Re: [higgins-dev] cardId syntax

[Michael McIntosh <mikemci@xxxxxxxxxx>]

higgins-dev-bounces@xxxxxxxxxxx wrote on 03/08/2007 02:45:32 AM:

> The cardId field is only used for display purposes (to differentiate
> a card from others), right?

Wrong, The CardId is sent to the STS in the RST - what the STS does with 
it is up to the STS.
Currently, we use the CardId as context id.

> Is it possible to have two cards, issued by different issuers (thus 
> probably with two different token service endpoints), that have 
> identical contextID, subjectId, auth triples?  I don't see why not.
> 
> Jim
> 
> >>> "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx> 3/8/07 12:02 AM >>>
> Here at EclipseCon I got a few minutes to chat with Mike McIntosh. It
> prompted this email.
> 
> Proposal: For Higgins CardSpace-compatible i-cards we set the "cardId" 
field
> (see 'getCardId()' in [1]) to the string value: 
> 
>   <contextId> / <subjectId> / <auth>
> 
> E.g. 
> 
>   http://example.com/HR-dept/ptrevithick/UNPW
> 
> Where:
>   <auth> is either "UNPW", or "Personal", or "Kerberos" or "X509"
> 
> The four auth values are the four allowed auth methods MSFT defined to
> authenticate to a card. "Personal" means using a Personal i-card.
> 
> Why append the <auth> value? Because: (a) every cardId must be unique to 
a
> provider/TS and (b) a person might want to use 1<N<5 different auth 
methods
> for the same data set (i.e. the same subject within the same context) 
and
> (c) MSFT doesn't support N>1 auth methods for a single card.
> 
> -Paul
> 
> [1] http://wiki.eclipse.org/index.php/I-Card_Interfaces#ICard_Interface 
> 
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev