Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "I-Card Provider"
m (→CardSpace(tm)-compatible Self-Issued I-Card Provider) |
(→Overview) |
||
Line 5: | Line 5: | ||
* Different [[I-Card Provider]] implementations use different protocols for retreiving identity information. Some might use WS-Trust to request a [[Digital Identity]] from a local STS (for self-issued cards), others from a remote STS (managed cards). Still others provide RSS feeds to identity information stored in the [[Identity Attribute Service]] | * Different [[I-Card Provider]] implementations use different protocols for retreiving identity information. Some might use WS-Trust to request a [[Digital Identity]] from a local STS (for self-issued cards), others from a remote STS (managed cards). Still others provide RSS feeds to identity information stored in the [[Identity Attribute Service]] | ||
* The Higgins project is developing these types of I-Card Providers: | * The Higgins project is developing these types of I-Card Providers: | ||
− | ** Cardspace(tm)-compatible | + | ** Cardspace(tm)-compatible |
− | ** RSS-P (self issued) | + | ** RSS-P (self issued) |
− | ** planned: OpenID-H-compatible Managed | + | ** planned: OpenID-H-compatible Managed |
** ...others | ** ...others | ||
Revision as of 15:12, 28 October 2006
Contents
Overview
- An I-Card Provider is responsible for instantiating and managing I-Card instances (that implement the I-Card Interfaces)
- A Provider is also responsible for importing I-Cards from serialized data formats. For example a CardSpace I-Card Provider would be responsible for being able to import CardSpace format data files.
- A Provider must somehow configure themselves with resources that may be needed by their I-Cards. For example, a CardSpace I-Card Provider must know the endpoint for the local Token Issuer (STS).
- Different I-Card Provider implementations use different protocols for retreiving identity information. Some might use WS-Trust to request a Digital Identity from a local STS (for self-issued cards), others from a remote STS (managed cards). Still others provide RSS feeds to identity information stored in the Identity Attribute Service
- The Higgins project is developing these types of I-Card Providers:
- Cardspace(tm)-compatible
- RSS-P (self issued)
- planned: OpenID-H-compatible Managed
- ...others
CardSpace-compatible Self-Issued I-Card Provider
- This provider will provide interoperability with CardSpace relying parties and CardSpace/WS-Trust compatible IdPs.
- It will support both managed and self-issued CardSpace-compatible I-Cards
- It will be able to import CardSpace-format managed cards
Both Self-issued and Managed Cards
- Are single Digital Subject I-Cards
- The I-Cards will implement these I-Card Interfaces:
- I-Card
- TokenIssuerCard
- The TokenIssuerCard impl code manages the metadata necessary to request Digital Identity token
Self-Issued Cards
- The self-issued card instances will implement the IdASCard interface (see I-Card Interfaces)
- The TokenIssuerCard impl code will leverage a local STS that can create Idemix compatible-tokens (in addition to the usual CardSpace-compatible token types)
- The IdASCard impl code manages manages the metadata necessary to retreive claims that are provided to the local STS Token Issuer