[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[higgins-dev] OSIS Interop Capabilities conference call today at 5:30pm ET
|
As mentioned on the Higgins call last Thursday...
Agenda
------
Discuss the attached IdP and IdA capabilities matrices in preparation for
upcoming IIW and Catalyst interoperability lab and demo sessions
(respectively).
I decided to split Bandit Wag (based on Higgins) and the generic Higgins
STS/IdPs into their own separate columns as their capabilities are slightly
different.
Dial in: 641-696-6699; Sprint Customers: 614-696-6690
Passcode: 5559999
I have reserved 10 lines.
-Paul
Title: Identity Provider Interop Feature Plan
Identity Provider
Interop Feature Plan - March 20, 2007 (v4) |
Feature |
CardSpace self-issued |
MS IdP Sample |
Bandit Wag/Higgins |
Higgins |
IdP E |
Managed Card Generation |
|
|
|
|
|
Can create a managed card with
the .crd file format |
|
|
X |
X |
|
Policy Advertisement |
|
|
|
|
|
Policy endpoint discovery (MEX)
|
|
|
X |
X |
|
Policy retrieval |
|
|
X |
X |
|
Claim Types |
|
|
|
|
|
Can support xmlsoap.org identity
claim types |
|
|
X |
X |
|
Can support Higgins claim
types(where are they published?) |
|
|
X |
X |
|
Can support other claim types
|
|
|
X |
X |
|
Encryption & Signing of Cards |
|
|
|
|
|
Uses 48-bit encryption |
|
|
X |
X |
|
Uses 128-bit encryption |
|
|
X |
X |
|
Uses 256-bit encryption |
|
|
X |
X |
|
Managed Card Authentication |
|
|
|
|
|
Users can use username/password
to authenticate |
|
|
X |
X |
|
Users can use X.509 certificates
to authenticate |
|
|
X |
X |
|
Users can use Kerberos tickets
to authenticate |
|
|
X |
X |
|
Users can use a self-issued
information card to authenticate |
|
|
X |
X |
|
Users can use a managed
information card to authenticate |
|
|
X |
X |
|
Additional STS Support (Just backend
interperability?) |
|
|
|
|
|
|
Backend Interoperability |
|
|
|
|
|
|
Liberty SAML |
|
|
X |
|
|
|
LDAP |
|
|
X |
|
|
|
OpenID OP |
|
|
X |
X |
|
|
Direct Access to non WS-Trust IdP (Delete these rows?) |
|
|
|
|
|
|
OpenID IdP (version 1.1) |
|
|
|
|
|
|
Liberty SAML IdP |
|
|
|
|
|
Token Type support
|
|
|
|
|
|
Will send SAML 1.1 tokens |
|
|
X |
X |
|
Will send SAML 2.0 tokens |
|
|
|
|
|
Will send other types of token
(specify what kind if supported) |
|
|
X |
X |
|
Audit |
|
|
|
|
|
Can configure IdP to tracks place where tokens
have been sent |
|
|
X |
X |
|
Can configure IdP to NOT track places where
tokens have been sent |
|
|
X |
X |
|
Optional Capabilities
|
|
|
|
|
|
|
Managed
Card Unlinkability (if IdP publishes PPID) |
|
|
X |
X |
|
|
PPID is different for each RP |
|
|
X |
X |
|
|
PPID is provably related to the IdP public key (what does this mean?)
|
|
|
X |
X |
|
Title: Identity Agent Interop Feature Plan
Identity Agent Interop Feature Plan - 20 March 2007
|
Feature |
CardSpace |
Safari Plug-In |
Higgins |
IA D |
IA E |
Object Parsing |
|
|
|
|
|
Can Parse x-informationCard HTML
Object |
|
X |
X |
|
|
Can Parse ic:informationCard
XHTML Object |
|
X |
X |
|
|
Policy Discovery |
|
|
|
|
|
Retrieval from HTML Object |
|
X |
X |
|
|
Retrieval from XHTML Object |
|
X |
X |
|
|
Retrieval from RP STS |
|
|
|
|
|
Browser Detection of
Identity Agent |
|
|
|
|
|
Support for
InformationCardSigninHelper ActiveX Control |
|
|
? |
|
|
Support for XPCOM |
|
|
? |
|
|
Support for _javascript_ "isInstalled"
function on HTML & XHTML RP objects |
|
X |
|
|
|
Updates browser User Agent
string |
|
|
|
|
|
Personal Cards |
|
|
|
|
|
General Support for Personal Cards |
|
|
|
|
|
|
Personal
Card Schema |
|
|
|
|
|
|
Conforms to xmlsoap.org identity claims (http://schemas.xmlsoap.org/ws/2005/05/identity/claims)
|
|
X |
X |
|
|
|
Conforms to Higgins i-card data format spex (http://eclipse.org/higgins
will be updated with spex) |
|
|
X |
|
|
|
Schema includes other attributes |
|
|
? |
|
|
|
Personal
Card Signing & Encryption |
|
|
|
|
|
|
Uses 48-bit encryption |
|
|
X |
|
|
|
Uses 128-bit encryption |
|
|
X |
|
|
|
Uses 256-bit encryption |
|
|
X |
|
|
|
Personal
Card Unlinkability |
|
|
|
|
|
|
PPID is different for each RP |
|
X |
X |
|
|
|
PPID is provably related to the IdP public key |
|
|
? |
|
|
Managed Cards |
|
|
|
|
|
General Support for Managed Cards |
|
|
|
|
|
|
Managed
Card Data Review |
|
|
|
|
|
|
Can retrieve card data from an IdP and display to user
|
|
X |
X |
|
|
|
Managed
Card Validation |
|
|
|
|
|
|
Certificate embedded in the card is compared with
certificate of indicated site. |
|
X |
? |
|
|
|
Managed
Card Authentication Method Support |
|
|
|
|
|
|
Supports username/password authentication to IdP |
|
X |
X |
|
|
|
Supports X.509 certificate-based authentication to IdP
|
|
|
X |
|
|
|
Supports Kerberos based authentication to IdP |
|
|
|
|
|
|
Supports self-issued CardSpace card authentication to
IdP |
|
|
X |
|
|
|
Supports managed CardSpace card authentication to IdP
|
|
|
? |
|
|
|
Managed
Card Import |
|
|
|
|
|
|
Can import a managed card from .crd formatted file |
|
X |
X |
|
|
RP Site Authentication on first encounter |
|
|
|
|
|
Displays Site information for
any valid standard certificate |
|
X |
? |
|
|
Displays Site information for
any valid EV certificate |
|
|
? |
|
|
Notifies user of sites with
invalid certificates |
|
X |
? |
|
|
Displays Site Privacy Statement
if "privacyURL" invocation parameter is present |
|
|
? |
|
|
Card Mobility |
|
|
|
|
|
Can import one or more cards from .crds
formatted file |
|
X |
X |
|
|
Can export one or more cards to .crds formatted
file |
|
X |
X |
|
|
Audit |
|
|
? |
|
|
Can view sites visited using a given card |
|
X |
? |
|
|
Agent Type |
|
|
|
|
|
Local client |
|
X |
X |
|
|
Browser extension |
|
|
X |
|
|
Remote client |
|
|
X |
|
|
Triggered From |
|
|
|
|
|
IE7 |
|
|
|
|
|
Firefox |
|
|
X |
|
|
Safari |
|
X |
|
|
|
Other |
|
|
|
|
|