But, now I see Kim Cameron reference a Mike Beach post (or comment?) with the following
This doesn't jibe with what I know (or misunderstand) of Cardspace.
In the privacy space a colleague of my shared an interesting perspective. Most corporations, especially in the B2C space, have considered user/customer identity data to be an asset. Knowledge about their users that could be leveraged for any number of marketing opportunities. With the rising concerns and increasing regulations around privacy this perspective is, or should be, starting to change. This “asset” is now becoming a liability. Data about people (corporate people and consumer people) is always going to be required to do business, but how do we get that while at the same time minimizing liability? Enter the Infocard concept. It would seem we now have a means to establish authoritative data about the user, but give it to the user for safe keeping.(emphasis mine)
My interpretation of Mike's description above is that some TTP asserts (and thereby provide the authoritative identity) but the claim then gets cached by Cardspace for later presentation to a RP (the 'give it to the user for safe keeping'). This scenario would appear to be neither the (what I assume to be the default) flow of identity assertion created (at run time) and sent by the trusted 3rd party IDP to Cardspace for forwarding onto the RP, nor a self-assertion created by the local IDP.
Just when I thought I was understanding .....