| [higgins-dev] OSIS Interop Capabilities conference call today at 5:30pm ET |
As mentioned on the Higgins call last Thursday... Agenda ------ Discuss the attached IdP and IdA capabilities matrices in preparation for upcoming IIW and Catalyst interoperability lab and demo sessions (respectively). I decided to split Bandit Wag (based on Higgins) and the generic Higgins STS/IdPs into their own separate columns as their capabilities are slightly different. Dial in: 641-696-6699; Sprint Customers: 614-696-6690 Passcode: 5559999 I have reserved 10 lines. -PaulTitle: Identity Provider Interop Feature Plan
| Identity Provider Interop Feature Plan - March 20, 2007 (v4) | ||||||
| Feature | CardSpace self-issued | MS IdP Sample | Bandit Wag/Higgins | Higgins | IdP E | |
| Managed Card Generation | ||||||
| Can create a managed card with the .crd file format | X | X | ||||
| Policy Advertisement | ||||||
| Policy endpoint discovery (MEX) | X | X | ||||
| Policy retrieval | X | X | ||||
| Claim Types | ||||||
| Can support xmlsoap.org identity claim types | X | X | ||||
| Can support Higgins claim types(where are they published?) | X | X | ||||
| Can support other claim types | X | X | ||||
| Encryption & Signing of Cards | ||||||
| Uses 48-bit encryption | X | X | ||||
| Uses 128-bit encryption | X | X | ||||
| Uses 256-bit encryption | X | X | ||||
| Managed Card Authentication | ||||||
| Users can use username/password to authenticate | X | X | ||||
| Users can use X.509 certificates to authenticate | X | X | ||||
| Users can use Kerberos tickets to authenticate | X | X | ||||
| Users can use a self-issued information card to authenticate | X | X | ||||
| Users can use a managed information card to authenticate | X | X | ||||
| Additional STS Support (Just backend interperability?) | ||||||
| Backend Interoperability | ||||||
| Liberty SAML | X | |||||
| LDAP | X | |||||
| OpenID OP | X | X | ||||
| Direct Access to non WS-Trust IdP (Delete these rows?) | ||||||
| OpenID IdP (version 1.1) | ||||||
| Liberty SAML IdP | ||||||
| Token Type support | ||||||
| Will send SAML 1.1 tokens | X | X | ||||
| Will send SAML 2.0 tokens | ||||||
| Will send other types of token (specify what kind if supported) | X | X | ||||
| Audit | ||||||
| Can configure IdP to tracks place where tokens have been sent | X | X | ||||
| Can configure IdP to NOT track places where tokens have been sent | X | X | ||||
| Optional Capabilities | ||||||
| Managed Card Unlinkability (if IdP publishes PPID) | X | X | ||||
| PPID is different for each RP | X | X | ||||
| PPID is provably related to the IdP public key (what does this mean?) | X | X | ||||
| Identity Agent Interop Feature Plan - 20 March 2007
|
||||||
| Feature | CardSpace | Safari Plug-In | Higgins | IA D | IA E | |
| Object Parsing | ||||||
| Can Parse x-informationCard HTML Object | X | X | ||||
| Can Parse ic:informationCard XHTML Object | X | X | ||||
| Policy Discovery | ||||||
| Retrieval from HTML Object | X | X | ||||
| Retrieval from XHTML Object | X | X | ||||
| Retrieval from RP STS | ||||||
| Browser Detection of Identity Agent | ||||||
| Support for InformationCardSigninHelper ActiveX Control | ? | |||||
| Support for XPCOM | ? | |||||
| Support for _javascript_ "isInstalled" function on HTML & XHTML RP objects | X | |||||
| Updates browser User Agent string | ||||||
| Personal Cards | ||||||
| General Support for Personal Cards | ||||||
| Personal Card Schema | ||||||
| Conforms to xmlsoap.org identity claims (http://schemas.xmlsoap.org/ws/2005/05/identity/claims) | X | X | ||||
| Conforms to Higgins i-card data format spex (http://eclipse.org/higgins will be updated with spex) | X | |||||
| Schema includes other attributes | ? | |||||
| Personal Card Signing & Encryption | ||||||
| Uses 48-bit encryption | X | |||||
| Uses 128-bit encryption | X | |||||
| Uses 256-bit encryption | X | |||||
| Personal Card Unlinkability | ||||||
| PPID is different for each RP | X | X | ||||
| PPID is provably related to the IdP public key | ? | |||||
| Managed Cards | ||||||
| General Support for Managed Cards | ||||||
| Managed Card Data Review | ||||||
| Can retrieve card data from an IdP and display to user | X | X | ||||
| Managed Card Validation | ||||||
| Certificate embedded in the card is compared with certificate of indicated site. | X | ? | ||||
| Managed Card Authentication Method Support | ||||||
| Supports username/password authentication to IdP | X | X | ||||
| Supports X.509 certificate-based authentication to IdP | X | |||||
| Supports Kerberos based authentication to IdP | ||||||
| Supports self-issued CardSpace card authentication to IdP | X | |||||
| Supports managed CardSpace card authentication to IdP | ? | |||||
| Managed Card Import | ||||||
| Can import a managed card from .crd formatted file | X | X | ||||
| RP Site Authentication on first encounter | ||||||
| Displays Site information for any valid standard certificate | X | ? | ||||
| Displays Site information for any valid EV certificate | ? | |||||
| Notifies user of sites with invalid certificates | X | ? | ||||
| Displays Site Privacy Statement if "privacyURL" invocation parameter is present | ? | |||||
| Card Mobility | ||||||
| Can import one or more cards from .crds formatted file | X | X | ||||
| Can export one or more cards to .crds formatted file | X | X | ||||
| Audit | ? | |||||
| Can view sites visited using a given card | X | ? | ||||
| Agent Type | ||||||
| Local client | X | X | ||||
| Browser extension | X | |||||
| Remote client | X | |||||
| Triggered From | ||||||
| IE7 | ||||||
| Firefox | X | |||||
| Safari | X | |||||
| Other | ||||||