Difference between revisions of "I4:Information Card Identity Provider Features"

From OSIS Open Source Identity Systems
Jump to: navigation, search
(Added missing testlist parameters)
Line 69: Line 69:
 
   |maturity_status    = Established
 
   |maturity_status    = Established
 
   |maturity_date      = I1
 
   |maturity_date      = I1
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 82: Line 83:
 
   |maturity_status    = Emerging
 
   |maturity_status    = Emerging
 
   |maturity_date      =
 
   |maturity_date      =
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 95: Line 97:
 
   |maturity_status    = Emerging
 
   |maturity_status    = Emerging
 
   |maturity_date      =  
 
   |maturity_date      =  
 +
  |testlist            = Implementation priority: low
 
}}
 
}}
  
Line 108: Line 111:
 
   |maturity_status    = Established
 
   |maturity_status    = Established
 
   |maturity_date      = I1  
 
   |maturity_date      = I1  
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 149: Line 153:
 
   |maturity_status    = Emerging
 
   |maturity_status    = Emerging
 
   |maturity_date      =
 
   |maturity_date      =
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 288: Line 293:
 
   |maturity_status    = Established
 
   |maturity_status    = Established
 
   |maturity_date      = I1
 
   |maturity_date      = I1
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 330: Line 336:
 
   |maturity_status    = Established
 
   |maturity_status    = Established
 
   |maturity_date      = I3
 
   |maturity_date      = I3
  |testlist            = Implementation priority: low
 
 
}}
 
}}
  
Line 344: Line 349:
 
   |maturity_status    = Emerging
 
   |maturity_status    = Emerging
 
   |maturity_date      =
 
   |maturity_date      =
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 371: Line 377:
 
   |maturity_status    = Emerging
 
   |maturity_status    = Emerging
 
   |maturity_date      =
 
   |maturity_date      =
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 440: Line 447:
 
   |maturity_status    = Emerging
 
   |maturity_status    = Emerging
 
   |maturity_date      =  
 
   |maturity_date      =  
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 509: Line 517:
 
   |maturity_status    = Emerging
 
   |maturity_status    = Emerging
 
   |maturity_date      =
 
   |maturity_date      =
 +
  |testlist            = Implementation priority: low
 
}}
 
}}
  
Line 522: Line 531:
 
   |maturity_status    = Established
 
   |maturity_status    = Established
 
   |maturity_date      = I2
 
   |maturity_date      = I2
 +
  |testlist            = Implementation priority: medium
 
}}
 
}}
  
Line 535: Line 545:
 
   |maturity_status    = Established
 
   |maturity_status    = Established
 
   |maturity_date      = I2
 
   |maturity_date      = I2
 +
  |testlist            = Implementation priority: low
 
}}
 
}}

Revision as of 17:44, 23 August 2008

{{#vardefine:DtArticleSortKey|}}


Feature-Creation of Managed Card backed by a Self-Issued Information Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Creation of Managed Card backed by a Self-Issued Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Creation of Managed Card backed by a Self-Issued Information Card - Maturity: Established {{#if: I1 | (I1 ) }}
Ability to create a managed information card (.crd) file which references an associated self-issued information card as per ISIP § 4.1.1.2 and ISIP Guide § 5.5 Create a managed card, select a self-issued card to associate, and save to .crd file format Creation available and successful Creation fails or is not available

Tests

I4:FeatureTest-IdP Authenticates Card-backed Managed Cards


Feature-Creation of Managed Card backed by X.509 certificate

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Creation of Managed Card backed by X.509 certificate|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Creation of Managed Card backed by X.509 certificate - Maturity: Emerging {{#if: | ( ) }}
Ability to create a managed information card (.crd) file which references an associated X.509 certificate as per ISIP § 4.1.1.2 and ISIP Guide § 5.4 Create a managed card backed by an X.509 certificate and save to .crd file format Creation available and successful Creation fails or is not available

Tests

Implementation priority: medium


Feature-Creation of Managed Card backed by Kerberos

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Creation of Managed Card backed by Kerberos|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Creation of Managed Card backed by Kerberos - Maturity: Emerging {{#if: | ( ) }}
Ability to create a managed information card (.crd) file which references an associated Kerberos ticket as per ISIP § 4.1.1.2 and ISIP Guide § 5.3 Create a managed card backed by a Kerberos ticket and save to .crd file format Creation available and successful Creation fails or is not available

Tests

Implementation priority: medium


Feature-Creation of Managed Card backed by Username and Password

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Creation of Managed Card backed by Username and Password|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Creation of Managed Card backed by Username and Password - Maturity: Established {{#if: I1 | (I1 ) }}
Ability to create a managed card (.crd) file which references a username and user-chosen password as per ISIP § 4.1.1.2 and ISIP Guide § 5.2 Create a managed card and set a password for the card and save to .crd file format Creation available and successful Creation fails or is not available

Tests

I4:FeatureTest-IdP Authenticates UNPW-backed Managed Cards


Feature-Use of a Managed Card backed by a Self-Issued Information Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of a Managed Card backed by a Self-Issued Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Use of a Managed Card backed by a Self-Issued Information Card - Maturity: Established {{#if: I1 | (I1 ) }}
Ability to pass claims to a Relying Party via a Selector which has in its card store the self-information card associated to the managed card at creation time as per as per ISIP § 5.4 and ISIP Guide § 5.5 Use a managed card from a Selector which contains the self-issued information card chosen to back the managed card at card creation Successful transaction (claims transferred) Error or Exception

Tests

Implementation priority: medium


Feature-Use of a Managed Card backed by an X.509 certificate

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of a Managed Card backed by an X.509 certificate|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Use of a Managed Card backed by an X.509 certificate - Maturity: Emerging {{#if: | ( ) }}
Ability to pass claims to a Relying Party via a Selector which verifies the X.509 certificate associated to the managed card at creation time as per ISIP § 5.3 and ISIP Guide § 5.4 Use a managed card from a Selector which verifies the X.509 certificate chosen to back the managed card at card creation Successful transaction (claims transferred) Error or Exception

Tests

Implementation priority: medium


Feature-Use of a Managed Card backed by Kerberos

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of a Managed Card backed by Kerberos|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Use of a Managed Card backed by Kerberos - Maturity: Emerging {{#if: | ( ) }}
Ability to pass claims to a Relying Party via a Selector which verifies the Kerberos ticket associated to the managed card at creation time as per ISIP § 5.2 and ISIP Guide § 5.3 Use a managed card from a Selector which verifies Kerberos ticket data chosen to back the managed card at card creation Successful transaction (claims transferred) Error or Exception

Tests

Implementation priority: low


Feature-Use of a Managed Card backed by Username and Password

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of a Managed Card backed by Username and Password|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Use of a Managed Card backed by Username and Password - Maturity: Established {{#if: I1 | (I1 ) }}
Ability to pass claims to a Relying Party via a Selector which verifies the username and password associated with the card at creation time as per ISIP § 5.1 and ISIP Guide § 5.2 Use a managed card from a Selector which verifies the password chosen to back the managed card at card creation Successful transaction (claims transferred) Error or Exception

Tests

Implementation priority: medium


Feature-Relying Party AppliesTo information always used in token returned from use of Auditing Managed Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Relying Party AppliesTo information always used in token returned from use of Auditing Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Relying Party AppliesTo information always used in token returned from use of Auditing Managed Cards - Maturity: Emerging {{#if: | ( ) }}
In cases where managed cards are created with RequireAppliesTo elements constituting a mandatory requirement for the RP to supply AppliesTo information, returned tokens must utilize the supplied token scope information in the construction of the resulting token as per ISIP § 4.1.1.5, 4.3.3 Use managed card at an RP which supplies AppliesTo information, then examine returned token Token and if requested, privatepersonalidentifier are constructed using supplied AppliesTo value Token constructed as if AppliesTo was not present

Tests

Implementation priority: high


Feature-AppliesTo information used, if supplied, in token returned from use of Auditing-Optional Managed Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:AppliesTo information used, if supplied, in token returned from use of Auditing-Optional Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider AppliesTo information used, if supplied, in token returned from use of Auditing-Optional Managed Cards - Maturity: Emerging {{#if: | ( ) }}
In cases where managed cards are created with RequireAppliesTo elements constituting an optional requirement for the RP to supply token scope information, returned tokens must utilize any supplied token scope information in the construction of the resulting token as per ISIP § 4.1.1.5, 4.3.3 (1)Use managed card at an RP which supplies AppliesTo information, then examine returned token. (2) Use same managed card at an RP which does not supply AppliesTo information, then examine returned token Token and if requested, privatepersonalidentifier are constructed using supplied AppliesTo or ClientPseudonym value Supplied values not used as per ISIP

Tests

Implementation priority: medium


Feature-Use of ClientPseudonym information in token returned from use of Non-Auditing Managed Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Use of ClientPseudonym information in token returned from use of Non-Auditing Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Use of ClientPseudonym information in token returned from use of Non-Auditing Managed Cards - Maturity: Emerging {{#if: | ( ) }}
In cases where managed cards are created without any RequireAppliesTo element constituting a requirement for Identity Selector to supply a ClientPseudonym value, returned tokens must utilize the supplied ClientPseudonym Information in the construction of the resulting token as per ISIP § 4.1.1.5, 4.3.3 Use managed card at an RP that does not supply AppliesTo information, then examine returned token. Token and if requested, privatepersonalidentifier are constructed using supplied ClientPseudonym value Token constructed as if ClientPseudonym was not present, or Token constructed with AppliesTo data

Tests

Implementation priority: medium


Feature-Identity Provider uses Transport Binding to secure SOAP message

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider uses Transport Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider uses Transport Binding to secure SOAP message - Maturity: Established {{#if: I1 | (I1 ) }}
Support for IdP use of transport security to secure the transaction on the channel as per ISIP Guide § 5.1.1.1 and WS-SecurityPolicy 1.2 § 8.3 Use a managed card whose provider is known to use transport binding against an RP that is also known to correctly handle transport binding. Successful transaction Error or exception

Tests

Implementation priority: low


Feature-Identity Provider uses Symmetric Binding to secure SOAP message

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider uses Symmetric Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider uses Symmetric Binding to secure SOAP message - Maturity: Emerging {{#if: | ( ) }}
Support for IdP use of message security, specifically a symmetric binding to secure the transaction on the channel as per ISIP Guide § 5.1.1.2 and WS-SecurityPolicy 1.2 § 8.4 Use a managed card whose provider is known to use symmetric binding against an RP that is also known to correctly handle symmetric binding. Successful transaction Error or exception

Tests

Implementation priority: low


Feature-Identity Provider uses Asymmetric Binding to secure SOAP message

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider uses Asymmetric Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider uses Asymmetric Binding to secure SOAP message - Maturity: Emerging {{#if: | ( ) }}
Support for IdP use of message security, specifically an asymmetric binding to secure the transaction on the channel as per WS-SecurityPolicy 1.2 § 8.5. (Do not test in this Interop if not implemented by any Selector.) Use a managed card whose provider is known to use asymmetric binding against an RP that is also known to correctly handle asymmetric binding. Successful transaction Error or exception

Tests

Implementation priority: low


Feature-Identity Provider support for SOAP 1.1

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider support for SOAP 1.1|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider support for SOAP 1.1 - Maturity: Established {{#if: I1 | (I1 ) }}
Support for IdP & RP Components which use SOAP 1.1 Access components that are known to exclusively use SOAP 1.1 Transaction Succeeds Error or Exception

Tests

Implementation priority: low


Feature-Identity Provider support for SOAP 1.2

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider support for SOAP 1.2|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider support for SOAP 1.2 - Maturity: Emerging {{#if: | ( ) }}
Support for IdP & RP Components which use SOAP 1.2 Access components that are known to exclusively use SOAP 1.2 Transaction Succeeds Error or Exception

Tests

Implementation priority: low


Feature-Identity Provider support for WS-Trust 1.2, WS-SecurityPolicy 1.1

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider support for WS-Trust 1.2, WS-SecurityPolicy 1.1|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider support for WS-Trust 1.2, WS-SecurityPolicy 1.1 - Maturity: Established {{#if: I1 | (I1 ) }}
Support for IdP and RP Components which use WS-Trust 1.2 and WS-SecurityPolicy 1.1 as per ISIP and the ISIP Guide Access components that are known to exclusively use ISIP versions of WS-Trust & WS-SecurityPolicy Transaction Succeeds Error or Exception

Tests

Implementation priority: low


Feature-Identity Provider support for WS-Trust 1.3, WS-SecurityPolicy 1.2

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider support for WS-Trust 1.3, WS-SecurityPolicy 1.2|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider support for WS-Trust 1.3, WS-SecurityPolicy 1.2 - Maturity: Emerging {{#if: | ( ) }}
Support for IdP and RP Components which use WS-Trust 1.3 and WS-SecurityPolicy 1.2 (the OASIS standard versions) as per http://blogs.msdn.com/card/archive/2007/11/22/cardspace-support-for-oasis-ws-sx-standards.aspx Access components that are known to exclusively use OASIS versions of WS-Trust & WS-SecurityPolicy Transaction Succeeds Error or Exception

Tests

Implementation priority: medium


Feature-Support for multi-valued claims in Managed Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for multi-valued claims in Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Support for multi-valued claims in Managed Cards - Maturity: Emerging {{#if: | ( ) }}
Ability to pass multiple claim values for a given requested claim type Access a Relying Party which requests a claim type the IdP can satisfy with multiple values All values passed One or no values passed, error or exception

Tests

Implementation priority: medium


Feature-Support for claims with attached attributes

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for claims with attached attributes|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Support for claims with attached attributes - Maturity: Emerging {{#if: | ( ) }}
Enable the creation of tokens containing Claims with attached attributes, such as VerifiedBy. (Remove from this Interop if syntax not defined soon.) -- Identity provider enables claims with attached attributes to be sent. The display token contains information about the attributes. Claims with attached attributes can not be sent. The display token is silent about the attributes.

Tests

Implementation priority: low


Feature-Capable of issuing SAML 1.0 tokens

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Capable of issuing SAML 1.0 tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Capable of issuing SAML 1.0 tokens - Maturity: Established {{#if: I1 | (I1 ) }}
Requested with urn:oasis:names:tc:SAML:1.0:assertion. Note that SAML 1.0 and SAML 1.1 tokens have the same syntax. Access an RP which requests a SAML 1.0 Token Token returned Token not returned

Tests

Implementation priority: medium


Feature-Capable of issuing SAML 1.1 tokens

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Capable of issuing SAML 1.1 tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Capable of issuing SAML 1.1 tokens - Maturity: Established {{#if: I1 | (I1 ) }}
Returns a SAML 1.1 token when the RP supplies a token type of http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1. Note that SAML 1.0 and SAML 1.1 tokens have the same syntax. Access an RP which requests a SAML 1.1 Token Token returned Token not returned

Tests

Implementation priority: low


Feature-Capable of issuing SAML 2.0 tokens

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Capable of issuing SAML 2.0 tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Capable of issuing SAML 2.0 tokens - Maturity: Emerging {{#if: | ( ) }}
Returns a SAML 2.0 token when RP supplies a token type of urn:oasis:names:tc:SAML:2.0:assertion. Access an RP which requests a SAML 2.0 Token SAML 2.0 Token Returned Token not returned, non-SAML 2.0 token returned, error, exception

Tests

Implementation priority: low


Feature-Populate Display Token values for requested claims when requested by Identity Selector

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Populate Display Token values for requested claims when requested by Identity Selector|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Populate Display Token values for requested claims when requested by Identity Selector - Maturity: Established {{#if: I3 | (I3 ) }}
Use Display Token data formats specified in ISIP §4.3.6 View claim values from a managed card in an Identity Selector Display token values human-readable and represent actual claim values in token Display token values not present or don’t accurately represent claims in token

Tests

I4:FeatureTest-IdP Population of Display Token Values


Feature-Issued Token contains valid AudienceRestrictionCondition restriction for SAML bearer tokens

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Issued Token contains valid AudienceRestrictionCondition restriction for SAML bearer tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Issued Token contains valid AudienceRestrictionCondition restriction for SAML bearer tokens - Maturity: Emerging {{#if: | ( ) }}
Include an AudienceRestrictionCondition for SAML bearer tokens as per ISIP § 4.3.5.3 and 8.2 Parse bearer token at RP site and verify that the AudienceRestrictionCondition matches the target site URL submitted in the token request AudienceRestrictionCondition present and matches No AudienceRestrictionCondition or doesn’t match

Tests

Implementation priority: medium


Feature-Ability to refuse to serve Relying Parties using HTTP

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Ability to refuse to serve Relying Parties using HTTP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Ability to refuse to serve Relying Parties using HTTP - Maturity: Emerging {{#if: | ( ) }}
Ability to refuse to serve no-SSL Relying Parties Access a no-SSL Relying Party Actionable Message Successful transaction or no actionable message

Tests

Implementation priority: medium


Feature-Issued Token contains only the claims requested by Relying Party

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Issued Token contains only the claims requested by Relying Party|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Issued Token contains only the claims requested by Relying Party - Maturity: Emerging {{#if: | ( ) }}
Verify that only the claims requested by the Identity Selector are contained in the issued token Compare claims in token with claims requested by relying party, verifying that no extra claims are supplied Exactly those claims requested are supplied Claims not requested are supplied

Tests

Implementation priority: medium


Feature-Identity Provider recognizes equivalence of the multiple URIs for SAML 1.0 and 1.1 tokens

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider recognizes equivalence of the multiple URIs for SAML 1.0 and 1.1 tokens|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider recognizes equivalence of the multiple URIs for SAML 1.0 and 1.1 tokens - Maturity: Emerging {{#if: | ( ) }}
urn:oasis:names:tc:SAML:1.0:assertion and http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 Use card twice – once with an RP requesting the first token-type, once with an RP requesting the 2nd token type Two successful transactions, each returning the requested token type Failure

Tests

Implementation priority: medium


Feature-Returns token type requested by Relying Party

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Returns token type requested by Relying Party|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Returns token type requested by Relying Party - Maturity: Emerging {{#if: | ( ) }}
Whatever token type format is requested by the RP should be returned by the IdP Use card twice – once with an RP requesting the first token-type, once with an RP requesting the 2nd token type Two successful transactions with two different returned token types Failure or two identical token types

Tests

Implementation priority: medium


Feature-Verify that all required claims are available at Identity Provider

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify that all required claims are available at Identity Provider|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Verify that all required claims are available at Identity Provider - Maturity: Emerging {{#if: | ( ) }}
Check that all of the required claims asked for by the RP are in fact available Use a card at an RP which asks for values the IdP doesn’t have Actionable error message. Token may also be issued with available claims Silent failure

Tests

Implementation priority: low


Feature-Identity Provider returns MissingAppliesTo SOAP Fault

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns MissingAppliesTo SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider returns MissingAppliesTo SOAP Fault - Maturity: Emerging {{#if: | ( ) }}
When an IdP expects token scope information and the RP does not supply it, a SOAP Fault should be returned as per ISIP § 6.2 Access an RP which incorrectly does not return token scope information SOAP Fault returned Transaction completed, other error

Tests

Implementation priority: low


Feature-Identity Provider returns InvalidProofKey SOAP Fault

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns InvalidProofKey SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider returns InvalidProofKey SOAP Fault - Maturity: Emerging {{#if: | ( ) }}
When an IdP cannot use the proof key specified in the request, a SOAP Fault should be returned as per ISIP § 6.2 Access an RP that returns an invalid Proof Key SOAP Fault returned Transaction completed, other error

Tests

Implementation priority: medium


Feature-Identity Provider returns UnknownInformationCardReference SOAP Fault

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns UnknownInformationCardReference SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider returns UnknownInformationCardReference SOAP Fault - Maturity: Emerging {{#if: | ( ) }}
When the card reference used in an Identity Provider transaction is unrecognized or otherwise deemed incorrect by the Identity Provider, a SOAP Fault is returned as per ISIP § 6.2 Use a card at an RP that contains an unrecognized Card Reference SOAP Fault returned Transaction completed, other error

Tests

Implementation priority: medium


Feature-Unable to satisfy claims required by the Relying Party

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Unable to satisfy claims required by the Relying Party|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Unable to satisfy claims required by the Relying Party - Maturity: Emerging {{#if: | ( ) }}
When an IdP is unable to publish claim values for all required claims, it may return the SOAP Fault FailedRequiredClaims as per ISIP § 6.2 Use a managed card at an RP which asks for claims that the IdP cannot satisfy SOAP Fault Removal of claim type from returned token. Return of empty claims

Tests

Implementation priority: medium


Feature-Identity Provider returns InformationCardRefreshRequired SOAP Fault

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider returns InformationCardRefreshRequired SOAP Fault|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider returns InformationCardRefreshRequired SOAP Fault - Maturity: Emerging {{#if: | ( ) }}
When a user selects a card with an old card version, the Identity Provider should return a SOAP Fault User a card which requires a refresh SOAP Fault returned No Fault, other error, or successful transaction

Tests

Implementation priority: high


Feature-Export of Managed Information Card in .crd Format

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Export of Managed Information Card in .crd Format|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Export of Managed Information Card in .crd Format - Maturity: Established {{#if: I1 | (I1 ) }}
Need to be able to get the information card into the selector Attempt to export a managed card from the Identity Provider Card can be exported & used Card cannot be exported or cannot be used after import

Tests

I4:FeatureTest-Provider Export of .crd Files


Feature-Identity Provider has a domain name and does not require a cert to be installed

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider has a domain name and does not require a cert to be installed|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider has a domain name and does not require a cert to be installed - Maturity: Emerging {{#if: | ( ) }}
Interop best practice: No custom cert needs to be installed Attempt to use Identity Provider at a site known to validate certificates No certificate error Revoked, expired certs, or cert that doesn’t come from a trusted root certificate

Tests

Implementation priority: low


Feature-Identity Provider login via Information Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider login via Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider login via Information Card - Maturity: Established {{#if: I2 | (I2 ) }}
Interop best practice: Accounts should be accessible via Information Cards, possibly in addition to usernames and passwords Log into account a the Identity Provider using an Information Card Successful authentication No ability to use an information card to authenticate

Tests

Implementation priority: medium


Feature-Identity Provider account creation via Information Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Provider Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Provider account creation via Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Provider Identity Provider account creation via Information Card - Maturity: Established {{#if: I2 | (I2 ) }}
Interop best practice: If account creation is supported, the information needed for the account should be able to be supplied using an Information Card Use Information Card for account creation at the Identity Provider Successful account creation No ability to create an account with an information card

Tests

Implementation priority: low

Retrieved from "http://osis.idcommons.net/w/index.php?title=I4:Information_Card_Identity_Provider_Features&oldid=18736"