Difference between revisions of "I4:Information Card Identity Selector Features"

From OSIS Open Source Identity Systems
Jump to: navigation, search
(Split FeatureTest Use at Relying Party using HTTP off from Selector Constructs Site-Specific Identifiers for Self-Issued Cards)
Line 527: Line 527:
 
   |acceptable = Requested claims provided
 
   |acceptable = Requested claims provided
 
   |not_acceptable = Selector not triggered
 
   |not_acceptable = Selector not triggered
   |testlist          = [[I4:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards]]
+
   |testlist          = [[I4:Selector Use at Relying Party using HTTP]]
 
   |maturity_status    = Established
 
   |maturity_status    = Established
 
   |maturity_date      = I2
 
   |maturity_date      = I2

Revision as of 00:46, 15 June 2008

{{#vardefine:DtArticleSortKey|}}


Feature-Basic use of Self-Issued Information Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Basic use of Self-Issued Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Basic use of Self-Issued Information Card - Maturity: Established {{#if: I1 | (I1 ) }}
Support for self-issued cards containing claims maintained by the user. Verify correct communication of self-issued claim values Required and selected optional claims delivered Additional claims delivered or some selected claims not delivered

Tests

I4:FeatureTest-Selector Use with Self-Issued Cards


Feature-Basic use of PIN-protected Self-Issued Information Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Basic use of PIN-protected Self-Issued Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Basic use of PIN-protected Self-Issued Information Card - Maturity: Established {{#if: I1 | (I1 ) }}
Support for self-issued cards protected by a user-set PIN number Use a self-issued information card protected by a PIN number Required and selected optional claims delivered Additional claims delivered or some selected claims not delivered

Tests

I4:FeatureTest-Selector PIN-protection of Cards


Feature-Basic use of Managed Card backed by Self-Issued Information Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Basic use of Managed Card backed by Self-Issued Information Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Basic use of Managed Card backed by Self-Issued Information Card - Maturity: Established {{#if: I1 | (I1 ) }}
Support for import and use of a managed card backed by a self-issued card. Create a managed card backed by a self-issued card, import it into the Selector, and use it at a relying party. Works Fails

Tests

I4:FeatureTest-Selector with card-backed Managed Cards


Feature-Basic use of Managed Card backed by X.509 Certificate

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Basic use of Managed Card backed by X.509 Certificate|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Basic use of Managed Card backed by X.509 Certificate - Maturity: Established {{#if: I3 | (I3 ) }}
Support for import and use of a managed card backed by an X.509 certificate Create a managed card backed by an X.509 certificate, import it into the Selector, and use it at a relying party. Works Fails

Tests

I4:FeatureTest-Selector Support for Managed Card backed by X.509 Certificate


Feature-Basic use of Managed Card backed by Kerberos

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Basic use of Managed Card backed by Kerberos|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Basic use of Managed Card backed by Kerberos - Maturity: Emerging {{#if: | ({{{maturity_date}}} ) }}
Support for import and use of a managed card backed by a Kerberos ticket Create a managed card backed by a Kerberos ticket, import it into the Selector, and use it at a relying party. Works or fails with actionable error message Fails

Tests


Feature-Basic use of Managed Card backed by Username and Password

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Basic use of Managed Card backed by Username and Password|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Basic use of Managed Card backed by Username and Password - Maturity: Established {{#if: I1 | (I1 ) }}
Support for import and use of a managed card backed by a username and password Create a managed card backed by a password, import it into the Selector, and use it at a relying party. Possible to specify a password and complete the transaction Error or unable to specify a password

Tests

I4:FeatureTest-Selector with UNPW-backed Managed Cards


Feature-Support for Auditing Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for Auditing Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for Auditing Cards - Maturity: Established {{#if: I1 | (I1 ) }}
Cards with mandatory RequireAppliesTo property, as per ISIP § 4.1.1.5, 4.3.3 Import and use card with mandatory RequireAppliesTo. If AppliesTo supplied by RP, send AppliesTo value from RP policy in token request to IP. If not supplied, send the RP endpoint to which token will be sent as the value of AppliesTo in token request to IP. Other behaviors

Tests

I4:FeatureTest-Selector Support for Auditing Cards


Feature-Support for Auditing-Optional Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for Auditing-Optional Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for Auditing-Optional Cards - Maturity: Established {{#if: I3 | (I3 ) }}
Cards with optional RequireAppliesTo property, as per ISIP § 4.1.1.5, 4.3.3 Import and use card with optional RequireAppliesTo. If AppliesTo supplied by RP, send AppliesTo value from RP policy in token request to IP. If not supplied, do not send AppliesTo in token request to IP. Other behaviors

Tests

I4:FeatureTest-Selector Support for Auditing-Optional Cards


Feature-Support for Non-Auditing Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for Non-Auditing Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for Non-Auditing Cards - Maturity: Established {{#if: I3 | (I3 ) }}
Cards without RequireAppliesTo property, as per ISIP § 4.1.1.5, 4.3.3 Import and use card without RequireAppliesTo If AppliesTo supplied by RP, fail with actionable error message. If not, Do not send AppliesTo in token request to IP. Other behaviors

Tests

I4:FeatureTest-Selector Support for Non-Auditing Cards


Feature-Cards supporting multiple token types

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Cards supporting multiple token types|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Cards supporting multiple token types - Maturity: Emerging {{#if: | ( ) }}
As per ISIP § 4.1.1.3 Import and use card capable of offering multiple token types Token type requested is delivered Card fails to match for some token types. Token of wrong type delivered.

Tests

Implementation priority: medium


Feature-Cards supporting multiple authentication methods

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Cards supporting multiple authentication methods|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Cards supporting multiple authentication methods - Maturity: Emerging {{#if: | ( ) }}
As per ISIP § 4.1.1.2 Import and use card supporting multiple authentication methods Selector uses all endpoints in order until one succeeds Only first endpoint tried

Tests

Implementation priority: low


Feature-Import .crd file containing Managed Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Import .crd file containing Managed Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Import .crd file containing Managed Card - Maturity: Established {{#if: I1 | (I1 ) }}
A single card can be imported from a .crd file Import card from .crd file Successful card import Error or Exception

Tests

I4:FeatureTest-Selector Import of .crd Files


Feature-Export one or more Cards to .crds file

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Export one or more Cards to .crds file|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Export one or more Cards to .crds file - Maturity: Established {{#if: I1 | (I1 ) }}
Cards can be exported to the .crds file format Export cards to .crds file Successful Export Error or Exception

Tests

I4:FeatureTest-Selector Import-Export of .crds Files


Feature-Import Cards from .crds file

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Import Cards from .crds file|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Import Cards from .crds file - Maturity: Established {{#if: I1 | (I1 ) }}
Cards can be imported from the .crds file format. Import a valid .crds file Successful Import Error or Exception

Tests

I4:FeatureTest-Selector Import-Export of .crds Files


Feature-Relying Party specific identifiers constructed for Self-Issued Cards and standard SSL Relying Party certificate

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Relying Party specific identifiers constructed for Self-Issued Cards and standard SSL Relying Party certificate|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Relying Party specific identifiers constructed for Self-Issued Cards and standard SSL Relying Party certificate - Maturity: Established {{#if: I3 | (I3 ) }}
Privatepersonalidentifier, signing key, and if present, friendly identifier must be compatible for sites using a standard SSL Certificate as per ISIP § 8.6, 4.3.4 Use a self-issued card at an RP site using Standard SSL certificates and assess correctness of identifiers created. Identifiers match ISIP specifications Identifiers do not meet ISIP specifications

Tests

I4:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards


Feature-Relying Party specific identifiers constructed for Self-Issued Cards and EV SSL Relying Party certificate

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Relying Party specific identifiers constructed for Self-Issued Cards and EV SSL Relying Party certificate|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Relying Party specific identifiers constructed for Self-Issued Cards and EV SSL Relying Party certificate - Maturity: Emerging {{#if: I4 | (I4 ) }}
privatepersonalidentifier, signing key, and friendly identifier if present must be compatible for EV SSL sites for self-issued cards as per ISIP § 8.6, 4.3.4 Use an information card at a site with an EV certificate and verify the resulting PPID and friendly ID Identifiers match ISIP specifications Identifiers do not meet ISIP specifications

Tests

I4:FeatureTest-Selector PPID Construction for RP using EV SSL


Feature-Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo supplied

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo supplied|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo supplied - Maturity: Established {{#if: I3 | (I3 ) }}
privatepersonalidentifier, signing key, and friendly identifier if present must be compatible for sites providing a wsp:AppliesTo element for self-issued cards as per ISIP § 8.6, 4.3.4 Use an information card at a site known to provide wsp:AppliesTo element and verify the resulting PPID and friendly ID Identifiers match ISIP specifications Identifiers do not meet ISIP specifications

Tests

I4:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards


Feature-Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo not supplied

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo not supplied|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo not supplied - Maturity: Emerging {{#if: | ( ) }}
privatepersonalidentifier, signing key, ClientPseudonym handling, and friendly identifier if present must be compatible for sites not providing an wsp:AppliesTo element as per ISIP § 8.6, 4.3.4 Use an information card at a site known to not provide wsp:AppliesTo element and verify the resulting PPID and friendly ID Identifiers match ISIP specifications Identifiers do not meet ISIP specifications

Tests


Feature-Retrieval and display of Display Token values for Managed Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Retrieval and display of Display Token values for Managed Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Retrieval and display of Display Token values for Managed Cards - Maturity: Established {{#if: I2 | (I2 ) }}
Correctly show the display token values provided with a token by an Identity Provider from the Identity Selector as per ISIP § 4.3.6 Retrieve managed card attributes from within an Identity Selector, and compare results to what is passed to an RP Displays current token correctly. Other behavior

Tests

I4:FeatureTest-Selector Display of Managed Card Display Tokens


Feature-Display Identity Provider Privacy Policy from Managed Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Display Identity Provider Privacy Policy from Managed Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Display Identity Provider Privacy Policy from Managed Card - Maturity: Emerging {{#if: | ( ) }}
Display from the Selector a link to the IdP privacy policy, if present in a managed card as per ISIP § 4.1.1.6 Attempt to view the privacy policy for a managed card with a known embedded value Link is displayed, matches value in card Link not displayed, value doesn’t match

Tests

Implementation priority: high


Feature-Display Relying Party Privacy Policy

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Display Relying Party Privacy Policy|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Display Relying Party Privacy Policy - Maturity: Established {{#if: I2 | (I2 ) }}
Display from the Selector a link to the RP privacy policy as per ISIP § 3.2 Attempt to view the privacy policy for an RP with a known available value Link is displayed, matches value in card Link not displayed, value doesn’t match

Tests

I4:FeatureTest-Selector Display of RP Privacy Policy


Feature-Display Relying Party certificate details on initial Relying Party site access

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Display Relying Party certificate details on initial Relying Party site access|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Display Relying Party certificate details on initial Relying Party site access - Maturity: Emerging {{#if: | ( ) }}
Show standard certificate detail information on first access to an RP Access an RP Site unknown to the Selector, but known to use a standard SSL certificate Correct Details Shown No Details Shown or Incorrect Details Shown

Tests

Implementation priority: medium


Feature-Display Relying Party certificate details on demand

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Display Relying Party certificate details on demand|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Display Relying Party certificate details on demand - Maturity: Emerging {{#if: | ( ) }}
Show standard certificate detail information during any transaction with that RP, at user’s request Access an RP Site known to the Selector and known to use a standard SSL certificate Correct Details Shown No Details Shown or Incorrect Details Shown

Tests

Implementation priority: medium


Feature-Display Identity Provider certificate details on Card import

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Display Identity Provider certificate details on Card import|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Display Identity Provider certificate details on Card import - Maturity: Emerging {{#if: | ( ) }}
Show IdP Standard SSL certificate detail information on demand by user Import a card produced by an IdP known to use a standard SSL certificate Correct Certificate Details Shown No Details Shown or Incorrect Details Shown

Tests

Implementation priority: medium


Feature-Display fault reason text from SOAP Faults

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Display fault reason text from SOAP Faults|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Display fault reason text from SOAP Faults - Maturity: Emerging {{#if: | ( ) }}
Support for SOAP Faults as per ISIP § 6 and http://blogs.msdn.com/card/archive/2007/10/04/how-identity-providers-can-show-custom-error-messages-in-cardspace.aspx Simulate Each Fault Fault is recognized and acted upon Fault ignored or exception caused

Tests

Implementation priority: high


Feature-Support for Identity Provider using Transport Binding to secure SOAP message

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for Identity Provider using Transport Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for Identity Provider using Transport Binding to secure SOAP message - Maturity: Established {{#if: I1 | (I1 ) }}
Support for IdP use of transport security to secure the transaction on the channel as per ISIP Guide § 5.1.1.1 and WS-SecurityPolicy 1.2 § 8.3 Use a managed card whose provider is known to use transport binding against an RP that is also known to correctly handle transport binding. Successful transaction Error or exception

Tests


Feature-Support for Identity Provider using Symmetric Binding to secure SOAP message

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for Identity Provider using Symmetric Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for Identity Provider using Symmetric Binding to secure SOAP message - Maturity: Emerging {{#if: | ( ) }}
Support for IdP use of message security, specifically a symmetric binding to secure the transaction on the channel as per ISIP Guide § 5.1.1.2 and WS-SecurityPolicy 1.2 § 8.4 Use a managed card whose provider is known to use symmetric binding against an RP that is also known to correctly handle symmetric binding. Successful transaction Error or exception

Tests

Implementation priority: medium



Feature-Support for Identity Provider using Asymmetric Binding to secure SOAP message

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for Identity Provider using Asymmetric Binding to secure SOAP message|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for Identity Provider using Asymmetric Binding to secure SOAP message - Maturity: Emerging {{#if: | ( ) }}
Support for IdP use of message security, specifically an asymmetric binding to secure the transaction on the channel as per WS-SecurityPolicy 1.2 § 8.5. (Do not test in this Interop if not implemented by any Selector.) Use a managed card whose provider is known to use asymmetric binding against an RP that is also known to correctly handle asymmetric binding. Successful transaction Error or exception

Tests


Feature-Accept Policy Data from Relying Parties using Relying Party STS

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Accept Policy Data from Relying Parties using Relying Party STS|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Accept Policy Data from Relying Parties using Relying Party STS - Maturity: Established {{#if: I2 | (I2 ) }}
Support for use of an RP/STS to communicate RP policy data as per ISIP Guide § 3 Access an RP Site using an RP/STS & verify policy received. Complete policy received Incorrect or incomplete policy received or Selector not triggered

Tests

I4:FeatureTest-Selector Support for Relying Party STSs


Feature-Accept Policy Data from Rich Client Application using a separate Relying Party

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Accept Policy Data from Rich Client Application using a separate Relying Party|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Accept Policy Data from Rich Client Application using a separate Relying Party - Maturity: Established {{#if: I3 | (I3 ) }}
Ability for Selector to be triggered from a rich client application (with no browser used) and to receive RP policy data from a separate Relying Party Demonstrate using the Identity Selector from a smart client application (with no browser involved) where the user selects a card and causes a token to be sent to a relying party Selector invoked and token from selected card sent to relying party Selector not invoked, token not sent to RP, or other failures

Tests

Implementation priority: low


Feature-Accept Policy Data from Rich Client Application that is also the Relying Party

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Accept Policy Data from Rich Client Application that is also the Relying Party|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Accept Policy Data from Rich Client Application that is also the Relying Party - Maturity: Emerging {{#if: | ( ) }}
Ability for Selector to be triggered from a rich client application (with no browser used), and to receive RP policy data from that rich application Demonstrate using the Identity Selector from a smart client application (with no browser involved) where the user selects a card and causes a token to be sent to the application from an identity provider Selector invoked and token from selected card delivered to application Incorrect or incomplete policy, or Selector not triggered

Tests

Implementation priority: low


Feature-Identity Selector support for SOAP 1.1

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Selector support for SOAP 1.1|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Identity Selector support for SOAP 1.1 - Maturity: Established {{#if: I1 | (I1 ) }}
Support for IdP & RP Components which use SOAP 1.1 Access components that are known to exclusively use SOAP 1.1 Transaction Succeeds Error or Exception

Tests

Implementation priority: low


Feature-Identity Selector support for WS-Trust 1.2, WS-SecurityPolicy 1.1

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Selector support for WS-Trust 1.2, WS-SecurityPolicy 1.1|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Identity Selector support for WS-Trust 1.2, WS-SecurityPolicy 1.1 - Maturity: Established {{#if: I1 | (I1 ) }}
Support for IdP and RP Components which use WS-Trust 1.2 and WS-SecurityPolicy 1.1 as per ISIP and ISIP Guide Access components that are known to exclusively use ISIP versions of WS-Trust & WS-SecurityPolicy Transaction Succeeds Error or Exception

Tests

Implementation priority: low


Feature-Support for editing Self-Issued Information Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for editing Self-Issued Information Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for editing Self-Issued Information Cards - Maturity: Established {{#if: I2 | (I2 ) }}
Allow user to edit a self-issued information card already held in the Selector to contain new information from the user Attempt to edit self-issued card information Unable to update or self-issued cards Able to update and save self-issued cards

Tests


Feature-Notify user of need for Managed Information Card refresh

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Notify user of need for Managed Information Card refresh|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Notify user of need for Managed Information Card refresh - Maturity: Emerging {{#if: | ( ) }}
If, on attempted use of a managed information card, the Identity Provider returns an InformationCardRefreshRequired SOAP Fault, Selector must notify the user as per ISIP § 4.1.1.1, 4.3.1, 6.2 Attempt to use a card which needs a refresh User notified of more recent card version No notification of new version

Tests

Implementation priority: high


Feature-Notify user on Card import if imported Card already exists in Card Store

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Notify user on Card import if imported Card already exists in Card Store|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Notify user on Card import if imported Card already exists in Card Store - Maturity: Established {{#if: I3 | (I3 ) }}
Notify the user if, during card import, Selector detects an incoming card is a duplicate of one that exists in the card store Attempt to import a card that is already in the card store User notified and given choice of whether to import User not notified or error

Tests

I4:FeatureTest-Selector preserves MasterKey when overwriting card


Feature-Relying Party specific identifiers constructed for Self-Issued Cards at Relying Parties using HTTP

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Relying Party specific identifiers constructed for Self-Issued Cards at Relying Parties using HTTP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Relying Party specific identifiers constructed for Self-Issued Cards at Relying Parties using HTTP - Maturity: Established {{#if: I3 | (I3 ) }}
privatepersonalidentifier, signing key, and friendly identifier compatible for no-SSL sites for self-issued cards as per http://blogs.msdn.com/card/archive/2007/09/25/deploy-cardspace-on-your-site-without-a-ssl-certificate.aspx Use an information card at a site not using an SSL Certificate and verify the resulting PPID and friendly ID Identifiers match ISIP specifications Identifiers do not meet ISIP specifications

Tests

I4:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards


Feature-Support for Relying Parties using HTTP

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for Relying Parties using HTTP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for Relying Parties using HTTP - Maturity: Established {{#if: I2 | (I2 ) }}
Support for use of a no-SSL RP as per http://blogs.msdn.com/card/archive/2007/09/25/deploy-cardspace-on-your-site-without-a-ssl-certificate.aspx Access an http-only RP Site and use an Information Card Requested claims provided Selector not triggered

Tests

I4:Selector Use at Relying Party using HTTP


Feature-Identity Selector support for SOAP 1.2

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Selector support for SOAP 1.2|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Identity Selector support for SOAP 1.2 - Maturity: Emerging {{#if: | ( ) }}
Support for IdP & RP Components which use SOAP 1.2 Access components that are known to exclusively use SOAP 1.2 Transaction Succeeds Error or Exception

Tests

Implementation priority: low


Feature-Identity Selector support for WS-Trust 1.3, WS-SecurityPolicy 1.2

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Selector support for WS-Trust 1.3, WS-SecurityPolicy 1.2|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Identity Selector support for WS-Trust 1.3, WS-SecurityPolicy 1.2 - Maturity: Established {{#if: I3 | (I3 ) }}
Support for IdP and RP Components which use WS-Trust 1.3 and WS-SecurityPolicy 1.2 (the OASIS standard versions) as per http://blogs.msdn.com/card/archive/2007/11/22/cardspace-support-for-oasis-ws-sx-standards.aspx Access components that are known to exclusively use OASIS versions of WS-Trust & WS-SecurityPolicy Transaction Succeeds Error or Exception

Tests

I4:FeatureTest-Selector Support for WS-Trust 1.3 and WS-SecurityPolicy 1.2


Feature-Enforcement of IdP choice to limit use of Card to only sites with SSL

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Enforcement of IdP choice to limit use of Card to only sites with SSL|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Enforcement of IdP choice to limit use of Card to only sites with SSL - Maturity: Established {{#if: I3 | (I3 ) }}
Restriction of site access when a card is used that limits card access to non-SSL Sites as per http://blogs.msdn.com/card/archive/2007/09/25/deploy-cardspace-on-your-site-without-a-ssl-certificate.aspx Import HTTPS only card and try to use it at https and http sites Card usable at an https site but can not be selected to use at an http site Card can not be imported or not usable at https site or can be used at an http site

Tests

I4:FeatureTest-Selector Support for RequireStrongRecipientIdentity


Feature-Identity Selector informs user when an RP site Privacy Policy has Changed

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Selector informs user when an RP site Privacy Policy has Changed|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Identity Selector informs user when an RP site Privacy Policy has Changed - Maturity: Emerging {{#if: | ( ) }}
Selector must be able to detect when a new version of the RP privacy policy is available, and notify the user Trigger a Selector transaction where the privacy policy has changed User is notified User is not notified

Tests

Implementation priority: medium


Feature-PPID for Auditing Managed Card remains the same after overwriting card in Selector

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:PPID for Auditing Managed Card remains the same after overwriting card in Selector|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector PPID for Auditing Managed Card remains the same after overwriting card in Selector - Maturity: Established {{#if: I3 | (I3 ) }}
Information provided to the Identity Provider for the card used to generate the PPID is consistent between old and new version of the card Import one version of the card, use it, and record PPID. Import second version of the card, and verify that the PPID doesn’t change. The card generates the same PPID after being overwritten PPID changes after the card is overwritten

Tests

I4:FeatureTest-Selector preserves MasterKey when overwriting card


Feature-PPID for Auditing Managed Card remains the same after updating card to newer version in Selector

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:PPID for Auditing Managed Card remains the same after updating card to newer version in Selector|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector PPID for Auditing Managed Card remains the same after updating card to newer version in Selector - Maturity: Emerging {{#if: | ( ) }}
Information provided to the Identity Provider for the card used to generate the PPID is consistent between old and new version of the card Import one version of the card, use it, and record PPID. Import second version of the card, and verify that the PPID doesn’t change. Different versions of the same card generate the same PPID PPID changes between versions of the card

Tests


Feature-PPID for Non-Auditing Managed Card remains the same after updating card to newer version in Selector

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:PPID for Non-Auditing Managed Card remains the same after updating card to newer version in Selector|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector PPID for Non-Auditing Managed Card remains the same after updating card to newer version in Selector - Maturity: Emerging {{#if: | ( ) }}
Information provided to the Identity Provider for the card used to generate the PPID is consistent between old and new version of the card Import one version of the card, use it, and record PPID. Import second version of the card, and verify that the PPID doesn’t change. Different versions of the same card generate the same PPID PPID changes between versions of the card

Tests


Feature-Verify AppliesTo information is present in Relying Party policy when Auditing Card used

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify AppliesTo information is present in Relying Party policy when Auditing Card used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify AppliesTo information is present in Relying Party policy when Auditing Card used - Maturity: Emerging {{#if: | ( ) }}
Check that the RP has returned token scope information with AppliesTo when the card used at the RP is auditing mandatory (Behavior per Token Scope table in ISIP § 4.3.3) Use an Auditing mandatory card in an RP transaction where the RP does not supply AppliesTo Actionable Message Other behavior

Tests


Feature-Verify AppliesTo information is not present in Relying Party policy when Non-Auditing Card used

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify AppliesTo information is not present in Relying Party policy when Non-Auditing Card used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify AppliesTo information is not present in Relying Party policy when Non-Auditing Card used - Maturity: Emerging {{#if: | ( ) }}
Check that the RP has not returned token scope information with AppliesTo when the card used at the RP is non-auditing (behavior per Token Scope table in ISIP § 4.3.3) Use a non-auditing card with an RP where the RP supplies AppliesTo Fail with actionable error message. Other behavior

Tests



Feature-Verify format of .crd file prior to import

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify format of .crd file prior to import|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify format of .crd file prior to import - Maturity: Emerging {{#if: | ( ) }}
Check that the .crd file is a valid XML document before importing it Attempt to import a faulty .crd file Failure with actionable message Exception, no error notification

Tests

Implementation priority: low


Feature-Validate certificate signing .crd file prior to import

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Validate certificate signing .crd file prior to import|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Validate certificate signing .crd file prior to import - Maturity: Emerging {{#if: | ( ) }}
Validate that the certificate signing the .crd file is the certificate of the owner of the STS Attempt to import a .crd file signed by a certificate different than that of the issuing STS Failure with actionable message Exception, no error notification

Tests

Implementation priority: medium


Feature-Verify format of .crds file prior to import

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify format of .crds file prior to import|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify format of .crds file prior to import - Maturity: Emerging {{#if: | ( ) }}
Check that the .crds file is a valid XML document before importing it Attempt to import a faulty .crds file Failure with actionable message Exception, no error notification

Tests

Implementation priority: low


Feature-Verify passcode of .crds file prior to import

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify passcode of .crds file prior to import|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify passcode of .crds file prior to import - Maturity: Emerging {{#if: | ( ) }}
All .crds files should require the passcode to be correctly provided by the user Attempt to import a .crds file when the passcode given is invalid Failure with actionable message Exception, no error notification

Tests


Feature-Verify X.509 certificate associated with Identity Provider at time of Card use

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify X.509 certificate associated with Identity Provider at time of Card use|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify X.509 certificate associated with Identity Provider at time of Card use - Maturity: Emerging {{#if: | ( ) }}
The X.509 Certificate of an Identity Provider should be validated in the following ways: the certificate chain should be validated, the certificate should be checked for revocation as per RFC 3280, and the host associated with the certificate should match the host presenting the certificate Attempt to use a Selector at an Identity Provider with an invalid X.509 certificate Failure with actionable message Exception, continue

Tests


Feature-Verify Relying Party X.509 certificate at time of Card use

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify Relying Party X.509 certificate at time of Card use|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify Relying Party X.509 certificate at time of Card use - Maturity: Emerging {{#if: | ( ) }}
The X.509 Certificate of an Identity Provider should be validated in the following ways: the certificate chain should be validated, the certificate should be checked for revocation as per RFC 3280, and the host associated with the certificate should match the host presenting the certificate Attempt to use a Selector at an Relying Party with an invalid X.509 certificate Failure with actionable message Exception, continue

Tests


Feature-Verify X.509 certificate associated with imported Card prior to importing

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify X.509 certificate associated with imported Card prior to importing|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify X.509 certificate associated with imported Card prior to importing - Maturity: Emerging {{#if: | ( ) }}
The X.509 Certificate of an Identity Provider should be validated in the following ways: the certificate chain should be validated, the certificate should be checked for revocation as per RFC 3280, and the host associated with the certificate should match the host presenting the certificate Attempt to import a managed card with an invalid associated X.509 certificate Failure with actionable message Card import succeeds

Tests


Feature-Behavior when an Identity Provider STS never responds to a request

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Behavior when an Identity Provider STS never responds to a request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Behavior when an Identity Provider STS never responds to a request - Maturity: Emerging {{#if: | ( ) }}
Attempts to communicate with an STS should be limited to a pre-defined time period, after which control is returned to the user. Attempt to use a card whose STS does not respond Reasonable timeout with error message Hang

Tests

Implementation priority: medium


Feature-Behavior when a Relying Party STS never responds to a request

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Behavior when a Relying Party STS never responds to a request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Behavior when a Relying Party STS never responds to a request - Maturity: Emerging {{#if: | ( ) }}
Attempts to communicate with an RP/STS should be limited to a pre-defined time period, after which control is returned to the user. Attempt to use a card at an RP/STS that does not respond Reasonable timeout with error message Hang

Tests

Implementation priority: medium


Feature-Provide ability to disable Selector invocation to prevent denial of service by malicious relying parties

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Provide ability to disable Selector invocation to prevent denial of service by malicious relying parties|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Provide ability to disable Selector invocation to prevent denial of service by malicious relying parties - Maturity: Established {{#if: I3 | (I3 ) }}
Users should be able to disable Selector invocation manually – to prevent against malicious code spawning Selector transaction after Selector transaction Attempt to use Selector at an RP that tries to DOS the workstation by triggering repeating Selector transactions User can disable Selector invocation User cannot disable Selector invocation

Tests

I4:FeatureTest-Identity Selector DOS Avoidance


Feature-Behavior when the relying party request contains no claims

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Behavior when the relying party request contains no claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Behavior when the relying party request contains no claims - Maturity: Emerging {{#if: | ( ) }}
If there are no required or optional claims requested by the RP, the Selector should match cards based on token type only Attempt to use Selector at an RP that requests no claims Match only on token type Match all cards or no cards

Tests


Feature-Behavior when the Relying Party request contains only optional claims

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Behavior when the Relying Party request contains only optional claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Behavior when the Relying Party request contains only optional claims - Maturity: Emerging {{#if: | ( ) }}
If there are no required claims but some optional claims requested by the RP, the Selector should match cards based on token type only Use Selector at an RP that requests only Optional claims Match only on token type Match all cards or no cards

Tests


Feature-Support for Information Card Refreshes

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support for Information Card Refreshes|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Support for Information Card Refreshes - Maturity: Emerging {{#if: | ( ) }}
The user must be notified in the case where they attempt to use a card from an Information Provider that responds that a refresh of that card is necessary Attempt to use a card which requires a card refresh Actionable Message Transaction continues or else stops without an actionable message

Tests

Implementation priority: medium


Feature-Verify presence of backing Self-Issued Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verify presence of backing Self-Issued Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Verify presence of backing Self-Issued Card - Maturity: Emerging {{#if: | ( ) }}
Check that the backing self-issued card is present prior to allowing the managed card to be used Attempt to use a managed card whose backing self-issued card is missing Actionable Message Failure or transaction continues

Tests


Feature-Binary install package for Identity Selector available

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Binary install package for Identity Selector available|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Binary install package for Identity Selector available - Maturity: Emerging {{#if: | ( ) }}
Simple installation for users Install Selector Easy Hard

Tests

Implementation priority: low


Feature-Ability to PIN protect a Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Ability to PIN protect a Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Ability to PIN protect a Card - Maturity: Established {{#if: I3 | (I3 ) }}
Users must be able to add and remove a PIN to a card as per ISIP § 7.1.1 Attempt to add a PIN to a card, then attempt to remove it Able to add and remove PIN protection Not able to PIN-protect

Tests

I4:FeatureTest-Selector PIN-protection of Cards


Feature-Ability to export and import PIN protected Cards

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Ability to export and import PIN protected Cards|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Ability to export and import PIN protected Cards - Maturity: Established {{#if: I3 | (I3 ) }}
PIN information must be part of .crds file as per ISIP § 7.1.1 Import PIN-protected card – verify that PIN is intact PIN intact PIN missing or altered

Tests

I4:FeatureTest-Selector Import-Export of .crds Files


Feature-Browser independence

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Browser independence|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Browser independence - Maturity: Emerging {{#if: | ( ) }}
Selector can be invoked from different browsers (possibly with the addition of a Browser Add-On) Attempt to use from more than one browser Possible Not possible

Tests


Feature-Manual invocation of Selector by user for Card management functions

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Manual invocation of Selector by user for Card management functions|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Manual invocation of Selector by user for Card management functions - Maturity: Emerging {{#if: | ( ) }}
Selector can be started without having accessed a Relying Party for the purposes of managing a user's information card storage, enabling actions such as acquiring new cards, deleting undesired ones, and auditing their usage. Manually invoke Identity Selector and manage information cards and card details. Card management can be launched and performed without contacting a relying party. Relying party must be contacted to interact with IA.

Tests

Implementation priority: low


Feature-Internationalization

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Internationalization|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Internationalization - Maturity: Emerging {{#if: | ( ) }}
User interface elements should be presented in current locale for operating system Attempt to use Selector with a locale other than English set on the operating system Natural language and formatting conventions used the same as the OS Fixed-language interface

Tests

Implementation priority: medium


Feature-Identity Selector informs user when a site is being used for the first time

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Selector informs user when a site is being used for the first time|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Identity Selector informs user when a site is being used for the first time - Maturity: Emerging {{#if: | ( ) }}
IA must be able to detect whether this is first or subsequent visit to an RP and inform the user in an actionable manner. This is a key part of the phishing defense enabled by Identity Selectors. Visit an RP site which has never been seen before Signal to user on first visit must be distinguishable from what the user sees on subsequent visits. The object of the game here is to make the signal so blatant that the user will terminate the login process if the signal says first visit but she already has an account at the RP. What user sees is very similar between the first/subsequent visit cases. For instance, they are only shown which cards match the claims policy of the RP.

Tests

Implementation priority: medium


Feature-Relying Party site information shown during card selection

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Relying Party site information shown during card selection|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Relying Party site information shown during card selection - Maturity: Emerging {{#if: | ( ) }}
In the user interface used to select and send a card, information about the Relying Party site is shown to the user. Select a card and attempt to view RP certificate details RP information (text, logo, or both) must be shown. RP information not shown.

Tests

Implementation priority: medium


Feature-Ability to select which optional claims to send

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Ability to select which optional claims to send|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Ability to select which optional claims to send - Maturity: Emerging {{#if: | ( ) }}
In the interface used to send a card, allow the user to see what optional claims are sent for the card and to choose whether or not to send any or all optional claims Invoke the Selector against an RP advertising optional claims with a card that populates those claims – attempt to choose not to send optional claims Ability to not send optional claims, either as a group or individually No choice of whether to send optional claims.

Tests

Implementation priority: low


Feature-Differentiate Extended Validation certificates from regular SSL certificates

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Differentiate Extended Validation certificates from regular SSL certificates|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Differentiate Extended Validation certificates from regular SSL certificates - Maturity: Emerging {{#if: | ( ) }}
When viewing certificate information for an IdP, ensure that users can tell the difference between sites protected by EV SSL and sites protected by Regular SSL Certificates Compare the certificate details page for a card from an IdP protected by an EV SSL Certificate to the certificate details page for a card from an IdP protected by a regular SSL Certificate Can tell which site is EV-SSL and which site is Regular SSL No difference

Tests

Implementation priority: medium


Feature-Display Identity Provider Extended Validation certificate image during Card import if image is present

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Display Identity Provider Extended Validation certificate image during Card import if image is present|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Display Identity Provider Extended Validation certificate image during Card import if image is present - Maturity: Emerging {{#if: | ( ) }}
During import of a managed card protected by an Extended Validation Certificate with an image associated, display the image to the user. Access an RP Site known to use an EV certificate with an image Image shown Image not shown or error

Tests

Implementation priority: medium


Feature-Display issuer information contained in Card

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Display issuer information contained in Card|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Display issuer information contained in Card - Maturity: Emerging {{#if: | ( ) }}
Support display of the issuer information contained in the card as per http://blogs.msdn.com/card/archive/2007/10/24/providing-custom-data-in-an-information-card.aspx Import a card containing issuer information and view the card details Issuer information displayed Issuer information not displayed

Tests


Feature-Notify user on Card import if Card is already installed in Identity Selector

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Information Card Identity Selector Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Notify user on Card import if Card is already installed in Identity Selector|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=I4|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=I4|as XML]]  edit
}}
Information Card Identity Selector Notify user on Card import if Card is already installed in Identity Selector - Maturity: Established {{#if: I3 | (I3 ) }}
During import of an information card, check that the card is not already present – if the card is present, notify the user Attempt to install an already present managed card Notification occurs No notification or error

Tests

I4:FeatureTest-Selector preserves MasterKey when overwriting card

Retrieved from "http://osis.idcommons.net/w/index.php?title=I4:Information_Card_Identity_Selector_Features&oldid=17243"