Relying Party Service

The initial focus of the Relying Party Service will be on defining the requirements for the support and evaluating which open source initiatives may have some complementary technologies/solutions that may be relevant. RPS will provide cross browser and protocol support, while preparing for unknown future protocols. To assure broad use it is imperative that Relying Party Service use and deployment be as easy as possible.

Note: We are in the requirements gathering stage of this component.

Abbreviations

1. IdA = Identity Agent/Identity Selector
2. IdP = Identity Provider
3. RP = Relying Party
4. RPS = Relying Party Service

Requirements

1. Protocol support
   1. CardSpace 1.0
   2. OpenID 2.0
   3. yet to be determined
2. Client Support
   1. Browser
      1. IE7
      2. FireFox 2.0 with CS Extension
      3. Opera
   2. Rich Client
      1. Second Life
3. Develop set of utilities/libraries to assist in RP creation
   1. Generation of Identity Agent Trigger mechanism
      1. HTML - <object ...application/x-InformationCard
      2. XHTML
      3. WSPolicy
      4. Idemix policy
   2. Generation of RP Policy tokens <object ...
   3. Generation of Privacy Statement for IdA retrieval
   4. RP validation of IdA Response Token
   5. RP disassembly of IdA Response Token
   6. RP accessibility to IdA Response Token elements
      1. claim data
      2. issuer
      3. token expiration
      4. public keys
   7. Token PPID validation ( to IdP )
   8. Token timestamp validation
   9. Generic keystore for RP Cert retrieval
   10. WebServer Platforms
       1. Apache
       2. IIS
   11. J2EE Server Platforms
       1. Tomcat
       2. Weblogic
       3. Websphere
       4. JBoss
   12. library type ?
       1. ASP.Net / C#
       2. Java
       3. javascript/ecmascript
       4. PHP

There are a few initiatives underway that may provide a basis for RPS support. Specificially, the Pamela Project, and xmldap.org. Hopefully we can collaborate with them on providing a consistent RPS.