Identity Metasystem Participants and Browser Flow
Before I show you how to support CardSpace from your ASP.NET web sites, Iâll explain the flow between participants in the Identity Metasystem and the Browser experience.
There are several key participants:
- Relying Party (RP)
This is the target site that relies on a specific set of claims to authenticate calls. In the context of this appendix, your ASP.NET web site would be the RP.
- Subject
This is the user described by a set of claims, for example the user logging in to your web site.
- Identity Provider (IP)
This party is responsible for generating a token that includes a set of claims describing the subject. They are the holder of those claims and must keep them secure. They must sign the token to prove that they are the party that supplied the claims.
- Windows CardSpace
For Windows machines, CardSpace provides local storage for personal and managed information cards that represent a list of claims. As I mentioned, the card does not contain the actual claim values. For personal cards, CardSpace supplies a local IP that securely stores the actual claims. Thus, in cases where personal cards are supported by the target site, CardSpace acts as both identity selector and IP.
Figure B-3 illustrates the interaction between each participant, assuming personal cards (from CardSpace) are supported. Users browse to a site that returns a login page supporting information cards. When the user clicks the âlogin using CardSpaceâ button, IE 7 ...
Get Learning WCF now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
