RE: [higgins-dev] Higgins status?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

RE: [higgins-dev] Higgins status?

From: "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>
Date: Thu, 26 Apr 2007 01:42:59 -0400
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AceCnZe0jq4lDRltSd+UVySbKLkKHgE6BiPQ

Greg wrote:
> 
> Hi all.  I'm interested in using Higgins components to build a
> CardSpace-compatible managed information card provider as well as the
> relevant relying party tidbits required to process the security token
> containing claims delivered by the Windows CardSpace identity selector.
>   Are the Higgins components mature enough to be used to:
> 
> 1. Issue an ic:InformationCard document indicating STS authn via any of
> (1) username/password, (2) self-issued credential, or (3) X.509 V3 cert
> suitable for use by Windows CardSpace.

Yes, yes, and in-the-works.

> 
> 2. Build an STS capable of authenticating a Windows CardSpace service
> requester via any of (1) username/password, (2) a security token
> containing a PPID generated by the Windows CardSpace Self-issued
> Identity Provider, or (3) X.509 V3 cert.

I don't know. Mike?
> 
> 3. Following this authentication, issue a SAML security token containing
> various claims.

Yes.
> 
> 4. Process this SAML security token in a relying party to extract the
> claims.

I don't know.
> 
> Naturally, this involved a mess of WS-Trust, WS-MEX,
> WS-SecureConversation, WS-SecurityPolicy, etcetera.  Are these bits and
> pieces implemented in Higgins, and do they interop with Windows CardSpace?

It is not easy to get the Higgins Token Service configured (though the
situation is improving (meaning, the documentation is improving)), but it
has been done at various points in time by Higgins folks at IBM and Novell,
by Serena, by ooTao and as I understand it by AOL. We have demonstrated in
public CardSpace-compatible IdP/STSs (see the "Deployments" area of the
higgins site for the URL of the one Novell's Bandit team has hosted (I'm on
a plane now, else I'd paste it in here for you)).

> 
> My timeframe is fairly short (a small number of weeks), so I'm really
> interested in what's there now rather than what future goals for the
> project are.

Most of the complexity lies in setting up and configuring the JNDI/LDAP
Context Provider that the out-of-the-box Token Service uses. We plan to
replace this with a much simpler-to-configure CP soon. 

> 
> Many thanks,
> --
> 		Greg Thompson
> 		Credentica
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev

References:
- [higgins-dev] Higgins status?
  - From: Greg Thompson

Prev by Date: Re: [higgins-dev] IdAS Update Proposals
Next by Date: RE: [higgins-dev] Question about Higgins
Previous by thread: [higgins-dev] Higgins status?
Next by thread: [higgins-dev] Notes from today's higgins-dev call (noon ET)
Index(es):
- Date
- Thread

Breadcrumbs