| Feature
| Solution Role
| Maturity
| Tests
|
| Recognition of HTML OBJECT tag as a Selector trigger
| Information Card Browser Add-On
|
| I3:FeatureTest-Browser Add-On Support for HTML Triggers
|
| Recognition of XHTML informationCard tag as a Selector trigger
| Information Card Browser Add-On
|
| I3:FeatureTest-Browser Add-On Support for XHTML Triggers
|
| Recognition of an Relying Party-specified issuerPolicy location from HTML OBJECT tag
| Information Card Browser Add-On
|
| I3:FeatureTest-Browser Add-On Recognition of RPSTS Endpoint
|
| Recognition of an Relying Party-specified issuerPolicy location from XHTML informationCard tag
| Information Card Browser Add-On
|
| I3:FeatureTest-Selector Display of RP Privacy Policy
|
| Recognition of Selector triggers on Relying Party pages using HTTP
| Information Card Browser Add-On
|
| I3:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Recognition of Privacy Policy and Privacy Version
| Information Card Browser Add-On
|
|
|
| Recognition of basic Selector trigger objects submitted via HTML form
| Information Card Browser Add-On
|
| I3:FeatureTest-Browser Add-On Support for HTML Object Input Tag Form Submission
|
| Recognition of basic Selector trigger objects submitted via JavaScript
| Information Card Browser Add-On
|
| I3:FeatureTest-Browser Add-On Support for JavaScript Form Submission
|
| Recognition of DOM-only Selector trigger objects submitted via JavaScript
| Information Card Browser Add-On
|
|
|
| Programmatic detection of Identity Selector via isInstalled method
| Information Card Browser Add-On
|
|
|
| Enable Selector Disablement During Denial of Service
| Information Card Browser Add-On
|
| I3:FeatureTest-Browser Add-On DOS Avoidance
|
| Browser-based advertisement of Identity Selector presence
| Information Card Browser Add-On
| Emerging
|
|
| Browser-based advertisement of Identity Selector capabilities
| Information Card Browser Add-On
| Emerging
|
|
| Uses certificate of the root frame when object tag is embedded in an iFrame
| Information Card Browser Add-On
| Emerging
|
|
| Recognizes Relying Parties using HTTP
| Information Card Browser Add-On
|
| I3:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Support for Multiple selectable object tags on page
| Information Card Browser Add-On
|
| I3:FeatureTest-Browser Add-On Detection of Multiple Trigger Objects
|
| Binary install package for Browser Add-on available
| Information Card Browser Add-On
| Emerging
|
|
| Identity Selector independence
| Information Card Browser Add-On
|
|
|
| Creation of Managed Card backed by a Self-Issued Information Card
| Information Card Identity Provider
|
| I3:FeatureTest-IdP Authenticates Card-backed Managed Cards
|
| Creation of Managed Card backed by X.509 certificate
| Information Card Identity Provider
|
|
|
| Creation of Managed Card backed by Kerberos
| Information Card Identity Provider
|
|
|
| Creation of Managed Card backed by Username and Password
| Information Card Identity Provider
|
| I3:FeatureTest-IdP Authenticates UNPW-backed Managed Cards
|
| Use of a Managed Card backed by a Self-Issued Information Card
| Information Card Identity Provider
|
|
|
| Use of a Managed Card backed by an X.509 certificate
| Information Card Identity Provider
|
|
|
| Use of a Managed Card backed by Kerberos
| Information Card Identity Provider
|
|
|
| Use of a Managed Card backed by Username and Password
| Information Card Identity Provider
|
|
|
| Relying Party AppliesTo information always used in token returned from use of Auditing Managed Cards
| Information Card Identity Provider
|
|
|
| AppliesTo information used, if supplied, in token returned from use of Auditing-Optional Managed Cards
| Information Card Identity Provider
|
|
|
| Use of ClientPseudonym information in token returned from use of Non-Auditing Managed Cards
| Information Card Identity Provider
|
|
|
| Identity Provider uses Transport Binding to secure SOAP message
| Information Card Identity Provider
|
|
|
| Identity Provider uses Symmetric Binding to secure SOAP message
| Information Card Identity Provider
|
|
|
| Identity Provider uses Asymmetric Binding to secure SOAP message
| Information Card Identity Provider
|
|
|
| Identity Provider support for SOAP 1.1
| Information Card Identity Provider
|
|
|
| Identity Provider support for SOAP 1.2
| Information Card Identity Provider
|
|
|
| Identity Provider support for WS-Trust 1.2, WS-SecurityPolicy 1.1
| Information Card Identity Provider
|
|
|
| Identity Provider support for WS-Trust 1.3, WS-SecurityPolicy 1.2
| Information Card Identity Provider
|
|
|
| Support for multi-valued claims in Managed Cards
| Information Card Identity Provider
|
|
|
| Support for claims with attached attributes
| Information Card Identity Provider
|
|
|
| Capable of issuing SAML 1.0 tokens
| Information Card Identity Provider
|
|
|
| Capable of issuing SAML 1.1 tokens
| Information Card Identity Provider
|
|
|
| Capable of issuing SAML 2.0 tokens
| Information Card Identity Provider
|
|
|
| Populate Display Token values for requested claims when requested by Identity Selector
| Information Card Identity Provider
|
| I3:FeatureTest-IdP Population of Display Token Values
|
| Issued Token contains valid AudienceRestrictionCondition restriction for SAML bearer tokens
| Information Card Identity Provider
|
|
|
| Ability to refuse to serve Relying Parties using HTTP
| Information Card Identity Provider
|
|
|
| Issued Token contains only the claims requested by Relying Party
| Information Card Identity Provider
|
|
|
| Identity Provider recognizes equivalence of the multiple URIs for SAML 1.0 and 1.1 tokens
| Information Card Identity Provider
|
|
|
| Returns token type requested by Relying Party
| Information Card Identity Provider
|
|
|
| Verify that all required claims are available at Identity Provider
| Information Card Identity Provider
|
|
|
| Identity Provider returns MissingAppliesTo SOAP Fault
| Information Card Identity Provider
|
|
|
| Identity Provider returns InvalidProofKey SOAP Fault
| Information Card Identity Provider
|
|
|
| Identity Provider returns UnknownInformationCardReference SOAP Fault
| Information Card Identity Provider
|
|
|
| Unable to satisfy claims required by the Relying Party
| Information Card Identity Provider
|
|
|
| Identity Provider returns InformationCardRefreshRequired SOAP Fault
| Information Card Identity Provider
|
|
|
| Export of Managed Information Card in .crd Format
| Information Card Identity Provider
|
| I3:FeatureTest-Provider Export of .crd Files
|
| Identity Provider has a domain name and does not require a cert to be installed
| Information Card Identity Provider
|
|
|
| Identity Provider login via Information Card
| Information Card Identity Provider
|
|
|
| Identity Provider account creation via Information Card
| Information Card Identity Provider
|
|
|
| Basic use of Self-Issued Information Card
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Use with Self-Issued Cards
|
| Basic use of PIN-protected Self-Issued Information Card
| Information Card Identity Selector
|
| I3:FeatureTest-Selector PIN-protection of Cards
|
| Basic use of Managed Card backed by Self-Issued Information Card
| Information Card Identity Selector
|
| I3:FeatureTest-Selector with card-backed Managed Cards
|
| Basic use of Managed Card backed by X.509 Certificate
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Support for Managed Card backed by X.509 Certificate
|
| Basic use of Managed Card backed by Kerberos
| Information Card Identity Selector
| Emerging
|
|
| Basic use of Managed Card backed by Username and Password
| Information Card Identity Selector
|
| I3:FeatureTest-Selector with UNPW-backed Managed Cards
|
| Support for Auditing Cards
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Support for Auditing Cards
|
| Support for Auditing-Optional Cards
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Support for Auditing-Optional Cards
|
| Support for Non-Auditing Cards
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Support for Non-Auditing Cards
|
| Cards supporting multiple token types
| Information Card Identity Selector
|
|
|
| Cards supporting multiple authentication methods
| Information Card Identity Selector
|
|
|
| Import .crd file containing Managed Card
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Import of .crd Files
|
| Export one or more Cards to .crds file
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Import-Export of .crds Files
|
| Import Cards from .crds file
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Import-Export of .crds Files
|
| Relying Party specific identifiers constructed for Self-Issued Cards and standard SSL Relying Party certificate
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Relying Party specific identifiers constructed for Self-Issued Cards and EV SSL Relying Party certificate
| Information Card Identity Selector
|
|
|
| Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo supplied
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo not supplied
| Information Card Identity Selector
|
|
|
| Retrieval and display of Display Token values for Managed Cards
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Display of Managed Card Display Tokens
|
| Display Identity Provider Privacy Policy from Managed Card
| Information Card Identity Selector
|
|
|
| Display Relying Party Privacy Policy
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Display of RP Privacy Policy
|
| Display Relying Party certificate details on initial Relying Party site access
| Information Card Identity Selector
|
|
|
| Display Relying Party certificate details on demand
| Information Card Identity Selector
|
|
|
| Display Identity Provider certificate details on Card import
| Information Card Identity Selector
|
|
|
| Display fault reason text from SOAP Faults
| Information Card Identity Selector
|
|
|
| Support for Identity Provider using Transport Binding to secure SOAP message
| Information Card Identity Selector
|
|
|
| Support for Identity Provider using Symmetric Binding to secure SOAP message
| Information Card Identity Selector
|
|
|
| Support for Identity Provider using Asymmetric Binding to secure SOAP message
| Information Card Identity Selector
|
|
|
| Accept Policy Data from Relying Parties using Relying Party STS
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Support for Relying Party STSs
|
| Accept Policy Data from Rich Client Application using a separate Relying Party
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Support for Rich Clients
|
| Accept Policy Data from Rich Client Application that is also the Relying Party
| Information Card Identity Selector
|
|
|
| Identity Selector support for SOAP 1.1
| Information Card Identity Selector
|
|
|
| Identity Selector support for WS-Trust 1.2, WS-SecurityPolicy 1.1
| Information Card Identity Selector
|
|
|
| Support for editing Self-Issued Information Cards
| Information Card Identity Selector
|
|
|
| Notify user of need for Managed Information Card refresh
| Information Card Identity Selector
|
|
|
| Notify user on Card import if imported Card already exists in Card Store
| Information Card Identity Selector
|
| I3:FeatureTest-Selector preserves MasterKey when overwriting card
|
| Relying Party specific identifiers constructed for Self-Issued Cards at Relying Parties using HTTP
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Support for Relying Parties using HTTP
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Identity Selector support for SOAP 1.2
| Information Card Identity Selector
|
|
|
| Identity Selector support for WS-Trust 1.3, WS-SecurityPolicy 1.2
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Support for WS-Trust 1.3 and WS-SecurityPolicy 1.2
|
| Enforcement of IdP choice to limit use of Card to only sites with SSL
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Support for RequireStrongRecipientIdentity
|
| Identity Selector informs user when an RP site Privacy Policy has Changed
| Information Card Identity Selector
|
|
|
| PPID for Auditing Managed Card remains the same after overwriting card in Selector
| Information Card Identity Selector
|
| I3:FeatureTest-Selector preserves MasterKey when overwriting card
|
| PPID for Auditing Managed Card remains the same after updating card to newer version in Selector
| Information Card Identity Selector
|
|
|
| PPID for Non-Auditing Managed Card remains the same after updating card to newer version in Selector
| Information Card Identity Selector
|
|
|
| Verify AppliesTo information is present in Relying Party policy when Auditing Card used
| Information Card Identity Selector
|
|
|
| Verify AppliesTo information is not present in Relying Party policy when Non-Auditing Card used
| Information Card Identity Selector
|
|
|
| Verify format of .crd file prior to import
| Information Card Identity Selector
|
|
|
| Validate certificate signing .crd file prior to import
| Information Card Identity Selector
|
|
|
| Verify format of .crds file prior to import
| Information Card Identity Selector
|
|
|
| Verify passcode of .crds file prior to import
| Information Card Identity Selector
|
|
|
| Verify X.509 certificate associated with Identity Provider at time of Card use
| Information Card Identity Selector
|
|
|
| Verify Relying Party X.509 certificate at time of Card use
| Information Card Identity Selector
|
|
|
| Verify X.509 certificate associated with imported Card prior to importing
| Information Card Identity Selector
|
|
|
| Behavior when an Identity Provider STS never responds to a request
| Information Card Identity Selector
|
|
|
| Behavior when a Relying Party STS never responds to a request
| Information Card Identity Selector
|
|
|
| Provide ability to disable Selector invocation to prevent denial of service by malicious relying parties
| Information Card Identity Selector
| Emerging
| I3:FeatureTest-Identity Selector DOS Avoidance
|
| Behavior when the relying party request contains no claims
| Information Card Identity Selector
|
|
|
| Behavior when the Relying Party request contains only optional claims
| Information Card Identity Selector
|
|
|
| Support for Information Card Refreshes
| Information Card Identity Selector
|
|
|
| Verify presence of backing Self-Issued Card
| Information Card Identity Selector
|
|
|
| Binary install package for Identity Selector available
| Information Card Identity Selector
|
|
|
| Ability to PIN protect a Card
| Information Card Identity Selector
|
| I3:FeatureTest-Selector PIN-protection of Cards
|
| Ability to export and import PIN protected Cards
| Information Card Identity Selector
|
| I3:FeatureTest-Selector Import-Export of .crds Files
|
| Browser independence
| Information Card Identity Selector
|
|
|
| Manual invocation of Selector by user for Card management functions
| Information Card Identity Selector
|
|
|
| Internationalization
| Information Card Identity Selector
|
|
|
| Identity Selector informs user when a site is being used for the first time
| Information Card Identity Selector
|
|
|
| Relying Party site information shown during card selection
| Information Card Identity Selector
|
|
|
| Ability to select which optional claims to send
| Information Card Identity Selector
|
|
|
| Differentiate Extended Validation certificates from regular SSL certificates
| Information Card Identity Selector
|
|
|
| Display Identity Provider Extended Validation certificate image during Card import if image is present
| Information Card Identity Selector
|
|
|
| Display issuer information contained in Card
| Information Card Identity Selector
| Emerging
|
|
| Notify user on Card import if Card is already installed in Identity Selector
| Information Card Identity Selector
|
| I3:FeatureTest-Selector preserves MasterKey when overwriting card
|
| Accepts Self-Issued Cards
| Information Card Relying Party Features
|
| I3:FeatureTest-RP Acceptance of Self-Issued Cards
|
| Accepts Managed Cards
| Information Card Relying Party Features
|
| I3:FeatureTest-RP Acceptance of Managed Cards
|
| Accepts tokens with 256-bit KeySize
| Information Card Relying Party Features
|
|
|
| Accepts tokens with 128-bit KeySize
| Information Card Relying Party Features
| Emerging
|
|
| Accepts tokens with legal whitespace in the signature
| Information Card Relying Party Features
|
|
|
| Accepts expected multi-valued claims
| Information Card Relying Party Features
|
|
|
| Handles claim values containing special characters and non-ASCII values
| Information Card Relying Party Features
| Established
|
|
| Token with empty claim values
| Information Card Relying Party Features
| Emerging
|
|
| Capable of accepting SAML 1.0 tokens
| Information Card Relying Party Features
|
|
|
| Capable of accepting SAML 1.1 tokens
| Information Card Relying Party Features
|
|
|
| Accepts SAML 2.0 tokens
| Information Card Relying Party Features
| Emerging
|
|
| Supports use on HTTP sites
| Information Card Relying Party Features
|
| I3:FeatureTest-RP Support for HTTP
|
| Relying Party accepts Transport Binding to secure SOAP message
| Information Card Relying Party Features
|
|
|
| Relying Party accepts Symmetric Binding to secure SOAP message
| Information Card Relying Party Features
|
|
|
| Relying Party uses Asymmetric Binding to secure SOAP message
| Information Card Relying Party Features
|
|
|
| Relying Party support for SOAP 1.1
| Information Card Relying Party Features
|
|
|
| Relying Party support for SOAP 1.2
| Information Card Relying Party Features
|
|
|
| Relying Party support for WS-Trust 1.2, WS-SecurityPolicy 1.1
| Information Card Relying Party Features
|
|
|
| Relying Party support for WS-Trust 1.3, WS-SecurityPolicy 1.2
| Information Card Relying Party Features
|
|
|
| Confirms Audience Restriction value matches Relying Party in token from Identity Provider
| Information Card Relying Party Features
|
|
|
| Verifies token signature
| Information Card Relying Party Features
|
|
|
| In browser case, verifies that token is a bearer token
| Information Card Relying Party Features
|
|
|
| Verifies Audience restriction is not present in token when no Auditing data was given
| Information Card Relying Party Features
|
|
|
| Allows the proof key in the token to change between user interactions
| Information Card Relying Party Features
|
|
|
| Different token type received than requested
| Information Card Relying Party Features
|
|
|
| Token encrypted with an unsupported method
| Information Card Relying Party Features
|
|
|
| RSTR received with invalid WS-Trust Lifetime parameters
| Information Card Relying Party Features
|
|
|
| Token with out-of-range SAML notBefore or notOnOrAfter elements
| Information Card Relying Party Features
|
|
|
| SAML token without notBefore or notOnOrAfter elements
| Information Card Relying Party Features
|
|
|
| Token with unrequested claims
| Information Card Relying Party Features
|
|
|
| Token with claim name differing by case
| Information Card Relying Party Features
|
|
|
| Token with non-matching claim name, such as including a trailing slash
| Information Card Relying Party Features
|
|
|
| Verifies that claim namespaces returned in token match those requested
| Information Card Relying Party Features
|
|
|
| Verifies that Token has InclusiveNamespaces element
| Information Card Relying Party Features
|
|
|
| Verifies that Token is only using namespaces in InclusiveNamespaces list
| Information Card Relying Party Features
|
|
|
| Ignores padding in token
| Information Card Relying Party Features
|
|
|
| Unexpected multi-valued claims
| Information Card Relying Party Features
|
|
|
| Received Token is missing required claims
| Information Card Relying Party Features
|
|
|
| Relying Party recognizes equivalence of the multiple URIs for SAML 1.0 and 1.1 tokens
| Information Card Relying Party Features
|
|
|
| RP Sanitizes Received Claims To Prevent Injection Attacks
| Information Card Relying Party Features
|
| I3:FeatureTest-RP Sanitization of Claims Containing HTML Entities
|
| Behavior when no Identity Selector or Browser Add-on installed
| Information Card Relying Party Features
|
|
|
| Behavior when Identity Selector installed but Browser Add-on not installed
| Information Card Relying Party Features
|
|
|
| Behavior when Identity Selector not installed but Browser Add-on installed
| Information Card Relying Party Features
|
|
|
| Provides Validity Window for token times to allow for imperfect Clock Synchronization
| Information Card Relying Party Features
|
|
|
| Relying Party has a domain name and does not require a cert to be installed
| Information Card Relying Party Features
|
|
|
| Information Card Icon used to indicate acceptance of Information Cards
| Information Card Relying Party Features
|
|
|
| Relying Party account creation via Self-Issued Cards
| Information Card Relying Party Features
|
|
|
| Relying Party account creation via Managed Cards
| Information Card Relying Party Features
|
|
|
| OpenID Provider support for OpenID 1.1
| OpenID Identity Provider
|
|
|
| OpenID Provider support for OpenID 2.0
| OpenID Identity Provider
|
|
|
| OpenID Provider support for Simple Registration
| OpenID Identity Provider
|
|
|
| OpenID Provider support for Attribute Exchange
| OpenID Identity Provider
|
|
|
| OpenID Provider support for PAPE
| OpenID Identity Provider
|
|
|
| Provides Phishing-Resistant Authentication
| OpenID Identity Provider
|
|
|
| Provides Multi-Factor Authentication
| OpenID Identity Provider
|
|
|
| Provides Multi-Factor-Physical Authentication
| OpenID Identity Provider
|
|
|
| Issues OpenID InfoCards
| OpenID Identity Provider
|
|
|
| Issues URL-based OpenIDs
| OpenID Identity Provider
|
|
|
| Issues i-name-based OpenIDs
| OpenID Identity Provider
|
|
|
| Directs user to use appropriate authentication methods to fulfill PAPE request
| OpenID Identity Provider
|
|
|
| Directs user to re-authenticate if current authentication can not fulfill PAPE request
| OpenID Identity Provider
|
|
|
| OpenID Provider login via Information Card
| OpenID Identity Provider
|
|
|
| OpenID Provider account creation via Information Card
| OpenID Identity Provider
|
|
|
| OpenID Provider support for issuing Managed Information Cards
| OpenID Identity Provider
|
|
|
| OpenID Relying Party support for OpenID 1.1
| OpenID Relying Party
|
|
|
| OpenID Relying Party support for OpenID 2.0
| OpenID Relying Party
|
|
|
| OpenID Relying Party support for Simple Registration
| OpenID Relying Party
|
|
|
| OpenID Relying Party support for Attribute Exchange
| OpenID Relying Party
|
|
|
| OpenID Relying Party support for PAPE
| OpenID Relying Party
|
|
|
| Can request Phishing-Resistant Authentication
| OpenID Relying Party
|
|
|
| Can request Multi-Factor Authentication
| OpenID Relying Party
|
|
|
| Can request Multi-Factor-Physical Authentication
| OpenID Relying Party
|
|
|
| Accepts OpenID InfoCards
| OpenID Relying Party
|
|
|
| Accepts i-name-based OpenIDs
| OpenID Relying Party
|
|
|
| Display i-name that was verified rather than resulting i-number
| OpenID Relying Party
|
|
|
| OpenID Relying Party support for account creation via Simple Registration
| OpenID Relying Party
|
|
|
