[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] IMI + OpenID

Markus,

I don't know that I would be that specific about the token type.  It could be SAML2.0 or something else.
The actual token type and claims for it need to be retrieved via a GET to the RP so that you have the cert chain.

So I would go with something more generic that indicates to the OP that it needs to do that GET to determine the token to be returned.

John B.

On 11-May-09, at 8:08 PM, Markus Sabadello wrote:

Hi John,

Do you have any intelligent idea for the AX identifiers for
1. requesting the whole token (via AX FETCH)
2. offering a new i-card (via AX STORE)

My idea would be:
1. urn:oasis:names:tc:SAML:1.0:assertion
2. http://schemas.xmlsoap.org/ws/2005/05/identity

Markus

On Fri, May 1, 2009 at 8:44 PM, John Bradley <ve7jtb@xxxxxxxxxx> wrote:
Markus,

I think that captures it.

The only change I might make is having token be if_available.  That will decrease the likelihood a non IMI OP might reject the authen request because it cannot fulfill a required claim.

The IMI OP would prefer the token AX attribute for the reply if the user selects a card that can provide it.

John B.
On 1-May-09, at 8:25 PM, Markus Sabadello wrote:

I tried capturing some thoughts that came up on the last Higgins call, regarding building better IMI support into the OpenID-based "Higgins Web Selector":
http://wiki.eclipse.org/Web_Selector_1.1#Requesting_an_i-card

It lists a few possible methods for "doing i-cards" over OpenID:

Method 1: AX attribute identifiers are claim URIs
Method 2a: Well-known AX attribute identifiers are mapped to claim URIs
Method 2b: Well-known SREG attribute identifiers are mapped to claim URIs
Method 3: Advanced IMI compatibility

Markus

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev


_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev


_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Attachment: smime.p7s
Description: S/MIME cryptographic signature