The cardId field is only used for display purposes (to differentiate a card from others), right?
Is it possible to have two cards, issued by different issuers (thus probably with two different token service endpoints), that have identical contextID, subjectId, auth triples? I don't see why not.
Jim
>>> "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx> 3/8/07 12:02 AM >>>
Here at EclipseCon I got a few minutes to chat with Mike McIntosh. It
prompted this email.
Proposal: For Higgins CardSpace-compatible i-cards we set the "cardId" field
(see 'getCardId()' in [1]) to the string value:
<contextId> / <subjectId> / <auth>
E.g.
http://example.com/HR-dept/ptrevithick/UNPW
Where:
<auth> is either "UNPW", or "Personal", or "Kerberos" or "X509"
The four auth values are the four allowed auth methods MSFT defined to
authenticate to a card. "Personal" means using a Personal i-card.
Why append the <auth> value? Because: (a) every cardId must be unique to a
provider/TS and (b) a person might want to use 1<N<5 different auth methods
for the same data set (i.e. the same subject within the same context) and
(c) MSFT doesn't support N>1 auth methods for a single card.
-Paul
[1]
http://wiki.eclipse.org/index.php/I-Card_Interfaces#ICard_Interface
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev