Skip to Content.
Sympa Menu

shibboleth-dev - Infocard directions

Subject: Shibboleth Developers

List archive

Infocard directions


Chronological Thread 
  • From: Jim Fox <>
  • To:
  • Subject: Infocard directions
  • Date: Tue, 1 Jul 2008 21:43:57 -0700 (PDT)



These are my recollections of suggestions for improvement
of our infocard support from Monday's call.


On the SP.

1) Keep session initiator as is. It might change when SAML
requests allow attribute specification, but it will continue
to be similar to the standard SP initiator.

2) To allow self-issued cards we will verify the signature
(that the assertion was signed by the accompanying keyinfo)
send the attributes and keyinfo to the app, unfiltered and
unverified.



On the IdP.

1) At some point we will want to include support for symmetric
bindings, as some authn methods may require it.

2) We would like to include support for self-issued card authn
for our managed cards. This requires a registration
step at the IdP, which will in some way associate the
keyinfo of the private card with a user of the IdP.
That mechanism is not yet known.

3) We would like to allow custom card generation by allowing the
user, in some way, to select attributes or attribute sets.

4) At card use we should do some ARP filtering according to the
RP's identity.

5) We need to provide configuration elements that can be used
to associate an RP's location with the RP's entityIDs.
Scott has suggested an API. Config element in unknown.


Jim





Archive powered by MHonArc 2.6.16.

Top of Page