Wednesday August 03, 2005
Wednesday August 03, 2005
How infocard and WS-* intersect: a concrete scenario.
It's been a while since I haven't posted anything on my quest to understand Microsoft's infocard. There's now substantially more information about it that a month ago so I had the opportunity to get a better idea of how infocard can be used and how do they relate to some of the WS-* specifications (like WS-Trust or WS-SecurityPolicy).
Below is a figure that describes a concrete sequence of steps that can take place between a client (e.g. a PC running Longhorn, sorry Vista) a relying party (a web service provider) and an identity provider.
Some explanations on the steps:
Step 1: The client application obtains (at design time or runtime) the relying party's policy.
Step 2: In this policy, RP indicates many things (like who the issuer is, the token type and the claims it needs). It also sets its authentication mechanism to the specific value "IssuedToken" (in the <SecurityToken> element which is defined in the newly released WS-SecurityPolicy specification). This will trigger the infocard system on the client.
Step 3: The ID Selector (part of the infocard system on the client) will match existing cards with the claims requested by the RP. It then lets the principal chose the appropriate card.
Step 4: The infocard system will then use the metadata contained in the card to contact the corresponding identity provider and obtain the security token and the needed claims (RST and RSTR are WS-Trust calls).
Step 5: The principal authenticates if necessary.
Step 6: The identity provider returns the appropriate security token with the claims that were requested.
Step 7: Finally the client application can access the RP using the token and claims it has just obtained.
One component I show here is not used: the Digital ID control panel. This panel is used to create local (i.e. self-issued) cards.
I've had the opportunity to show this diagram to some people in-the-know and they confirmed this was an accurate scenario (whewwww!) so I hope this might help some people understanding where infocard and the WS-* specs intersect.
Posted at 12:35AM Aug 03, 2005 by Hubert Le Van Gong in Identity | Comments[0]
The San Jose Grand Prix
Last Sunday we had the chance to host one of the Champ car races here in San Jose. The public came in force (over 150,000 for this 3 days event) and so did I: I took both my sons so they could experience a bit of the excitement of car racing as opposed to watch Formula 1 on TV. And boy! Did we get thrilled; we were along the fence and got to watch the cars zooming past us at about 150mph!
An interesting thing I noticed is that these cars are much less noisier than F1 cars. In fact the big difference is that F1 cars are a lot more in the high pitch range. I'm sure the main reasons is that an F1 engine will revve up to 19,000 rpm when a champ car will merely achieve 12,000 rpm. Also F1 is using V10 (at least for this year) not V8.
I had taken my D70 (digital SLR from Nikon) to play with and tried to capture some of these cars: not and easy task! Here are some of the pictures I took. Click on these thumbnails to get a bigger image.
|
|
|
|---|---|
|
|
|
|
|
|
|
|
|
