[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] cardId syntax
|
higgins-dev-bounces@xxxxxxxxxxx wrote on 03/08/2007 02:45:32 AM:
> The cardId field is only used for display purposes (to differentiate
> a card from others), right?
Wrong, The CardId is sent to the STS in the RST - what the STS does with
it is up to the STS.
Currently, we use the CardId as context id.
> Is it possible to have two cards, issued by different issuers (thus
> probably with two different token service endpoints), that have
> identical contextID, subjectId, auth triples? I don't see why not.
>
> Jim
>
> >>> "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx> 3/8/07 12:02 AM >>>
> Here at EclipseCon I got a few minutes to chat with Mike McIntosh. It
> prompted this email.
>
> Proposal: For Higgins CardSpace-compatible i-cards we set the "cardId"
field
> (see 'getCardId()' in [1]) to the string value:
>
> <contextId> / <subjectId> / <auth>
>
> E.g.
>
> http://example.com/HR-dept/ptrevithick/UNPW
>
> Where:
> <auth> is either "UNPW", or "Personal", or "Kerberos" or "X509"
>
> The four auth values are the four allowed auth methods MSFT defined to
> authenticate to a card. "Personal" means using a Personal i-card.
>
> Why append the <auth> value? Because: (a) every cardId must be unique to
a
> provider/TS and (b) a person might want to use 1<N<5 different auth
methods
> for the same data set (i.e. the same subject within the same context)
and
> (c) MSFT doesn't support N>1 auth methods for a single card.
>
> -Paul
>
> [1] http://wiki.eclipse.org/index.php/I-Card_Interfaces#ICard_Interface
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev