my.info.card: my Infocard Identity Selector Plugin Development Blog

I just wanted to share with you the "browser" requirements for "browsers" to have the ability to invoke the Infocard Identity Selector (WinFX CTP Component).

For now, I know what the "browsers" should do. Would they do it... is another story altogether...

1. The browser InfoCard support code invokes the InfoCard identity selector, passing it parameter values supplied by the InfoCard HTML tag supplied by the site.
2. The user then uses the identity selector to choose an InfoCard, which represents a digital identity that can be used to authenticate at that site.
3. The Identity Selector uses the Identity Metasystem protocols to retrieve a security token representing the digital identity selected by the user from the STS at the identity provider for that identity.
4. The browser should post the token obtained back to the web site using a HTTP(S)/POST.
5. The web site validates the token, completing the user’s InfoCard-based authentication to the web site.
6. Following authentication, the web site would typically then write a client-side browser cookie and redirect the browser back to the protected page.

AH!! authentication, see... Infocard addresses "authentication" and NOT "authorization". I believe that my assumption is true. Could someone correct me if i'm wrong?