[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
RE: [higgins-dev] Questions about I-Card Interface
|
Mike wrote:
>
> I think my question is somewhat related to this thread...
>
> I am implementing the Display Token for CardSpace interaction with the
> STS:
>
> "Windows CardSpace is agnostic of specific token types that may be
> requested by a relying party and issued by an identity provider. The token
> returned by an IP/STS may be completely opaque to Windows CardSpace which
> simply provides a conduit. However, to allow informed user consent and
> release, the Information Card model introduces the notion of a display
> token. It is an informational token associated with the actual security
> token that essentially contains a friendly representation of the claims
> carried in the security token. Its friendly content can be displayed to
> the user in user interfaces."
>
> The format is:
>
> <wst:RequestSecurityTokenResponse>
> ...
> <ic:RequestedDisplayToken>
> <ic:DisplayToken xml:lang=?en-us?>
> <ic:DisplayClaim
> Uri=?http://.../ws/2005/05/identity/claims/givenname?>
> <ic:DisplayTag>Given Name</ic:DisplayTag>
> <ic:DisplayValue>John</ic:DisplayValue>
> </ic:DisplayClaim>
> <ic:DisplayClaim
> Uri=?http://.../ws/2005/05/identity/claims/surname?>
> <ic:DisplayTag>Last Name</ic:DisplayTag>
> <ic:DisplayValue>Doe</ic:DisplayValue>
> </ic:DisplayClaim>
> <ic:DisplayToken>
> </ic:RequestedDisplayToken>
> </wst:RequestSecurityTokenResponse>
>
> The current STS is given an RST with the Claim URIs and uses the
> IDigitalSubject to retrieve the associated attribute values:
>
> attribute = digitalSubject.getAttribute(uriAttribute);
>
> However, there is no current way for the STS to get the "friendly"
> DisplayTag value for the DisplayToken. Can we add the following to the
> IAttribute interface?
>
> String getName();
>
Yes, this method should be added.
We've been thinking about this method and how it can be implemented for a
while. I have to catch a plane right now, but I'll respond further about
this in a separate email.
<snip>