tag:blogger.com,1999:blog-9265269.post114970114166492150..comments2023-09-19T04:42:21.193-07:00Comments on xmldap: Microsoft Labs STScmorthttp://www.blogger.com/profile/07365195237862694751noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-9265269.post-1150333428062644412006-06-14T18:03:00.000-07:002006-06-14T18:03:00.000-07:00I'll have to drop John a line :-)I'll have to drop John a line :-)cmorthttps://www.blogger.com/profile/07365195237862694751noreply@blogger.comtag:blogger.com,1999:blog-9265269.post-1150333056045408472006-06-14T17:57:00.000-07:002006-06-14T17:57:00.000-07:00FYI John Shewchuk on panel at the Burton Group Cat...FYI John Shewchuk on panel at the Burton Group Catalyst conference mentioned that all the InfoCard protocol specifications would be available (in the context of open source developers i.e. Higgins project) and to contact him if this was not the case.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9265269.post-1150142694114693262006-06-12T13:04:00.000-07:002006-06-12T13:04:00.000-07:00All excellent points, and I'm in complete agreemen...All excellent points, and I'm in complete agreement. <BR/><BR/>Some of the protocols involved are moving through the standardization process, and some are still proprietary and closed. Hopefully those all open up.<BR/><BR/>As far as SSL, I don't think CardSpace will work without it in current form.<BR/><BR/>Basically, you're starting to ask lots of very relevant questions, that I'm only in a position to speculate on...wish I could help more, but I don't work for MSFT, and have no control over their implementation, nor what they release to standards bodies.cmorthttps://www.blogger.com/profile/07365195237862694751noreply@blogger.comtag:blogger.com,1999:blog-9265269.post-1150142149383733102006-06-12T12:55:00.000-07:002006-06-12T12:55:00.000-07:00I found those documents, but they are Microsoft do...I found those documents, but they are Microsoft documents, explaining API and CardSpace (client more or less). It is not ... specification for implementation of an identity metasystem. For instance, how the client and server should negotiate (WS-Policy?) what algorithms must be supported (as to enable at least some sort of interoperability), what encodings, what token formats (SAML, eToken,...?) should be support and so on. <BR/><BR/>I understand CardSpace is currently mostly Microsoft business, but given the plans to adopt it throughout industry, wouldn't it make sense to have some sort of specification [draft] to work with and evolve it? <BR/><BR/>As for the PPI(D), I believe there should be some limitations to what it is, in terms of size at least. The way it is specified right now, someone can put 1GB base64 encoded byte array.<BR/><BR/>On another note, how can CardSpace be used on sites without SSL (server side certificate), when this certificate (well keys in it actually) are used to cryptographically sign and encrypt the token and token "envelope".<BR/><BR/>Regards,<BR/> Miha.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9265269.post-1150125542300986002006-06-12T08:19:00.000-07:002006-06-12T08:19:00.000-07:00Here's a link to all the infocard...err...cardspac...Here's a link to all the infocard...err...cardspace docs:<BR/><BR/><A HREF="http://msdn.microsoft.com/winfx/reference/infocard/default.aspx" REL="nofollow">http://msdn.microsoft.com/winfx/reference/infocard/default.aspx</A><BR/><BR/>As far as PPI, to quote Kim Cameron:<BR/><BR/><I>This is basically an unchanging identifier for the given user at the relying party. It could be, for example, a hash of the relying party’s DN plus the account number of the user (or in your case the email address, if that is considered unchanging). In the simple self-asserted identity provider we do it as a function of the site identifier (e.g. from the cert) and the infocard identifier. Thus if I go to the same site with the same infocard, I’ll get the same privatepersonalidentifier even if I change my email address.</I><BR/><BR/><BR/>The format is basically opaque to the relyingparty.cmorthttps://www.blogger.com/profile/07365195237862694751noreply@blogger.comtag:blogger.com,1999:blog-9265269.post-1150117664840906712006-06-12T06:07:00.000-07:002006-06-12T06:07:00.000-07:00Where are the specification for "identity metasyst...Where are the specification for "identity metasystem 'clients'", meaning providers, browsers and relying parties?<BR/><BR/>Surely, they must exist, but under which names?<BR/><BR/>I'd be greatful for any pointers on that. <BR/><BR/>Also, I was thinking about PPI(D) claim, present in an InfoCard (identity card -- how does one call it 'independently'? :)) -- the specification I found on that are only in Microsoft papers and even there, it is just mentioned that it is base64 encoded byte array...<BR/><BR/>Thank you,<BR/> Miha.Anonymousnoreply@blogger.com