[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [higgins-dev] cardId syntax
|
Paul,
Actually, I was just using the auth part as justification for why
"<contextId> / <subjectId> " isn't unique enough. Suspect it should be
something like "<contextId>/<subjectId>/<uuid>" or "
<contextId>/<subjectId>/<stsid>/<sequence>"
As Jim points out the CardID also needs to be unique to a CardStore - you
cannot create multiple card with same id - so something needs to create
uniqueness for multiple card from different STS over same context/subject.
Thanks,
Mike
higgins-dev-bounces@xxxxxxxxxxx wrote on 03/08/2007 02:02:02 AM:
> Here at EclipseCon I got a few minutes to chat with Mike McIntosh. It
> prompted this email.
>
> Proposal: For Higgins CardSpace-compatible i-cards we set the "cardId"
field
> (see 'getCardId()' in [1]) to the string value:
>
> <contextId> / <subjectId> / <auth>
>
> E.g.
>
> http://example.com/HR-dept/ptrevithick/UNPW
>
> Where:
> <auth> is either "UNPW", or "Personal", or "Kerberos" or "X509"
>
> The four auth values are the four allowed auth methods MSFT defined to
> authenticate to a card. "Personal" means using a Personal i-card.
>
> Why append the <auth> value? Because: (a) every cardId must be unique to
a
> provider/TS and (b) a person might want to use 1<N<5 different auth
methods
> for the same data set (i.e. the same subject within the same context)
and
> (c) MSFT doesn't support N>1 auth methods for a single card.
>
> -Paul
>
> [1] http://wiki.eclipse.org/index.php/I-Card_Interfaces#ICard_Interface
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
