Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "I-Card Provider"
(→Overview) |
|||
Line 10: | Line 10: | ||
# URI Personal Provider | # URI Personal Provider | ||
− | ===CardSpace- | + | ===CardSpace-interoperable Managed I-Card Provider ((CMIP) === |
* I-Card instances instantiated and managed by this provider implement the ICard and ITokenCard interfaces (see [[I-Card Interfaces]]) | * I-Card instances instantiated and managed by this provider implement the ICard and ITokenCard interfaces (see [[I-Card Interfaces]]) | ||
* Retreives signed security tokens from CardSpace-compatible IdP/STSes and acceptable by CardSpace-compatible RPs | * Retreives signed security tokens from CardSpace-compatible IdP/STSes and acceptable by CardSpace-compatible RPs | ||
* Imports CardSpace-format managed card files | * Imports CardSpace-format managed card files | ||
− | ===CardSpace- | + | ===CardSpace-interoperable Personal I-Card Provider (CPIP) === |
* I-Card instances instantiated and managed by this provider implement the base ICard and ITokenCard interfaces (see [[I-Card Interfaces]]) | * I-Card instances instantiated and managed by this provider implement the base ICard and ITokenCard interfaces (see [[I-Card Interfaces]]) | ||
* Creates (using the local Higgins [[Token Service]]) a signed security tokens from attributes stored in IdAS. Assuming self-signecd tokens are allowed, this provider creates tokens are acceptable by CardSpace-compatible RPs | * Creates (using the local Higgins [[Token Service]]) a signed security tokens from attributes stored in IdAS. Assuming self-signecd tokens are allowed, this provider creates tokens are acceptable by CardSpace-compatible RPs |
Revision as of 13:54, 9 March 2007
Overview
- An I-Card Provider is responsible for instantiating and managing I-Card instances that implement I-Card Interfaces
- A Provider is also responsible for importing I-Cards from one of the supported card data formats.
The Higgins project is developing these I-Card Providers:
- Cardspace-interoperable Managed provider
- CardSpace-interoperable Personal provider
- URI Managed Provider
- URI Personal Provider
CardSpace-interoperable Managed I-Card Provider ((CMIP)
- I-Card instances instantiated and managed by this provider implement the ICard and ITokenCard interfaces (see I-Card Interfaces)
- Retreives signed security tokens from CardSpace-compatible IdP/STSes and acceptable by CardSpace-compatible RPs
- Imports CardSpace-format managed card files
CardSpace-interoperable Personal I-Card Provider (CPIP)
- I-Card instances instantiated and managed by this provider implement the base ICard and ITokenCard interfaces (see I-Card Interfaces)
- Creates (using the local Higgins Token Service) a signed security tokens from attributes stored in IdAS. Assuming self-signecd tokens are allowed, this provider creates tokens are acceptable by CardSpace-compatible RPs
- Imports CardSpace-format personal card files and transfers the stored values of claims to IdAS for later retrieval
URI Managed I-Card Provider
- I-Card instances instantiated and managed by this provider implement the ICard, ITokenCard, and IURICard interfaces (see I-Card Interfaces)
- This provider manages cards whose associated IdAS context is managed by some external entity. The provider impl uses IdAS to access attribute values.
- Card Examples:
- LDAP directory card: provides a view of the user's identity data stored on an enterprise HR directory
URI Personal I-Card Provider
- I-Card instances instantiated and managed by this provider implement the ICard, ITokenCard, and IURICard interfaces (see I-Card Interfaces)
- This provider manages cards whose associated IdAS context was created by the user and over which the user is authoritative.
- Card Examples:
- Persona/Role {e.g. Shopping, Buying, Travel, Home&Personal, Health, Friends, Family} cards --for the multiple hats the user wears
- Website - stores a copy of the personal information about a user that the user has entered into a website (e.g. linkedin.com, flikr, etc.)
- Username & Password - each card stores one of the user's unique un/pw combinations (pullled from browser's password manager)