manukahn

Hi

I Tell my Customers about CardSpace and then they ask me how to build an identity provider, What are the best practices for the STS etc... and I Do not know

I found a lot of information about using the cards but None (Theory) about creating them and about building the STS for CardSpace cards. I asked in the forum but nothing !!! Is it a secret
I need more than samples I need the theory.
Thanks for your help
manu


Re: Windows CardSpace (InfoCard) Information about identity provider is missing

Wouter Veugelen

You can find tools and documentation for creating managed cards here: http://cardspace.netfx3.com/files/folders/samples_rc_1/entry5996.aspx

Tools and documentation regarding the STS you can find here: http://cardspace.netfx3.com/files/folders/samples_rc_1/entry6082.aspx

When downloading the zipfiles, a "Documentation" folder is always included. Don't expect all things to work directly though, I still didn't managed to setup a decent configuration with managed cards with username/password authentication, and with smartcard authentication after experimenting with managed cards and STS for more than 6 months.

Let's hope and wait until Ping Identity releases their Java based STS code, and hope it will work better out of the box than the one Microsoft has supplyed us.

regards





Re: Windows CardSpace (InfoCard) Information about identity provider is missing

manukahn

Hi

I have looked at all the examples in netfx.com :
1. They don't really work
2. They are not written for a real world scenario
3. I am looking for the theory behind the code.

The documentation there is only describing how to install the examples nothing more.

Thanks anyway

manu





Re: Windows CardSpace (InfoCard) Information about identity provider is missing

Wouter Veugelen

I'm writing a thesis about this stuff, I can email you a draft version.
Don't expect working samples from me though ;)




Re: Windows CardSpace (InfoCard) Information about identity provider is missing

manukahn

Hi

I would love to read your work

please send it to: manu@sela.co.il

thanks

manu





Re: Windows CardSpace (InfoCard) Information about identity provider is missing

Mfenetre

Additionnal info I've used :
http://www.nds.ruhr-uni-bochum.de/gajek/papers/OpGaHa07%20CardSpaceSecurity.pdf
http://download.microsoft.com/download/5/4/0/54091e0b-464c-4961-a934-d47f91b66228/infocard-techref-beta2-published.pdf





Re: Windows CardSpace (InfoCard) Information about identity provider is missing

Mfenetre

If you want another implementation of a STS, I encourage you to test Sergey Shishkin's STS implementation (based on Microsoft's one) :
http://staff.newtelligence.com/sergeys/ADC2006CardSpaceSample.aspx (link named "here").

It's great, you also have a web site which allows you to get an infocard (so you have a web-based interface, not a comand-line executable).