Difference between revisions of "I4:Information Card Identity Provider Features"
(→Feature-Identity Provider account creation via Information Card) |
Mike.Jones (Talk | contribs) (Replace CardSpace Team Blog references with ISIP V1.5 section references) |
||
| (8 intermediate revisions by 5 users not shown) | |||
| Line 11: | Line 11: | ||
|acceptable = Creation available and successful | |acceptable = Creation available and successful | ||
|not_acceptable = Creation fails or is not available | |not_acceptable = Creation fails or is not available | ||
| − | |testlist = [[I4:FeatureTest-IdP | + | |testlist = [[I4:FeatureTest-IdP Support for Managed Cards backed by Self-Issued Card]] |
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| Line 25: | Line 25: | ||
|acceptable = Creation available and successful | |acceptable = Creation available and successful | ||
|not_acceptable = Creation fails or is not available | |not_acceptable = Creation fails or is not available | ||
| − | |testlist = | + | |testlist = Implementation priority: medium |
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| Line 41: | Line 41: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 52: | Line 53: | ||
|acceptable = Creation available and successful | |acceptable = Creation available and successful | ||
|not_acceptable = Creation fails or is not available | |not_acceptable = Creation fails or is not available | ||
| − | |testlist = [[I4:FeatureTest-IdP | + | |testlist = [[I4:FeatureTest-IdP Support for Managed Cards backed by Username and Password]] |
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| Line 68: | Line 69: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| + | |testlist = [[I4:FeatureTest-IdP Support for Managed Cards backed by Self-Issued Card]] | ||
}} | }} | ||
| Line 81: | Line 83: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 94: | Line 97: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 107: | Line 111: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| + | |testlist = [[I4:FeatureTest-IdP Support for Managed Cards backed by Username and Password]] | ||
}} | }} | ||
| Line 120: | Line 125: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: high | ||
}} | }} | ||
| Line 133: | Line 139: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 146: | Line 153: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 159: | Line 167: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 172: | Line 181: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 185: | Line 195: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 198: | Line 209: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 211: | Line 223: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 224: | Line 237: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 231: | Line 245: | ||
|feature_type = interop | |feature_type = interop | ||
|solution_role = Information Card Identity Provider | |solution_role = Information Card Identity Provider | ||
| − | |feature_description = Support for IdP and RP Components which use WS-Trust 1.3 and WS-SecurityPolicy 1.2 (the OASIS standard versions) as per | + | |feature_description = Support for IdP and RP Components which use WS-Trust 1.3 and WS-SecurityPolicy 1.2 (the OASIS standard versions) as per ISIP V1.5 § 10 |
|test_description = Access components that are known to exclusively use OASIS versions of WS-Trust & WS-SecurityPolicy | |test_description = Access components that are known to exclusively use OASIS versions of WS-Trust & WS-SecurityPolicy | ||
|acceptable = Transaction Succeeds | |acceptable = Transaction Succeeds | ||
| Line 237: | Line 251: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 250: | Line 265: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 263: | Line 279: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 276: | Line 293: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 289: | Line 307: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 302: | Line 321: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 314: | Line 334: | ||
|acceptable = Display token values human-readable and represent actual claim values in token | |acceptable = Display token values human-readable and represent actual claim values in token | ||
|not_acceptable = Display token values not present or don’t accurately represent claims in token | |not_acceptable = Display token values not present or don’t accurately represent claims in token | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = I3 | |maturity_date = I3 | ||
}} | }} | ||
| Line 329: | Line 349: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 342: | Line 363: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 355: | Line 377: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| − | ==Feature-Identity Provider | + | ==Feature-Identity Provider Recognizes Equivalence of the Multiple URIs for SAML 1.0 and 1.1 Tokens== |
{{Feature | {{Feature | ||
| − | |feature_id = Identity Provider | + | |feature_id = Identity Provider Recognizes Equivalence of the Multiple URIs for SAML 1.0 and 1.1 Tokens |
|feature_type = condition | |feature_type = condition | ||
|solution_role = Information Card Identity Provider | |solution_role = Information Card Identity Provider | ||
| − | |feature_description = urn:oasis:names:tc:SAML:1.0:assertion and http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 | + | |feature_description = Support both the token types urn:oasis:names:tc:SAML:1.0:assertion and http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 |
|test_description = Use card twice – once with an RP requesting the first token-type, once with an RP requesting the 2nd token type | |test_description = Use card twice – once with an RP requesting the first token-type, once with an RP requesting the 2nd token type | ||
|acceptable = Two successful transactions, each returning the requested token type | |acceptable = Two successful transactions, each returning the requested token type | ||
| − | |not_acceptable = | + | |not_acceptable = One or both of the two equivalent URIs not supported |
|maturity_status = Emerging | |maturity_status = Emerging | ||
| − | |maturity_date = | + | |maturity_date = I4 |
| + | |testlist = [[I4:FeatureTest-IdP Supports both Equivalent URIs for Cards using SAML 1.0 and 1.1 Tokens]] | ||
}} | }} | ||
| Line 381: | Line 405: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 394: | Line 419: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 407: | Line 433: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 420: | Line 447: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 433: | Line 461: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| − | ==Feature- | + | ==Feature-Identity Provider returns FailedRequiredClaims SOAP Fault== |
{{Feature | {{Feature | ||
| − | |feature_id = | + | |feature_id = Identity Provider returns FailedRequiredClaims SOAP Fault |
|feature_type = condition | |feature_type = condition | ||
|solution_role = Information Card Identity Provider | |solution_role = Information Card Identity Provider | ||
| − | |feature_description = When an IdP is unable to publish claim values for all required claims, it | + | |feature_description = When an IdP is unable to publish claim values for all required claims, it shuold return the SOAP Fault FailedRequiredClaims as per ISIP § 6.2 |
|test_description = Use a managed card at an RP which asks for claims that the IdP cannot satisfy | |test_description = Use a managed card at an RP which asks for claims that the IdP cannot satisfy | ||
|acceptable = SOAP Fault | |acceptable = SOAP Fault | ||
| Line 446: | Line 475: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 459: | Line 489: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: high | ||
}} | }} | ||
| Line 466: | Line 497: | ||
|feature_type = interop | |feature_type = interop | ||
|solution_role = Information Card Identity Provider | |solution_role = Information Card Identity Provider | ||
| − | |feature_description = Need to be able to get the | + | |feature_description = Need to be able to get the Information Card into the Selector |
|test_description = Attempt to export a managed card from the Identity Provider | |test_description = Attempt to export a managed card from the Identity Provider | ||
|acceptable = Card can be exported & used | |acceptable = Card can be exported & used | ||
|not_acceptable = Card cannot be exported or cannot be used after import | |not_acceptable = Card cannot be exported or cannot be used after import | ||
| − | |testlist = [[I4:FeatureTest- | + | |testlist = [[I4:FeatureTest-IdP Creation of .crd Files]] |
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I1 | |maturity_date = I1 | ||
| Line 486: | Line 517: | ||
|maturity_status = Emerging | |maturity_status = Emerging | ||
|maturity_date = | |maturity_date = | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
| Line 499: | Line 531: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I2 | |maturity_date = I2 | ||
| + | |testlist = Implementation priority: medium | ||
}} | }} | ||
| Line 512: | Line 545: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = I2 | |maturity_date = I2 | ||
| + | |testlist = Implementation priority: low | ||
}} | }} | ||
Latest revision as of 15:58, 29 September 2008
{{#vardefine:DtArticleSortKey|}}
Feature-Creation of Managed Card backed by a Self-Issued Information Card
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Creation of Managed Card backed by a Self-Issued Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Creation of Managed Card backed by a Self-Issued Information Card - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Ability to create a managed information card (.crd) file which references an associated self-issued information card as per ISIP § 4.1.1.2 and ISIP Guide § 5.5 | Create a managed card, select a self-issued card to associate, and save to .crd file format | Creation available and successful | Creation fails or is not available |
Tests
I4:FeatureTest-IdP Support for Managed Cards backed by Self-Issued Card
Feature-Creation of Managed Card backed by X.509 certificate
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Creation of Managed Card backed by X.509 certificate|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Creation of Managed Card backed by X.509 certificate - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Ability to create a managed information card (.crd) file which references an associated X.509 certificate as per ISIP § 4.1.1.2 and ISIP Guide § 5.4 | Create a managed card backed by an X.509 certificate and save to .crd file format | Creation available and successful | Creation fails or is not available |
Tests
Implementation priority: medium
Feature-Creation of Managed Card backed by Kerberos
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Creation of Managed Card backed by Kerberos|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Creation of Managed Card backed by Kerberos - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Ability to create a managed information card (.crd) file which references an associated Kerberos ticket as per ISIP § 4.1.1.2 and ISIP Guide § 5.3 | Create a managed card backed by a Kerberos ticket and save to .crd file format | Creation available and successful | Creation fails or is not available |
Tests
Implementation priority: medium
Feature-Creation of Managed Card backed by Username and Password
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Creation of Managed Card backed by Username and Password|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Creation of Managed Card backed by Username and Password - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Ability to create a managed card (.crd) file which references a username and user-chosen password as per ISIP § 4.1.1.2 and ISIP Guide § 5.2 | Create a managed card and set a password for the card and save to .crd file format | Creation available and successful | Creation fails or is not available |
Tests
I4:FeatureTest-IdP Support for Managed Cards backed by Username and Password
Feature-Use of a Managed Card backed by a Self-Issued Information Card
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of a Managed Card backed by a Self-Issued Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Use of a Managed Card backed by a Self-Issued Information Card - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Ability to pass claims to a Relying Party via a Selector which has in its card store the self-information card associated to the managed card at creation time as per as per ISIP § 5.4 and ISIP Guide § 5.5 | Use a managed card from a Selector which contains the self-issued information card chosen to back the managed card at card creation | Successful transaction (claims transferred) | Error or Exception |
Tests
I4:FeatureTest-IdP Support for Managed Cards backed by Self-Issued Card
Feature-Use of a Managed Card backed by an X.509 certificate
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of a Managed Card backed by an X.509 certificate|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Use of a Managed Card backed by an X.509 certificate - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Ability to pass claims to a Relying Party via a Selector which verifies the X.509 certificate associated to the managed card at creation time as per ISIP § 5.3 and ISIP Guide § 5.4 | Use a managed card from a Selector which verifies the X.509 certificate chosen to back the managed card at card creation | Successful transaction (claims transferred) | Error or Exception |
Tests
Implementation priority: medium
Feature-Use of a Managed Card backed by Kerberos
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of a Managed Card backed by Kerberos|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Use of a Managed Card backed by Kerberos - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Ability to pass claims to a Relying Party via a Selector which verifies the Kerberos ticket associated to the managed card at creation time as per ISIP § 5.2 and ISIP Guide § 5.3 | Use a managed card from a Selector which verifies Kerberos ticket data chosen to back the managed card at card creation | Successful transaction (claims transferred) | Error or Exception |
Tests
Implementation priority: low
Feature-Use of a Managed Card backed by Username and Password
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of a Managed Card backed by Username and Password|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Use of a Managed Card backed by Username and Password - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Ability to pass claims to a Relying Party via a Selector which verifies the username and password associated with the card at creation time as per ISIP § 5.1 and ISIP Guide § 5.2 | Use a managed card from a Selector which verifies the password chosen to back the managed card at card creation | Successful transaction (claims transferred) | Error or Exception |
Tests
I4:FeatureTest-IdP Support for Managed Cards backed by Username and Password
Feature-Relying Party AppliesTo information always used in token returned from use of Auditing Managed Cards
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Relying Party AppliesTo information always used in token returned from use of Auditing Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Relying Party AppliesTo information always used in token returned from use of Auditing Managed Cards - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| In cases where managed cards are created with RequireAppliesTo elements constituting a mandatory requirement for the RP to supply AppliesTo information, returned tokens must utilize the supplied token scope information in the construction of the resulting token as per ISIP § 4.1.1.5, 4.3.3 | Use managed card at an RP which supplies AppliesTo information, then examine returned token | Token and if requested, privatepersonalidentifier are constructed using supplied AppliesTo value | Token constructed as if AppliesTo was not present |
Tests
Implementation priority: high
Feature-AppliesTo information used, if supplied, in token returned from use of Auditing-Optional Managed Cards
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:AppliesTo information used, if supplied, in token returned from use of Auditing-Optional Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider AppliesTo information used, if supplied, in token returned from use of Auditing-Optional Managed Cards - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| In cases where managed cards are created with RequireAppliesTo elements constituting an optional requirement for the RP to supply token scope information, returned tokens must utilize any supplied token scope information in the construction of the resulting token as per ISIP § 4.1.1.5, 4.3.3 | (1)Use managed card at an RP which supplies AppliesTo information, then examine returned token. (2) Use same managed card at an RP which does not supply AppliesTo information, then examine returned token | Token and if requested, privatepersonalidentifier are constructed using supplied AppliesTo or ClientPseudonym value | Supplied values not used as per ISIP |
Tests
Implementation priority: medium
Feature-Use of ClientPseudonym information in token returned from use of Non-Auditing Managed Cards
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of ClientPseudonym information in token returned from use of Non-Auditing Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Use of ClientPseudonym information in token returned from use of Non-Auditing Managed Cards - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| In cases where managed cards are created without any RequireAppliesTo element constituting a requirement for Identity Selector to supply a ClientPseudonym value, returned tokens must utilize the supplied ClientPseudonym Information in the construction of the resulting token as per ISIP § 4.1.1.5, 4.3.3 | Use managed card at an RP that does not supply AppliesTo information, then examine returned token. | Token and if requested, privatepersonalidentifier are constructed using supplied ClientPseudonym value | Token constructed as if ClientPseudonym was not present, or Token constructed with AppliesTo data |
Tests
Implementation priority: medium
Feature-Identity Provider uses Transport Binding to secure SOAP message
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider uses Transport Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider uses Transport Binding to secure SOAP message - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Support for IdP use of transport security to secure the transaction on the channel as per ISIP Guide § 5.1.1.1 and WS-SecurityPolicy 1.2 § 8.3 | Use a managed card whose provider is known to use transport binding against an RP that is also known to correctly handle transport binding. | Successful transaction | Error or exception |
Tests
Implementation priority: low
Feature-Identity Provider uses Symmetric Binding to secure SOAP message
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider uses Symmetric Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider uses Symmetric Binding to secure SOAP message - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Support for IdP use of message security, specifically a symmetric binding to secure the transaction on the channel as per ISIP Guide § 5.1.1.2 and WS-SecurityPolicy 1.2 § 8.4 | Use a managed card whose provider is known to use symmetric binding against an RP that is also known to correctly handle symmetric binding. | Successful transaction | Error or exception |
Tests
Implementation priority: low
Feature-Identity Provider uses Asymmetric Binding to secure SOAP message
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider uses Asymmetric Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider uses Asymmetric Binding to secure SOAP message - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Support for IdP use of message security, specifically an asymmetric binding to secure the transaction on the channel as per WS-SecurityPolicy 1.2 § 8.5. (Do not test in this Interop if not implemented by any Selector.) | Use a managed card whose provider is known to use asymmetric binding against an RP that is also known to correctly handle asymmetric binding. | Successful transaction | Error or exception |
Tests
Implementation priority: low
Feature-Identity Provider support for SOAP 1.1
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider support for SOAP 1.1|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider support for SOAP 1.1 - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Support for IdP & RP Components which use SOAP 1.1 | Access components that are known to exclusively use SOAP 1.1 | Transaction Succeeds | Error or Exception |
Tests
Implementation priority: low
Feature-Identity Provider support for SOAP 1.2
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider support for SOAP 1.2|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider support for SOAP 1.2 - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Support for IdP & RP Components which use SOAP 1.2 | Access components that are known to exclusively use SOAP 1.2 | Transaction Succeeds | Error or Exception |
Tests
Implementation priority: low
Feature-Identity Provider support for WS-Trust 1.2, WS-SecurityPolicy 1.1
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider support for WS-Trust 1.2, WS-SecurityPolicy 1.1|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider support for WS-Trust 1.2, WS-SecurityPolicy 1.1 - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Support for IdP and RP Components which use WS-Trust 1.2 and WS-SecurityPolicy 1.1 as per ISIP and the ISIP Guide | Access components that are known to exclusively use ISIP versions of WS-Trust & WS-SecurityPolicy | Transaction Succeeds | Error or Exception |
Tests
Implementation priority: low
Feature-Identity Provider support for WS-Trust 1.3, WS-SecurityPolicy 1.2
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider support for WS-Trust 1.3, WS-SecurityPolicy 1.2|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider support for WS-Trust 1.3, WS-SecurityPolicy 1.2 - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Support for IdP and RP Components which use WS-Trust 1.3 and WS-SecurityPolicy 1.2 (the OASIS standard versions) as per ISIP V1.5 § 10 | Access components that are known to exclusively use OASIS versions of WS-Trust & WS-SecurityPolicy | Transaction Succeeds | Error or Exception |
Tests
Implementation priority: medium
Feature-Support for multi-valued claims in Managed Cards
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for multi-valued claims in Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Support for multi-valued claims in Managed Cards - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Ability to pass multiple claim values for a given requested claim type | Access a Relying Party which requests a claim type the IdP can satisfy with multiple values | All values passed | One or no values passed, error or exception |
Tests
Implementation priority: medium
Feature-Support for claims with attached attributes
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for claims with attached attributes|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Support for claims with attached attributes - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Enable the creation of tokens containing Claims with attached attributes, such as VerifiedBy. (Remove from this Interop if syntax not defined soon.) | -- | Identity provider enables claims with attached attributes to be sent. The display token contains information about the attributes. | Claims with attached attributes can not be sent. The display token is silent about the attributes. |
Tests
Implementation priority: low
Feature-Capable of issuing SAML 1.0 tokens
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Capable of issuing SAML 1.0 tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Capable of issuing SAML 1.0 tokens - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Requested with urn:oasis:names:tc:SAML:1.0:assertion. Note that SAML 1.0 and SAML 1.1 tokens have the same syntax. | Access an RP which requests a SAML 1.0 Token | Token returned | Token not returned |
Tests
Implementation priority: medium
Feature-Capable of issuing SAML 1.1 tokens
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Capable of issuing SAML 1.1 tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Capable of issuing SAML 1.1 tokens - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Returns a SAML 1.1 token when the RP supplies a token type of http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1. Note that SAML 1.0 and SAML 1.1 tokens have the same syntax. | Access an RP which requests a SAML 1.1 Token | Token returned | Token not returned |
Tests
Implementation priority: low
Feature-Capable of issuing SAML 2.0 tokens
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Capable of issuing SAML 2.0 tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Capable of issuing SAML 2.0 tokens - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Returns a SAML 2.0 token when RP supplies a token type of urn:oasis:names:tc:SAML:2.0:assertion. | Access an RP which requests a SAML 2.0 Token | SAML 2.0 Token Returned | Token not returned, non-SAML 2.0 token returned, error, exception |
Tests
Implementation priority: low
Feature-Populate Display Token values for requested claims when requested by Identity Selector
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Populate Display Token values for requested claims when requested by Identity Selector|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Populate Display Token values for requested claims when requested by Identity Selector - Maturity: Established {{#if: I3 | (I3 ) }} | |||
|---|---|---|---|
| Use Display Token data formats specified in ISIP §4.3.6 | View claim values from a managed card in an Identity Selector | Display token values human-readable and represent actual claim values in token | Display token values not present or don’t accurately represent claims in token |
Tests
I4:FeatureTest-IdP Population of Display Token Values
Feature-Issued Token contains valid AudienceRestrictionCondition restriction for SAML bearer tokens
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Issued Token contains valid AudienceRestrictionCondition restriction for SAML bearer tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Issued Token contains valid AudienceRestrictionCondition restriction for SAML bearer tokens - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Include an AudienceRestrictionCondition for SAML bearer tokens as per ISIP § 4.3.5.3 and 8.2 | Parse bearer token at RP site and verify that the AudienceRestrictionCondition matches the target site URL submitted in the token request | AudienceRestrictionCondition present and matches | No AudienceRestrictionCondition or doesn’t match |
Tests
Implementation priority: medium
Feature-Ability to refuse to serve Relying Parties using HTTP
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Ability to refuse to serve Relying Parties using HTTP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Ability to refuse to serve Relying Parties using HTTP - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Ability to refuse to serve no-SSL Relying Parties | Access a no-SSL Relying Party | Actionable Message | Successful transaction or no actionable message |
Tests
Implementation priority: medium
Feature-Issued Token contains only the claims requested by Relying Party
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Issued Token contains only the claims requested by Relying Party|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Issued Token contains only the claims requested by Relying Party - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Verify that only the claims requested by the Identity Selector are contained in the issued token | Compare claims in token with claims requested by relying party, verifying that no extra claims are supplied | Exactly those claims requested are supplied | Claims not requested are supplied |
Tests
Implementation priority: medium
Feature-Identity Provider Recognizes Equivalence of the Multiple URIs for SAML 1.0 and 1.1 Tokens
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider Recognizes Equivalence of the Multiple URIs for SAML 1.0 and 1.1 Tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider Recognizes Equivalence of the Multiple URIs for SAML 1.0 and 1.1 Tokens - Maturity: Emerging {{#if: I4 | (I4 ) }} | |||
|---|---|---|---|
| Support both the token types urn:oasis:names:tc:SAML:1.0:assertion and http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 | Use card twice – once with an RP requesting the first token-type, once with an RP requesting the 2nd token type | Two successful transactions, each returning the requested token type | One or both of the two equivalent URIs not supported |
Tests
I4:FeatureTest-IdP Supports both Equivalent URIs for Cards using SAML 1.0 and 1.1 Tokens
Feature-Returns token type requested by Relying Party
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Returns token type requested by Relying Party|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Returns token type requested by Relying Party - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Whatever token type format is requested by the RP should be returned by the IdP | Use card twice – once with an RP requesting the first token-type, once with an RP requesting the 2nd token type | Two successful transactions with two different returned token types | Failure or two identical token types |
Tests
Implementation priority: medium
Feature-Verify that all required claims are available at Identity Provider
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify that all required claims are available at Identity Provider|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Verify that all required claims are available at Identity Provider - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Check that all of the required claims asked for by the RP are in fact available | Use a card at an RP which asks for values the IdP doesn’t have | Actionable error message. Token may also be issued with available claims | Silent failure |
Tests
Implementation priority: low
Feature-Identity Provider returns MissingAppliesTo SOAP Fault
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns MissingAppliesTo SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider returns MissingAppliesTo SOAP Fault - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| When an IdP expects token scope information and the RP does not supply it, a SOAP Fault should be returned as per ISIP § 6.2 | Access an RP which incorrectly does not return token scope information | SOAP Fault returned | Transaction completed, other error |
Tests
Implementation priority: low
Feature-Identity Provider returns InvalidProofKey SOAP Fault
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns InvalidProofKey SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider returns InvalidProofKey SOAP Fault - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| When an IdP cannot use the proof key specified in the request, a SOAP Fault should be returned as per ISIP § 6.2 | Access an RP that returns an invalid Proof Key | SOAP Fault returned | Transaction completed, other error |
Tests
Implementation priority: medium
Feature-Identity Provider returns UnknownInformationCardReference SOAP Fault
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns UnknownInformationCardReference SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider returns UnknownInformationCardReference SOAP Fault - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| When the card reference used in an Identity Provider transaction is unrecognized or otherwise deemed incorrect by the Identity Provider, a SOAP Fault is returned as per ISIP § 6.2 | Use a card at an RP that contains an unrecognized Card Reference | SOAP Fault returned | Transaction completed, other error |
Tests
Implementation priority: medium
Feature-Identity Provider returns FailedRequiredClaims SOAP Fault
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns FailedRequiredClaims SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider returns FailedRequiredClaims SOAP Fault - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| When an IdP is unable to publish claim values for all required claims, it shuold return the SOAP Fault FailedRequiredClaims as per ISIP § 6.2 | Use a managed card at an RP which asks for claims that the IdP cannot satisfy | SOAP Fault | Removal of claim type from returned token. Return of empty claims |
Tests
Implementation priority: medium
Feature-Identity Provider returns InformationCardRefreshRequired SOAP Fault
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns InformationCardRefreshRequired SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider returns InformationCardRefreshRequired SOAP Fault - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| When a user selects a card with an old card version, the Identity Provider should return a SOAP Fault | User a card which requires a refresh | SOAP Fault returned | No Fault, other error, or successful transaction |
Tests
Implementation priority: high
Feature-Export of Managed Information Card in .crd Format
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Export of Managed Information Card in .crd Format|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Export of Managed Information Card in .crd Format - Maturity: Established {{#if: I1 | (I1 ) }} | |||
|---|---|---|---|
| Need to be able to get the Information Card into the Selector | Attempt to export a managed card from the Identity Provider | Card can be exported & used | Card cannot be exported or cannot be used after import |
Tests
I4:FeatureTest-IdP Creation of .crd Files
Feature-Identity Provider has a domain name and does not require a cert to be installed
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider has a domain name and does not require a cert to be installed|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider has a domain name and does not require a cert to be installed - Maturity: Emerging {{#if: | ( ) }} | |||
|---|---|---|---|
| Interop best practice: No custom cert needs to be installed | Attempt to use Identity Provider at a site known to validate certificates | No certificate error | Revoked, expired certs, or cert that doesn’t come from a trusted root certificate |
Tests
Implementation priority: low
Feature-Identity Provider login via Information Card
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider login via Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider login via Information Card - Maturity: Established {{#if: I2 | (I2 ) }} | |||
|---|---|---|---|
| Interop best practice: Accounts should be accessible via Information Cards, possibly in addition to usernames and passwords | Log into account a the Identity Provider using an Information Card | Successful authentication | No ability to use an information card to authenticate |
Tests
Implementation priority: medium
Feature-Identity Provider account creation via Information Card
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider account creation via Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]] edit |
| Information Card Identity Provider Identity Provider account creation via Information Card - Maturity: Established {{#if: I2 | (I2 ) }} | |||
|---|---|---|---|
| Interop best practice: If account creation is supported, the information needed for the account should be able to be supplied using an Information Card | Use Information Card for account creation at the Identity Provider | Successful account creation | No ability to create an account with an information card |
Tests
Implementation priority: low
