| Feature
| Solution Role
| Maturity
| Tests
|
| Recognition of HTML OBJECT tag as a Selector trigger
| Information Card Browser Add-On
| Established (I1)
| I4:FeatureTest-Browser Add-On Support for HTML Triggers
|
| Recognition of XHTML informationCard tag as a Selector trigger
| Information Card Browser Add-On
| Established (I1)
| I4:FeatureTest-Browser Add-On Support for XHTML Triggers
|
| Recognition of an Relying Party-specified issuerPolicy location from HTML OBJECT tag
| Information Card Browser Add-On
| Established (I1)
| I4:FeatureTest-Browser Add-On Recognition of RPSTS Endpoint
|
| Recognition of an Relying Party-specified issuerPolicy location from XHTML informationCard tag
| Information Card Browser Add-On
| Established (I1)
| I4:FeatureTest-Selector Display of RP Privacy Policy
|
| Recognition of Privacy Policy and Privacy Version
| Information Card Browser Add-On
| Established (I2)
| I4:FeatureTest-Selector Display of RP Privacy Policy
|
| Recognition of basic Selector trigger objects submitted via HTML form
| Information Card Browser Add-On
| Established (I1)
| I4:FeatureTest-Browser Add-On Support for HTML Object Input Tag Form Submission
|
| Recognition of basic Selector trigger objects submitted via JavaScript
| Information Card Browser Add-On
| Established (I2)
| I4:FeatureTest-Browser Add-On Support for JavaScript Form Submission
|
| Recognition of DOM-only Selector trigger objects submitted via JavaScript
| Information Card Browser Add-On
| Established (I2)
| I4:FeatureTest-Browser Add-On Support for DOM-only Form Submission
|
| Programmatic detection of Identity Selector via isInstalled method
| Information Card Browser Add-On
| Established (I1)
| Implementation priority: low
|
| Enable Selector Disablement During Denial of Service
| Information Card Browser Add-On
| Established (I3)
| I4:FeatureTest-Browser Add-On DOS Avoidance
|
| Browser-based advertisement of Identity Selector presence
| Information Card Browser Add-On
| Emerging
| Implementation priority: med
|
| Browser-based advertisement of Identity Selector capabilities
| Information Card Browser Add-On
| Emerging
| Implementation priority: low
|
| Verifies that Frame Domain and Scheme Match Root Frame
| Information Card Browser Add-On
| Emerging (I4)
| I4:FeatureTest-Browser Add-On Verifies that Frame Domain and Scheme Match Root Frame
|
| Recognizes Relying Parties using HTTP
| Information Card Browser Add-On
| Established (I2)
| I4:FeatureTest-Browser Add-On Use at Relying Party using HTTP
|
| Support for Multiple selectable object tags on page
| Information Card Browser Add-On
| Established (I3)
| I4:FeatureTest-Browser Add-On Detection of Multiple Trigger Objects
|
| Behaviour When No Selector Installed
| Information Card Browser Add-On
| Emerging (I4)
| I4:FeatureTest-Browser Add-On Behaviour When No Selector Present
|
| Binary install package for Browser Add-on available
| Information Card Browser Add-On
| Emerging
| Implementation priority: low
|
| Identity Selector independence
| Information Card Browser Add-On
| Established (I1)
| Implementation priority: low
|
| Creation of Managed Card backed by a Self-Issued Information Card
| Information Card Identity Provider
| Established (I1)
| I4:FeatureTest-IdP Support for Managed Cards backed by Self-Issued Card
|
| Creation of Managed Card backed by X.509 certificate
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Creation of Managed Card backed by Kerberos
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Creation of Managed Card backed by Username and Password
| Information Card Identity Provider
| Established (I1)
| I4:FeatureTest-IdP Support for Managed Cards backed by Username and Password
|
| Use of a Managed Card backed by a Self-Issued Information Card
| Information Card Identity Provider
| Established (I1)
| I4:FeatureTest-IdP Support for Managed Cards backed by Self-Issued Card
|
| Use of a Managed Card backed by an X.509 certificate
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Use of a Managed Card backed by Kerberos
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Use of a Managed Card backed by Username and Password
| Information Card Identity Provider
| Established (I1)
| I4:FeatureTest-IdP Support for Managed Cards backed by Username and Password
|
| Relying Party AppliesTo information always used in token returned from use of Auditing Managed Cards
| Information Card Identity Provider
| Emerging
| Implementation priority: high
|
| AppliesTo information used, if supplied, in token returned from use of Auditing-Optional Managed Cards
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Use of ClientPseudonym information in token returned from use of Non-Auditing Managed Cards
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Identity Provider uses Transport Binding to secure SOAP message
| Information Card Identity Provider
| Established (I1)
| Implementation priority: low
|
| Identity Provider uses Symmetric Binding to secure SOAP message
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Identity Provider uses Asymmetric Binding to secure SOAP message
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Identity Provider support for SOAP 1.1
| Information Card Identity Provider
| Established (I1)
| Implementation priority: low
|
| Identity Provider support for SOAP 1.2
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Identity Provider support for WS-Trust 1.2, WS-SecurityPolicy 1.1
| Information Card Identity Provider
| Established (I1)
| Implementation priority: low
|
| Identity Provider support for WS-Trust 1.3, WS-SecurityPolicy 1.2
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Support for multi-valued claims in Managed Cards
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Support for claims with attached attributes
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Capable of issuing SAML 1.0 tokens
| Information Card Identity Provider
| Established (I1)
| Implementation priority: medium
|
| Capable of issuing SAML 1.1 tokens
| Information Card Identity Provider
| Established (I1)
| Implementation priority: low
|
| Capable of issuing SAML 2.0 tokens
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Populate Display Token values for requested claims when requested by Identity Selector
| Information Card Identity Provider
| Established (I3)
| I4:FeatureTest-IdP Population of Display Token Values
|
| Issued Token contains valid AudienceRestrictionCondition restriction for SAML bearer tokens
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Ability to refuse to serve Relying Parties using HTTP
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Issued Token contains only the claims requested by Relying Party
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Identity Provider Recognizes Equivalence of the Multiple URIs for SAML 1.0 and 1.1 Tokens
| Information Card Identity Provider
| Emerging (I4)
| I4:FeatureTest-IdP Supports both Equivalent URIs for Cards using SAML 1.0 and 1.1 Tokens
|
| Returns token type requested by Relying Party
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Verify that all required claims are available at Identity Provider
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Identity Provider returns MissingAppliesTo SOAP Fault
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Identity Provider returns InvalidProofKey SOAP Fault
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Identity Provider returns UnknownInformationCardReference SOAP Fault
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Identity Provider returns FailedRequiredClaims SOAP Fault
| Information Card Identity Provider
| Emerging
| Implementation priority: medium
|
| Identity Provider returns InformationCardRefreshRequired SOAP Fault
| Information Card Identity Provider
| Emerging
| Implementation priority: high
|
| Export of Managed Information Card in .crd Format
| Information Card Identity Provider
| Established (I1)
| I4:FeatureTest-IdP Creation of .crd Files
|
| Identity Provider has a domain name and does not require a cert to be installed
| Information Card Identity Provider
| Emerging
| Implementation priority: low
|
| Identity Provider login via Information Card
| Information Card Identity Provider
| Established (I2)
| Implementation priority: medium
|
| Identity Provider account creation via Information Card
| Information Card Identity Provider
| Established (I2)
| Implementation priority: low
|
| Basic use of Self-Issued Information Card
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector Use with Self-Issued Cards
|
| Basic use of PIN-protected Self-Issued Information Card
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector PIN-protection of Cards
|
| Basic use of Managed Card backed by Self-Issued Information Card
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector with card-backed Managed Cards
|
| Basic use of Managed Card backed by X.509 Certificate
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Support for Managed Card backed by X.509 Certificate
|
| Basic use of Managed Card backed by Kerberos
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Basic use of Managed Card backed by Username and Password
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector with UNPW-backed Managed Cards
|
| Support for Auditing Cards
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector Support for Auditing Cards
|
| Support for Auditing-Optional Cards
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Support for Auditing-Optional Cards
|
| Support for Non-Auditing Cards
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Support for Non-Auditing Cards
|
| Cards Supporting Multiple Token Types
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Cards Supporting Multiple Authentication Methods
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Support for Cards with Multiple Authentication Methods
|
| Import .crd file containing Managed Card
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector Import of .crd Files
|
| Export one or more Cards to .crds file
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector Export of .crds Files
|
| Import Cards from .crds file
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector Import of .crds Files
|
| Relying Party specific identifiers constructed for Self-Issued Cards and standard SSL Relying Party certificate
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Relying Party specific identifiers constructed for Self-Issued Cards and EV SSL Relying Party certificate
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector PPID Construction for RP using EV SSL
|
| Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo supplied
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Relying Party specific identifiers constructed for Self-Issued Cards when AppliesTo not supplied
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Retrieval and display of Display Token values for Managed Cards
| Information Card Identity Selector
| Established (I2)
| I4:FeatureTest-Selector Display of Managed Card Display Tokens
|
| Display Identity Provider Privacy Policy from Managed Card
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Display of IdP PrivacyPolicy
|
| Display Relying Party Privacy Policy
| Information Card Identity Selector
| Established (I2)
| I4:FeatureTest-Selector Display of RP Privacy Policy
|
| Display Relying Party Certificate Details on Initial Relying Party Site Access
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Notification of First Time Use of an RP
|
| Display Relying Party Certificate Details on Demand
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Display of RP Certificate Details on Demand
|
| Display Issuer Certificate Details on Card Import
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Display of Issuer Certificate Details on Card Import
|
| Display Fault Reason text from SOAP Faults
| Information Card Identity Selector
| Emerging
| Implementation priority: high
|
| Support for Identity Provider using Transport Binding to secure SOAP message
| Information Card Identity Selector
| Established (I1)
| I4:FeatureTest-Selector with UNPW-backed Managed Cards
|
| Support for Identity Provider using Message Security to secure SOAP message
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Support for Identity Provider using Message Security
|
| Support for Identity Provider using Symmetric Binding to secure SOAP message
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Support for Identity Provider using Asymmetric Binding to secure SOAP message
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Accept Policy Data from Relying Parties using Relying Party STS
| Information Card Identity Selector
| Established (I2)
| I4:FeatureTest-Selector Support for Relying Party STSs
|
| Accept Policy Data from Rich Client Application using a separate Relying Party
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Support for Rich Clients
|
| Accept Policy Data from Rich Client Application that is also the Relying Party
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Identity Selector support for SOAP 1.1
| Information Card Identity Selector
| Established (I1)
| Implementation priority: low (most Identity Providers already do this)
|
| Identity Selector support for WS-Trust 1.2, WS-SecurityPolicy 1.1
| Information Card Identity Selector
| Established (I1)
| Implementation priority: low (most Identity Providers already do this)
|
| Support for Editing Self-Issued Information Cards
| Information Card Identity Selector
| Established (I2)
| I4:FeatureTest-Selector Support for Editing Self-Issued Information Cards
|
| Notify user of need for Managed Information Card refresh
| Information Card Identity Selector
| Emerging
| Implementation priority: high
|
| Relying Party specific identifiers constructed for Self-Issued Cards at Relying Parties using HTTP
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Constructs Site-Specific Identifiers for Self-Issued Cards
|
| Support for Relying Parties using HTTP
| Information Card Identity Selector
| Established (I2)
| I4:FeatureTest-Selector Use at Relying Party using HTTP
|
| Identity Selector support for SOAP 1.2
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Identity Selector support for WS-Trust 1.3, WS-SecurityPolicy 1.2
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Support for WS-Trust 1.3 and WS-SecurityPolicy 1.2
|
| Enforcement of IdP choice to limit use of Card to only sites with SSL
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Support for RequireStrongRecipientIdentity
|
| Identity Selector informs user when an RP site Privacy Policy has Changed
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Notification of RP Privacy Policy Change
|
| ClientPseudonym for Auditing Managed Card remains the same after overwriting card in Selector
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Preserves MasterKey when Overwriting Card
|
| ClientPseudonym for Auditing Managed Card remains the same after updating card to newer version in Selector
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Preserves MasterKey when Updating Auditing Card
|
| ClientPseudonym for Non-Auditing Managed Card remains the same after updating card to newer version in Selector
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Preserves MasterKey when Updating Non-Auditing Card
|
| Verify AppliesTo information is present in Relying Party policy when Auditing Card used
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Verify AppliesTo information is not present in Relying Party policy when Non-Auditing Card used
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Verify format of .crd file prior to import
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Validate certificate signing .crd file prior to import
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Verify format of .crds file prior to import
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Verify passcode of .crds file prior to import
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Verify X.509 certificate associated with Identity Provider at time of Card use
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Verify Relying Party X.509 certificate at time of Card use
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Verify X.509 certificate associated with imported Card prior to importing
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Rejection of Nonvalidating Managed Card Certificate
|
| Behavior when an Identity Provider STS never responds to a request
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Behavior when a Relying Party STS never responds to a request
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Provide ability to disable Selector invocation to prevent denial of service by malicious relying parties
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Identity Selector DOS Avoidance
|
| Behavior when the relying party request contains no claims
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Behavior when the Relying Party request contains only optional claims
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Support for Information Card Refreshes
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Recognition of CardRefresh SOAP Fault
|
| Verify presence of backing Self-Issued Card
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Accept .crd File Containing Not-Understood Elements
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Accepts .crd File Containing Not-Understood Elements
|
| Accept .crds File Containing Not-Understood Elements
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Accepts .crds File Containing Not-Understood Elements
|
| Preserve Not-Understood Elements from .crd File
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Preserves Not-Understood Elements from .crd File
|
| Preserve Not-Understood Elements from .crds File
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Preserves Not-Understood Elements from .crds File
|
| Self-Issued Identity Provider Recognizes Equivalence of the Multiple URIs for SAML 1.0 and 1.1 Tokens
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Supports both Equivalent URIs for Self-Issued Cards using SAML 1.0 and 1.1 Tokens
|
| Warn User on attempt to Delete Self-Issued Card backing a Managed Card
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Warns User on attempt to Delete Self-Issued Card backing a Managed Card
|
| Binary install package for Identity Selector available
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Ability to PIN protect a Self-Issued Card
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector PIN-Protection of Self-Issued Card
|
| Ability to PIN protect a Managed Card
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector PIN-Protection of Managed Card
|
| Browser Independence
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Browser Independence
|
| Manual invocation of Selector by user for Card management functions
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Internationalization
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Identity Selector Informs User when a Site is being Used for the First Time
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Notification of First Time Use of an RP
|
| Relying Party site information shown during card selection
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Ability to select which optional claims to send
| Information Card Identity Selector
| Emerging
| Implementation priority: low
|
| Differentiate Extended Validation Certificates from Regular SSL Certificates for RPs
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Differentiates between Extended Validation Certificates and Regular SSL Certificates for RPs
|
| Differentiate Extended Validation Certificates from Regular SSL Certificates for IdPs
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Differentiates between Extended Validation Certificates and Regular SSL Certificates for IdPs
|
| Display Identity Provider Extended Validation certificate image during Card import if image is present
| Information Card Identity Selector
| Emerging
| Implementation priority: medium
|
| Display Issuer Information contained in Card
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Display of Issuer Information in Card
|
| Notify user on Card import if Card is already installed in Identity Selector
| Information Card Identity Selector
| Established (I3)
| I4:FeatureTest-Selector Preserves MasterKey when Overwriting Card
|
| Change Card Name
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Support for Changing Card Name
|
| Change Self-Issued Card Picture
| Information Card Identity Selector
| Emerging (I4)
| I4:FeatureTest-Selector Support for Changing Card Picture
|
| Accepts Self-Issued Cards
| Information Card Relying Party Features
| Established (I1)
| I4:FeatureTest-RP Acceptance of Self-Issued Cards
|
| Accepts Managed Cards
| Information Card Relying Party Features
| Established (I1)
| I4:FeatureTest-RP Acceptance of Managed Cards
|
| Accepts tokens with 256-bit KeySize
| Information Card Relying Party Features
| Established (I1)
| Implementation priority: low
|
| Accepts tokens with 128-bit KeySize
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Accepts tokens with legal whitespace in the signature
| Information Card Relying Party Features
| Emerging
| Implementation priority: medium
|
| Accepts expected multi-valued claims
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Handles claim values containing special characters and non-ASCII values
| Information Card Relying Party Features
| Established (I2)
| Implementation priority: medium
|
| Token with empty claim values
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Capable of accepting SAML 1.0 tokens
| Information Card Relying Party Features
| Established (I1)
| Implementation priority: low
|
| Capable of accepting SAML 1.1 tokens
| Information Card Relying Party Features
| Established (I2)
| Implementation priority: low
|
| Accepts SAML 2.0 tokens
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Supports use on HTTP sites
| Information Card Relying Party Features
| Established (I2)
| I4:FeatureTest-RP Support for HTTP
|
| Relying Party accepts Transport Binding to secure SOAP message
| Information Card Relying Party Features
| Established (I2)
| Implementation priority: low
|
| Relying Party accepts Symmetric Binding to secure SOAP message
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Relying Party uses Asymmetric Binding to secure SOAP message
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Relying Party support for SOAP 1.1
| Information Card Relying Party Features
| Established (I1)
| Implementation priority: low
|
| Relying Party support for SOAP 1.2
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Relying Party support for WS-Trust 1.2, WS-SecurityPolicy 1.1
| Information Card Relying Party Features
| Established (I1)
| Implementation priority: low
|
| Relying Party support for WS-Trust 1.3, WS-SecurityPolicy 1.2
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Accepts Unencrypted Tokens
| Information Card Relying Party Features
| Established
| Implementation priority: medium
|
| Confirms Audience Restriction value matches Relying Party in token from Identity Provider
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Verifies token signature
| Information Card Relying Party Features
| Emerging
| Implementation priority: medium
|
| Web based Relying Party verifies that token is a bearer token
| Information Card Relying Party Features
| Emerging
| Implementation priority: medium
|
| Relying Party Specifies Preference for type of Auditing Used
| Information Card Relying Party Features
| Emerging
| Implementation priority: not possible at this time
|
| Allows the proof key in the token to change between user interactions
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Different token type received than requested
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Token encrypted with an unsupported method
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| RSTR received with invalid WS-Trust Lifetime parameters
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Token with out-of-range SAML notBefore or notOnOrAfter elements
| Information Card Relying Party Features
| Emerging (I4)
| I4:FeatureTest-RP Rejection of Tokens Outside Reasonable Validity Windows
|
| SAML token without notBefore or notOnOrAfter elements
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Token with unrequested claims
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Token with claim name differing by case
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Token with non-matching claim name, such as including a trailing slash
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Verifies that claim namespaces returned in token match those requested
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Verifies that Token has InclusiveNamespaces element
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Verifies that Token is only using namespaces in InclusiveNamespaces list
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Ignores padding in token
| Information Card Relying Party Features
| Emerging
| Implementation priority: medium
|
| Unexpected multi-valued claims
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Received Token is missing required claims
| Information Card Relying Party Features
| Emerging
| Implementation priority: medium
|
| Relying Party recognizes equivalence of the multiple URIs for SAML 1.0 and 1.1 tokens
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| RP Sanitizes Received Claims To Prevent Injection Attacks
| Information Card Relying Party Features
| Established (I2)
| I4:FeatureTest-RP Sanitization of Claims Containing HTML Entities
|
| Behavior when No Identity Selector or Browser Add-On Installed
| Information Card Relying Party Features
| Emerging (I4)
| I4:FeatureTest-RP Behavior when No Identity Selector or Browser Add-On Installed
|
| Behavior when Browser Add-On Installed but Identity Selector Not Installed
| Information Card Relying Party Features
| Emerging (I4)
| I4:FeatureTest-RP Behavior when Browser Add-On Installed but Identity Selector Not Installed
|
| Behavior when Identity Selector Installed but Browser Add-on Not Installed
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Provides Validity Window for token times to allow for imperfect Clock Synchronization
| Information Card Relying Party Features
| Emerging (I4)
| I4:FeatureTest-RP Acceptance of Tokens Within Reasonable Validity Windows
|
| Relying Party has a domain name and does not require a cert to be installed
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| Information Card Icon used to indicate acceptance of Information Cards
| Information Card Relying Party Features
| Emerging
| Implementation priority: medium
|
| Relying Party account creation via Self-Issued Cards
| Information Card Relying Party Features
| Emerging
| Implementation priority: medium
|
| Relying Party account creation via Managed Cards
| Information Card Relying Party Features
| Emerging
| Implementation priority: low
|
| OpenID Provider support for OpenID 1.1
| OpenID Identity Provider
| Established (I2)
| I4:FeatureTest-OpenID Provider support for OpenID 1.1
|
| OpenID Provider support for OpenID 2.0
| OpenID Identity Provider
| Established (I2)
| I4:FeatureTest-OpenID Provider support for OpenID 2.0
|
| OpenID Provider support for Simple Registration
| OpenID Identity Provider
| Established (I2)
| I4:FeatureTest-OpenID Provider support for Simple Registration
|
| OpenID Provider support for Attribute Exchange
| OpenID Identity Provider
| Established (I2)
|
|
| OpenID Provider support for PAPE
| OpenID Identity Provider
| Established (I2)
|
|
| Provides Phishing-Resistant Authentication
| OpenID Identity Provider
| Established (I2)
| I4:FeatureTest-OpenID Provider Support for Phishing-Resistant Authentication
|
| Provides Multi-Factor Authentication
| OpenID Identity Provider
| Established (I2)
|
|
| Provides Multi-Factor-Physical Authentication
| OpenID Identity Provider
| Established (I2)
|
|
| Issues OpenID InfoCards
| OpenID Identity Provider
| Established (I2)
|
|
| Issues URL-based OpenIDs
| OpenID Identity Provider
| Established (I2)
|
|
| Issues i-name-based OpenIDs
| OpenID Identity Provider
| Established (I2)
|
|
| Directs user to use appropriate authentication methods to fulfill PAPE request
| OpenID Identity Provider
| Established (I2)
|
|
| Directs user to re-authenticate if current authentication can not fulfill PAPE request
| OpenID Identity Provider
| Established (I2)
|
|
| OpenID Provider login via Information Card
| OpenID Identity Provider
| Established (I2)
| I4:FeatureTest-OpenID Provider login via Information Card
|
| OpenID Provider account creation via Information Card
| OpenID Identity Provider
| Established (I2)
|
|
| OpenID Provider support for issuing Managed Information Cards
| OpenID Identity Provider
| Established (I2)
|
|
| OpenID Provider support for Identifier Select
| OpenID Identity Provider
| Emerging (I4)
| I4:FeatureTest-Provides support for Identifier Select
|
| OpenID Provider support for Delegated OpenIDs
| OpenID Identity Provider
| Emerging (I4)
| I4:FeatureTest-OpenID Provider support for Delegated OpenIDs
|
| OpenID Provider redirects http URLs to https URLs for discovery
| OpenID Identity Provider
| Emerging (I4)
| I4:FeatureTest-OpenID Provider redirects http URLs to https URLs for discovery
|
| OpenID Provider provides support for checkid_immediate
| OpenID Identity Provider
| Emerging (I4)
| I4:FeatureTest-Provides support for openID 2.0 checkid immediate
|
| OpenID Provider provides support for HMAC-SHA256
| OpenID Identity Provider
| Emerging (I4)
| I4:FeatureTest-Provides support for openID 2.0 HMAC-SHA256
|
| OpenID Provider rejects No-Encryption Association Sessions over http
| OpenID Identity Provider
| Emerging (I4)
|
|
| OpenID Provider validates the openid.return_to
| OpenID Identity Provider
| Emerging (I4)
|
|
| OpenID Provider sends a properly formated response nonce in its assertions
| OpenID Identity Provider
| Emerging (I4)
|
|
| OpenID Provider provides bookmarks for generating unsolicited positive assertions
| OpenID Identity Provider
| Emerging (I4)
|
|
| OpenID 2.0 Provider - Provides ID-WSF EPR token via Attribute Exchange
| OpenID Identity Provider
| Emerging (I4)
|
|
| OpenID Relying Party support for OpenID 1.1
| OpenID Relying Party
| Established (I2)
| I4:FeatureTest-OpenID RP Accepts OpenIDs from OpenID 1.1 OPs
|
| OpenID Relying Party support for OpenID 2.0
| OpenID Relying Party
| Established (I2)
| I4:FeatureTest-OpenID RP Accepts OpenIDs from OpenID 2.0 OPs
|
| OpenID Relying Party support for Simple Registration
| OpenID Relying Party
| Established (I2)
|
|
| OpenID Relying Party support for Attribute Exchange
| OpenID Relying Party
| Established (I2)
|
|
| OpenID Relying Party support for PAPE
| OpenID Relying Party
| Established (I2)
|
|
| Can request Phishing-Resistant Authentication
| OpenID Relying Party
| Established (I2)
|
|
| Can request Multi-Factor Authentication
| OpenID Relying Party
| Established (I2)
|
|
| Can request Multi-Factor-Physical Authentication
| OpenID Relying Party
| Established (I2)
|
|
| Accepts OpenID InfoCards
| OpenID Relying Party
| Established (I2)
|
|
| Accepts HTTPS:-based OpenIDs
| OpenID Relying Party
| Emerging (I4)
| I4:FeatureTest-OpenID RP Accepts HTTPS-based OpenIDs
|
| Accepts i-name-based OpenIDs
| OpenID Relying Party
| Established (I2)
| I4:FeatureTest-OpenID RP Accepts i-name-based OpenIDs
|
| OpenID RP Accepts i-name-based OpenIDs with Unicode characters
| OpenID Relying Party
| Established (I2)
| I4:FeatureTest-OpenID RP Accepts i-name-based OpenIDs with Unicode characters
|
| Display i-name that was verified rather than resulting i-number
| OpenID Relying Party
| Established (I2)
| I4:FeatureTest-OpenID RP Display i-name that was verified rather than resulting i-number
|
| OpenID Relying Party support for account creation via Simple Registration
| OpenID Relying Party
| Established (I2)
|
|
| OpenID Relying Party support for Identifier Select
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID 2.0 Relying Party openID 1.1 delegations via rel links
| OpenID Relying Party
| Emerging (I4)
| I4:FeatureTest-OpenID 2.0 Relying Party openID 1.1 delegations via rel links
|
| OpenID Relying Party Accepts Namespaced openID 1.1 delegations in XRDS documents
| OpenID Relying Party
| Emerging (I4)
| I4:FeatureTest-OpenID Relying Party Accepts Namespaced openID 1.1 delegations in XRDS documents
|
| OpenID 2.0 Relying Party openID 2.0 delegations via rel links
| OpenID Relying Party
| Emerging (I4)
| I4:FeatureTest-OpenID 2.0 Relying Party openID 2.0 delegations via rel links
|
| OpenID 2.0 Relying Party support for OpenID 2.0 delegation via XRDS
| OpenID Relying Party
| Emerging (I4)
| I4:FeatureTest-OpenID 2.0 Relying Party support for OpenID 2.0 delegation via XRDS
|
| OpenID Relying Party uses Claimed_ID as it's primary Key
| OpenID Relying Party
| Emerging (I4)
| I4:FeatureTest-OpenID Relying Party uses Claimed ID as its Primary Key
|
| OpenID Relying Party has HMAC-SHA256 support
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party Accepts unsolicited positive assertions
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party Publishes a XRDS document for its realm specifying the return to URL
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party validates the openid.return_to in the response
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party validates positive assertions against Discovered Information
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party validates an assertion with the same openid.response_nonce has not already been processed
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party validates the signature on the assertion is valid and all fields that are required to be signed are signed
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party sends Accept request-header specifying MIME media type, application/xrds+xml when performing discovery
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party follows XRDS level refs during resolution of XRI identifiers
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID Relying Party follows SEP level refs during resolution of XRI identifiers
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID 2.0 Relying Party Verify X.509 certificate associated with Identity Provider
| OpenID Relying Party
| Emerging (I4)
|
|
| OpenID 2.0 Relying Party Requests and Accepts ID-WSF EPR token via Attribute Exchange
| OpenID Relying Party
| Emerging (I4)
|
|
