all’. There is more to it than replacing your username/password validation with an OpenID or CardSpace control. You will have to reconsider the relationship between user accounts and your customer.