Well .... I guess that technically it is not literally present, but is indirectly available from the auth material once you open a context - in other words, by using the auth material you can obtain the subject id.
>>> Michael McIntosh <mikemci@xxxxxxxxxx> 3/8/2007 9:51 AM >>> higgins-dev-bounces@xxxxxxxxxxx wrote on 03/08/2007 11:33:11 AM:
> If our objective is to ensure uniqueness of the card id, it can be > done independent of whether you include <subject id> or <auth> or > any other thing (in Wag, we simply append random unique data that > the STS can safely ignore - a GUID of sorts). I want to know why it > is that <subject ID>, <auth>, etc. need to be in the card ID and why > the STS would need to extract them from the card Id as opposed to > other places in the RST where they already exist? (see previous e- > mail I sent on this thread)
Where is the Subject ID in the RST? I agree the auth does not need to be there.
> > Daniel > > >>> Michael McIntosh <mikemci@xxxxxxxxxx> 3/8/2007 9:20 AM >>> > Paul, > > Actually, I was just using the auth part as justification for why > "<contextId> / <subjectId> " isn't unique enough. Suspect it should be > something like "<contextId>/<subjectId>/<uuid>" or " > <contextId>/<subjectId>/<stsid>/<sequence>" > > As Jim points out the CardID also needs to be unique to a CardStore - you > cannot create multiple card with same id - so something needs to create > uniqueness for multiple card from different STS over same context/subject. > > Thanks, > Mike > > higgins-dev-bounces@xxxxxxxxxxx wrote on 03/08/2007 02:02:02 AM: > > > Here at EclipseCon I got a few minutes to chat with Mike McIntosh. It > > prompted this email. > > > > Proposal: For Higgins CardSpace-compatible i-cards we set the "cardId"
> field > > (see 'getCardId()' in [1]) to the string value: > > > > <contextId> / <subjectId> / <auth> > > > > E.g. > > > > http://example.com/HR-dept/ptrevithick/UNPW > > > > Where: > > <auth> is either "UNPW", or "Personal", or "Kerberos" or "X509" > > > > The four auth values are the four allowed auth methods MSFT defined to > > authenticate to a card. "Personal" means using a Personal i-card. > > > > Why append the <auth> value? Because: (a) every cardId must be unique to > a > > provider/TS and (b) a person might want to use 1<N<5 different auth > methods > > for the same data set (i.e. the same subject within the same context) > and > > (c) MSFT doesn't support N>1 auth methods for a single card. > > > > -Paul > > > > [1] http://wiki.eclipse.org/index.php/I-Card_Interfaces#ICard_Interface > > > > _______________________________________________ > > higgins-dev mailing list > > higgins-dev@xxxxxxxxxxx > > https://dev.eclipse.org/mailman/listinfo/higgins-dev > > _______________________________________________ > higgins-dev mailing list > higgins-dev@xxxxxxxxxxx > https://dev.eclipse.org/mailman/listinfo/higgins-dev > _______________________________________________ > higgins-dev mailing list > higgins-dev@xxxxxxxxxxx > https://dev.eclipse.org/mailman/listinfo/higgins-dev
_______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins-dev
|