Interop Capabilities: Identity Agent
From OSIS Open Source Identity Systems
Note
- 'X' means "yes"
- blank means "no"
Edit History
- 2007.5.01 pd: removed line mentioning (1) XPCOM and (2) PPID is provably related to IdP public key
- 2007.4.30 pt: edited Higgins column
- 2007.4.16 mbj: Filled in CardSpace column
- 2007.4.4: pt: began to fill in Higgins column
- 2007.3.20: pd: created initial table
| Identity Agent Interop Feature Plan - 20 March 2007
| ||||||
| Feature | CardSpace | Safari Plug-In | Higgins | xmldap.org | IA E | |
| Object Parsing | ||||||
| Parses HTML object with type="application/x-informationCard" | X | X | X | X | ||
| Parse XHTML object ic:informationCard | X | X | X | Details? | ||
| Policy Discovery | ||||||
| Retrieval from HTML Object | X | X | X | |||
| Retrieval from XHTML Object | X | X | X | |||
| Retrieval from RP STS (using MEX) | X | |||||
| Browser Detection of Identity Agent | ||||||
| Support for InformationCardSigninHelper ActiveX Control (on Windows) | X |
| ||||
| The IdA is written such that an RP can add javascript to the served page to detect the presence of the IdA | X | X | X | |||
| Updates browser User Agent string by adding "??" | X | no, this is a bad idea | Details? | |||
| Personal Cards | ||||||
| General Support for Personal Cards | ||||||
| Personal Card Claim Set | ||||||
| Support for the CardSpace claim URIs | X | X | X | X | ||
| Support additional Claim URIs | ||||||
| Personal Card Signing & Encryption | ||||||
| Uses 128-bit encryption | this row should be deleted | X | ||||
| Uses 256-bit encryption | X | X | X | |||
| Personal Card Unlinkability | ||||||
| PPID is different for each RP | X | X | X | X | ||
| Managed Cards | ||||||
| General Support for Managed Cards | ||||||
| Managed Card Data Review | ||||||
| Can retrieve card data from an IdP and display to user | X | X | X | |||
| Managed Card Validation | ||||||
| Certificate embedded in the card is compared with certificate of the IdP | X | X | X | |||
| Managed Card Authentication Method Support | ||||||
| Supports username/password authentication to IdP | X | X | X | X | ||
| Supports X.509 certificate-based authentication to IdP | X | |||||
| Supports Kerberos based authentication to IdP | X | |||||
| Supports self-issued CardSpace card authentication to IdP | X | X | ||||
| Supports managed CardSpace card authentication to IdP | ||||||
| Managed Card Import | ||||||
| Can import a managed card from MSFT .crd formatted file | X | X | X | X | ||
| RP Site Authentication on first encounter | ||||||
| Displays Site information for any valid standard certificate | X | X | X | X | ||
| Displays Site information for any valid EV certificate | X | depends on getting EV cert | TBD | |||
| Notifies user of sites with invalid certificates | X | X | X | |||
| Displays Site Privacy Statement if "privacyURL" invocation parameter is present | X | |||||
| Card Mobility | ||||||
| Can import one or more cards from MSFT .crds formatted file | X | X | X | TBD | ||
| Can export one or more cards to MSFT .crds formatted file | X | X | X | TBD | ||
| Audit | ||||||
| Can view sites visited using a given card | X | X | ||||
| Agent Type | ||||||
| Local client | X | X | X | |||
| Browser extension | X | X | X | |||
| Remote client | X | |||||
| Triggered From | ||||||
| IE7 | X | |||||
| Firefox | X | X | X | |||
| Safari | X | |||||
| Other | possible | |||||
