none
cardspace as issuedtoken vs cardspace as means to discover federated idp

    Question

  • Ok cardspace is dead. so ok! long live cardspace (as openid connect). But openid connect will never quite be cardspace, so tightly linked in with web services and bindings.

    So to whats left of cardspace-era mechanisms in dotnet 4,5

    What is the difference on the wire between a svc exposing wshttpbinding with issuedtoken credential type, and that same svc with a second endpoint bound to wsfederation where the sts address is "any" (logically invoking cardspace and idp selection, given claims metadata matching)?

    In the latter, full secureconversation supported by saml token ocCurs (with proof tokens). What about the former? Is it just a saml bearer token in a soap header, possiblly encrypted using the service cert for asymmetric key transport?


    Sunday, September 22, 2013 8:33 PM

All replies