[OpenID] OpenID Information Card
Johnny Bufu
johnny at sxip.com
Wed Dec 19 18:23:21 UTC 2007
On 18-Dec-07, at 5:51 PM, Prabath Siriwardena wrote:
>> The call to the STS/OP is mandatory. A selector implementation could
>> remember both the username and the password and submit the required
>> credentials automatically, without prompting the user.
>>
>> Or, if a self-issued card was used to authenticate to the STS/OP, the
>> selector could remember and automate the submission of the
>> credentials in this case as well.
>>
>
> But, in the case of OpenID Information Cards, we won't be able to use
> self-issued card.
1) The OpenID Infocard, the one that is passed to the RP, must be a
managed card.
2) The authentication between the identity selector and the STS(/OP)
can have any of the currently 4 types specified in the Identity
Selector Identity Profile v1.0 [1], in section "5. Authenticating to
Identity Provider":
- username and password
- Kerberos v5
- X.509v3 certificate
- self-issued token (card)
The second one is out of scope of the OpenID Infocard spec, and can
be any of the 4 types.
Johnny
[1] http://download.microsoft.com/download/1/1/a/11ac6505-
e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1.pdf
More information about the general
mailing list