aka InfoCard - Microsoft's answer to remembering multiple passwords and other levels of security data. An Identity is represented by an icon representing a (digitally signed) set of claims. These are held in an XML security token called a card (.crd file, encrypted and password-protected) . The cards can be "self-issued" ('add a card') which you can link to an existing account, or they can be uneditable third-party "Authority issued". The card doesn't hold any credentials, only pointers to them - think of a business-card. The cards are stored on the user's PC, and tell it how to contact each Identity provider to get an Identity token each time one is needed (usually initiated by a web-browser) and what it will look like (Kerberos, SAML, X.509, etc), using WS-Security protocols to deliver the different token types. You can export one or more cards from the Cardspace client and then import them into another client, email them or put them onto a USB key or mobile device. Also see MS-Passport.

In a similar manner, IBM's open-source Identity Mixer (Idemix) lets a person use digital encrypted tokens for on-line transactions via a browser plug-in. They are issued by trusted sources (e.g. a bank or government agency) and can "vouch" for a person without disclosing unnecessary personal information (eg birth date, drivers licence, credit-card number). Where card-space uses either self-issued cards or identity-provider tokens that ping an identity provider, Idemix allows a person to maintain their tokens and the identity provider doesn't have to be contacted.

Source: http://identityaccessman.blogspot.com/2006/08/identity-dictionary.html