Re: [higgins-dev] cardId syntax

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] cardId syntax

From: "Daniel Sanders" <dsanders@xxxxxxxxxx>
Date: Thu, 08 Mar 2007 09:33:11 -0700
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

If our objective is to ensure uniqueness of the card id, it can be done independent of whether you include <subject id> or <auth> or any other thing (in Wag, we simply append random unique data that the STS can safely ignore - a GUID of sorts). I want to know why it is that <subject ID>, <auth>, etc. need to be in the card ID and why the STS would need to extract them from the card Id as opposed to other places in the RST where they already exist? (see previous e-mail I sent on this thread)

Daniel

>>> Michael McIntosh <mikemci@xxxxxxxxxx> 3/8/2007 9:20 AM >>>
Paul,

Actually, I was just using the auth part as justification for why
"<contextId> / <subjectId> " isn't unique enough. Suspect it should be
something like "<contextId>/<subjectId>/<uuid>" or "
<contextId>/<subjectId>/<stsid>/<sequence>"

As Jim points out the CardID also needs to be unique to a CardStore - you
cannot create multiple card with same id - so something needs to create
uniqueness for multiple card from different STS over same context/subject.

Thanks,
Mike

higgins-dev-bounces@xxxxxxxxxxx wrote on 03/08/2007 02:02:02 AM:

> Here at EclipseCon I got a few minutes to chat with Mike McIntosh. It
> prompted this email.
>
> Proposal: For Higgins CardSpace-compatible i-cards we set the "cardId"
field
> (see 'getCardId()' in [1]) to the string value:
>
>   <contextId> / <subjectId> / <auth>
>
> E.g.
>
>   http://example.com/HR-dept/ptrevithick/UNPW
>
> Where:
>   <auth> is either "UNPW", or "Personal", or "Kerberos" or "X509"
>
> The four auth values are the four allowed auth methods MSFT defined to
> authenticate to a card. "Personal" means using a Personal i-card.
>
> Why append the <auth> value? Because: (a) every cardId must be unique to
a
> provider/TS and (b) a person might want to use 1<N<5 different auth
methods
> for the same data set (i.e. the same subject within the same context)
and
> (c) MSFT doesn't support N>1 auth methods for a single card.
>
> -Paul
>
> [1] http://wiki.eclipse.org/index.php/I-Card_Interfaces#ICard_Interface
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Follow-Ups:
- Re: [higgins-dev] cardId syntax
  - From: Michael McIntosh

References:
- [higgins-dev] cardId syntax
  - From: Paul Trevithick
- Re: [higgins-dev] cardId syntax
  - From: Michael McIntosh

Prev by Date: Re: [higgins-dev] Nomination of Duane Buss as Higgins committer
Next by Date: Re: [higgins-dev] Java devo: replacement for Iterable
Previous by thread: Re: [higgins-dev] cardId syntax
Next by thread: Re: [higgins-dev] cardId syntax
Index(es):
- Date
- Thread

Breadcrumbs