Re: [higgins-dev] cardId syntax

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] cardId syntax

From: Michael McIntosh <mikemci@xxxxxxxxxx>
Date: Thu, 8 Mar 2007 11:51:01 -0500
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

higgins-dev-bounces@xxxxxxxxxxx wrote on 03/08/2007 11:33:11 AM:

> If our objective is to ensure uniqueness of the card id, it can be 
> done independent of whether you include <subject id> or <auth> or 
> any other thing (in Wag, we simply append random unique data that 
> the STS can safely ignore - a GUID of sorts).  I want to know why it
> is that <subject ID>, <auth>, etc. need to be in the card ID and why
> the STS would need to extract them from the card Id as opposed to 
> other places in the RST where they already exist? (see previous e-
> mail I sent on this thread)

Where is the Subject ID in the RST?
I agree the auth does not need to be there.

> 
> Daniel
> 
> >>> Michael McIntosh <mikemci@xxxxxxxxxx> 3/8/2007 9:20 AM >>>
> Paul,
> 
> Actually, I was just using the auth part as justification for why 
> "<contextId> / <subjectId> " isn't unique enough. Suspect it should be 
> something like "<contextId>/<subjectId>/<uuid>" or "
> <contextId>/<subjectId>/<stsid>/<sequence>"
> 
> As Jim points out the CardID also needs to be unique to a CardStore - 
you 
> cannot create multiple card with same id - so something needs to create 
> uniqueness for multiple card from different STS over same 
context/subject.
> 
> Thanks,
> Mike
> 
> higgins-dev-bounces@xxxxxxxxxxx wrote on 03/08/2007 02:02:02 AM:
> 
> > Here at EclipseCon I got a few minutes to chat with Mike McIntosh. It
> > prompted this email.
> > 
> > Proposal: For Higgins CardSpace-compatible i-cards we set the "cardId" 

> field
> > (see 'getCardId()' in [1]) to the string value: 
> > 
> >   <contextId> / <subjectId> / <auth>
> > 
> > E.g. 
> > 
> >   http://example.com/HR-dept/ptrevithick/UNPW
> > 
> > Where:
> >   <auth> is either "UNPW", or "Personal", or "Kerberos" or "X509"
> > 
> > The four auth values are the four allowed auth methods MSFT defined to
> > authenticate to a card. "Personal" means using a Personal i-card.
> > 
> > Why append the <auth> value? Because: (a) every cardId must be unique 
to 
> a
> > provider/TS and (b) a person might want to use 1<N<5 different auth 
> methods
> > for the same data set (i.e. the same subject within the same context) 
> and
> > (c) MSFT doesn't support N>1 auth methods for a single card.
> > 
> > -Paul
> > 
> > [1] 
http://wiki.eclipse.org/index.php/I-Card_Interfaces#ICard_Interface 
> > 
> > _______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev
> 
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev

Follow-Ups:
- Re: [higgins-dev] cardId syntax
  - From: Daniel Sanders

References:
- Re: [higgins-dev] cardId syntax
  - From: Daniel Sanders

Prev by Date: Re: [higgins-dev] cardId syntax
Next by Date: Re: [higgins-dev] cardId syntax
Previous by thread: Re: [higgins-dev] cardId syntax
Next by thread: Re: [higgins-dev] cardId syntax
Index(es):
- Date
- Thread

Breadcrumbs